./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor86449654 <...> Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. execve("./syz-executor86449654", ["./syz-executor86449654"], 0x7ffd29e58500 /* 10 vars */) = 0 brk(NULL) = 0x5555559b1000 brk(0x5555559b1c40) = 0x5555559b1c40 arch_prctl(ARCH_SET_FS, 0x5555559b1300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555559b15d0) = 3632 set_robust_list(0x5555559b15e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f8193b51730, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8193b51e00}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f8193b517d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8193b51e00}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor86449654", 4096) = 26 brk(0x5555559d2c40) = 0x5555559d2c40 brk(0x5555559d3000) = 0x5555559d3000 mprotect(0x7f8193c13000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3632 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "3632", 4) = 4 close(3) = 0 getpid() = 3632 mkdir("./syzkaller.clsjtR", 0700) = 0 chmod("./syzkaller.clsjtR", 0777) = 0 chdir("./syzkaller.clsjtR") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3633 ./strace-static-x86_64: Process 3633 attached [pid 3633] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3633] chdir("./0") = 0 [pid 3633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3633] setpgid(0, 0) = 0 [pid 3633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3633] write(3, "1000", 4) = 4 [pid 3633] close(3) = 0 [pid 3633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3633] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3633] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3633] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3635 attached , parent_tid=[3635], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3635 [pid 3635] set_robust_list(0x7f8193b409e0, 24 [pid 3633] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] <... set_robust_list resumed>) = 0 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3635] memfd_create("syzkaller", 0) = 3 [pid 3635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3635] munmap(0x7f818b720000, 32768) = 0 [pid 3635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3635] close(3) = 0 [pid 3635] mkdir("./file0", 0777) = 0 [pid 3635] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3635] chdir("./file0") = 0 [pid 3635] ioctl(4, LOOP_CLR_FD) = 0 [pid 3635] close(4) = 0 [pid 3635] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3635] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3635] <... futex resumed>) = 0 [pid 3635] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3635] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3633] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3633] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3636], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3636 [pid 3633] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3635] <... futex resumed>) = 1 [pid 3635] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3635] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3636 attached [pid 3636] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3636] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3636] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] <... futex resumed>) = 0 [pid 3636] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3633] exit_group(0 [pid 3635] <... futex resumed>) = ? [pid 3633] <... exit_group resumed>) = ? [pid 3636] <... futex resumed>) = ? [pid 3635] +++ exited with 0 +++ [pid 3636] +++ exited with 0 +++ [pid 3633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3633, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 syzkaller login: [ 52.366477][ T3635] loop0: detected capacity change from 0 to 64 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3637 ./strace-static-x86_64: Process 3637 attached [pid 3637] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3637] chdir("./1") = 0 [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3637] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3637] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3638], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3638 [pid 3637] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3638 attached [pid 3638] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3638] memfd_create("syzkaller", 0) = 3 [pid 3638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3638] munmap(0x7f818b720000, 32768) = 0 [pid 3638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3638] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3638] close(3) = 0 [pid 3638] mkdir("./file0", 0777) = 0 [pid 3638] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3638] chdir("./file0") = 0 [pid 3638] ioctl(4, LOOP_CLR_FD) = 0 [pid 3638] close(4) = 0 [pid 3638] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3638] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... futex resumed>) = 0 [pid 3638] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3638] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3637] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3639], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3639 [pid 3637] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... futex resumed>) = 1 [pid 3638] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3638] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3638] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3639 attached [pid 3639] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3639] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3639] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] exit_group(0) = ? [pid 3638] <... futex resumed>) = ? [pid 3638] +++ exited with 0 +++ [pid 3639] <... futex resumed>) = ? [pid 3639] +++ exited with 0 +++ [pid 3637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3640 ./strace-static-x86_64: Process 3640 attached [pid 3640] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3640] chdir("./2") = 0 [pid 3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3640] setpgid(0, 0) = 0 [ 52.470608][ T3638] loop0: detected capacity change from 0 to 64 [pid 3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3640] write(3, "1000", 4) = 4 [pid 3640] close(3) = 0 [pid 3640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3640] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3640] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3640] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3641 attached , parent_tid=[3641], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3641 [pid 3641] set_robust_list(0x7f8193b409e0, 24 [pid 3640] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] <... set_robust_list resumed>) = 0 [pid 3640] <... futex resumed>) = 0 [pid 3640] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3641] memfd_create("syzkaller", 0) = 3 [pid 3641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3641] munmap(0x7f818b720000, 32768) = 0 [pid 3641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3641] close(3) = 0 [pid 3641] mkdir("./file0", 0777) = 0 [pid 3641] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3641] chdir("./file0") = 0 [pid 3641] ioctl(4, LOOP_CLR_FD) = 0 [pid 3641] close(4) = 0 [pid 3641] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3641] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3640] <... futex resumed>) = 0 [pid 3640] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3640] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] <... futex resumed>) = 0 [pid 3641] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3641] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3640] <... futex resumed>) = 0 [pid 3640] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3640] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3640] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3642], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3642 [pid 3640] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] <... futex resumed>) = 1 [pid 3641] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3641] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3641] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3642 attached [pid 3642] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3642] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3642] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3640] <... futex resumed>) = 0 [pid 3640] exit_group(0 [pid 3641] <... futex resumed>) = ? [pid 3640] <... exit_group resumed>) = ? [pid 3641] +++ exited with 0 +++ [pid 3642] <... futex resumed>) = ? [pid 3642] +++ exited with 0 +++ [pid 3640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3640, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3643 ./strace-static-x86_64: Process 3643 attached [pid 3643] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3643] chdir("./3") = 0 [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3643] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 52.547114][ T3641] loop0: detected capacity change from 0 to 64 [pid 3643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3643] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3643] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3644], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3644 [pid 3643] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3644 attached [pid 3644] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3644] memfd_create("syzkaller", 0) = 3 [pid 3644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3644] munmap(0x7f818b720000, 32768) = 0 [pid 3644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3644] close(3) = 0 [pid 3644] mkdir("./file0", 0777) = 0 [pid 3644] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3644] chdir("./file0") = 0 [pid 3644] ioctl(4, LOOP_CLR_FD) = 0 [pid 3644] close(4) = 0 [pid 3644] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = 0 [pid 3643] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] <... futex resumed>) = 1 [pid 3644] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3644] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = 0 [pid 3643] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3643] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3643] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3645], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3645 [pid 3643] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] <... futex resumed>) = 1 [pid 3644] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3644] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3645 attached ) = 0 [pid 3645] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3645] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3645] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = 0 [pid 3645] <... futex resumed>) = 1 [pid 3644] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] exit_group(0) = ? [pid 3644] <... futex resumed>) = ? [pid 3644] +++ exited with 0 +++ [pid 3645] +++ exited with 0 +++ [pid 3643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 52.618174][ T3644] loop0: detected capacity change from 0 to 64 [ 52.623648][ T3634] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3646 ./strace-static-x86_64: Process 3646 attached [pid 3646] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3646] chdir("./4") = 0 [pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3646] setpgid(0, 0) = 0 [pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3646] write(3, "1000", 4) = 4 [pid 3646] close(3) = 0 [pid 3646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3646] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3646] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3646] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3647 attached , parent_tid=[3647], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3647 [pid 3646] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3647] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3647] memfd_create("syzkaller", 0) = 3 [pid 3647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3647] munmap(0x7f818b720000, 32768) = 0 [pid 3647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3647] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3647] close(3) = 0 [pid 3647] mkdir("./file0", 0777) = 0 [pid 3647] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3647] chdir("./file0") = 0 [pid 3647] ioctl(4, LOOP_CLR_FD) = 0 [pid 3647] close(4) = 0 [pid 3647] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... futex resumed>) = 0 [pid 3646] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] <... futex resumed>) = 1 [pid 3647] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3647] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... futex resumed>) = 0 [pid 3646] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 1 [pid 3646] <... futex resumed>) = 0 [pid 3647] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3646] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... openat resumed>) = 5 [pid 3646] <... futex resumed>) = 0 [pid 3647] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3647] <... futex resumed>) = 0 [pid 3646] <... mmap resumed>) = 0x7f818b707000 [pid 3647] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3646] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3648], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3646] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] set_robust_list(0x7f818b7279e0, 24 [pid 3646] <... futex resumed>) = 0 [pid 3648] <... set_robust_list resumed>) = 0 [pid 3646] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3648] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] <... futex resumed>) = 0 [pid 3648] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] exit_group(0 [pid 3648] <... futex resumed>) = ? [pid 3647] <... futex resumed>) = ? [pid 3646] <... exit_group resumed>) = ? [pid 3647] +++ exited with 0 +++ [pid 3648] +++ exited with 0 +++ [pid 3646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 52.695893][ T3647] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3649 ./strace-static-x86_64: Process 3649 attached [pid 3649] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3649] chdir("./5") = 0 [pid 3649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3649] setpgid(0, 0) = 0 [pid 3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3649] write(3, "1000", 4) = 4 [pid 3649] close(3) = 0 [pid 3649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3649] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3649] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3649] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3650 attached , parent_tid=[3650], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3650 [pid 3650] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3649] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3650] memfd_create("syzkaller", 0) = 3 [pid 3650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3650] munmap(0x7f818b720000, 32768) = 0 [pid 3650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3650] close(3) = 0 [pid 3650] mkdir("./file0", 0777) = 0 [pid 3650] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3650] chdir("./file0") = 0 [pid 3650] ioctl(4, LOOP_CLR_FD) = 0 [pid 3650] close(4) = 0 [pid 3650] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3650] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3649] <... futex resumed>) = 0 [pid 3649] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3649] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 0 [pid 3650] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3650] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3649] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3649] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3649] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3651], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3651 [pid 3649] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... futex resumed>) = 1 [pid 3650] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3650] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3650] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3651 attached [pid 3651] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3651] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3651] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3649] <... futex resumed>) = 0 [pid 3649] exit_group(0 [pid 3650] <... futex resumed>) = ? [pid 3649] <... exit_group resumed>) = ? [pid 3651] +++ exited with 0 +++ [pid 3650] +++ exited with 0 +++ [pid 3649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3649, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 52.772068][ T3650] loop0: detected capacity change from 0 to 64 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3652 ./strace-static-x86_64: Process 3652 attached [pid 3652] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3652] chdir("./6") = 0 [pid 3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3652] setpgid(0, 0) = 0 [pid 3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3652] write(3, "1000", 4) = 4 [pid 3652] close(3) = 0 [pid 3652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3652] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3652] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3652] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3653], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3653 [pid 3652] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3653 attached [pid 3653] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3653] memfd_create("syzkaller", 0) = 3 [pid 3653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3653] munmap(0x7f818b720000, 32768) = 0 [pid 3653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3653] close(3) = 0 [pid 3653] mkdir("./file0", 0777) = 0 [pid 3653] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3653] chdir("./file0") = 0 [pid 3653] ioctl(4, LOOP_CLR_FD) = 0 [pid 3653] close(4) = 0 [pid 3653] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] <... futex resumed>) = 0 [pid 3652] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [pid 3653] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3653] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] <... futex resumed>) = 0 [pid 3652] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3653] <... futex resumed>) = 1 [pid 3652] <... mmap resumed>) = 0x7f818b707000 [pid 3652] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE [pid 3653] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3652] <... mprotect resumed>) = 0 [pid 3652] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3654], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3654 [pid 3652] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... openat resumed>) = 5 [pid 3653] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3653] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3654 attached [pid 3654] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3654] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3654] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3652] <... futex resumed>) = 0 [pid 3652] exit_group(0 [pid 3653] <... futex resumed>) = ? [pid 3652] <... exit_group resumed>) = ? [pid 3653] +++ exited with 0 +++ [pid 3654] +++ exited with 0 +++ [pid 3652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 52.836933][ T3653] loop0: detected capacity change from 0 to 64 [ 52.838463][ T3634] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3655 ./strace-static-x86_64: Process 3655 attached [pid 3655] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3655] chdir("./7") = 0 [pid 3655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3655] setpgid(0, 0) = 0 [pid 3655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3655] write(3, "1000", 4) = 4 [pid 3655] close(3) = 0 [pid 3655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3655] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3655] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3655] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3656 attached , parent_tid=[3656], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3656 [pid 3656] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3656] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3655] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3656] <... futex resumed>) = 0 [pid 3655] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3656] memfd_create("syzkaller", 0) = 3 [pid 3656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3656] munmap(0x7f818b720000, 32768) = 0 [pid 3656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3656] close(3) = 0 [pid 3656] mkdir("./file0", 0777) = 0 [pid 3656] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3656] chdir("./file0") = 0 [pid 3656] ioctl(4, LOOP_CLR_FD) = 0 [pid 3656] close(4) = 0 [pid 3656] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3655] <... futex resumed>) = 0 [pid 3655] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3656] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3655] <... futex resumed>) = 0 [pid 3655] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3656] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3655] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3656] <... openat resumed>) = 5 [pid 3655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3655] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3655] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3657], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3657 [pid 3655] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3656] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3657 attached [pid 3657] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3657] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3657] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3655] exit_group(0) = ? [pid 3657] <... futex resumed>) = ? [pid 3656] <... futex resumed>) = ? [pid 3657] +++ exited with 0 +++ [pid 3656] +++ exited with 0 +++ [pid 3655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3655, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3658 ./strace-static-x86_64: Process 3658 attached [pid 3658] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3658] chdir("./8") = 0 [pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3658] setpgid(0, 0) = 0 [ 52.922052][ T3656] loop0: detected capacity change from 0 to 64 [pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3658] write(3, "1000", 4) = 4 [pid 3658] close(3) = 0 [pid 3658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3658] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3658] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3658] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3659 attached [pid 3659] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3659] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3658] <... clone resumed>, parent_tid=[3659], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3659 [pid 3658] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3659] <... futex resumed>) = 0 [pid 3658] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3659] memfd_create("syzkaller", 0) = 3 [pid 3659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3659] munmap(0x7f818b720000, 32768) = 0 [pid 3659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3659] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3659] close(3) = 0 [pid 3659] mkdir("./file0", 0777) = 0 [pid 3659] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3659] chdir("./file0") = 0 [pid 3659] ioctl(4, LOOP_CLR_FD) = 0 [pid 3659] close(4) = 0 [pid 3659] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3659] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3658] <... futex resumed>) = 0 [pid 3658] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3659] <... futex resumed>) = 0 [pid 3658] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3659] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3659] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3659] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3658] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3658] <... futex resumed>) = 0 [pid 3659] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3658] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] <... openat resumed>) = 5 [pid 3658] <... futex resumed>) = 0 [pid 3659] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3659] <... futex resumed>) = 0 [pid 3659] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3658] <... mmap resumed>) = 0x7f818b707000 [pid 3658] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3658] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3660], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3660 [pid 3658] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3660 attached [pid 3660] set_robust_list(0x7f818b7279e0, 24 [pid 3658] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3660] <... set_robust_list resumed>) = 0 [pid 3660] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3660] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3658] <... futex resumed>) = 0 [pid 3658] exit_group(0 [pid 3659] <... futex resumed>) = ? [pid 3658] <... exit_group resumed>) = ? [pid 3659] +++ exited with 0 +++ [pid 3660] <... futex resumed>) = ? [pid 3660] +++ exited with 0 +++ [pid 3658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3658, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 [ 52.999765][ T3659] loop0: detected capacity change from 0 to 64 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3661 ./strace-static-x86_64: Process 3661 attached [pid 3661] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3661] chdir("./9") = 0 [pid 3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3661] setpgid(0, 0) = 0 [pid 3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3661] write(3, "1000", 4) = 4 [pid 3661] close(3) = 0 [pid 3661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3661] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3661] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3661] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3662], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3662 [pid 3661] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3662 attached [pid 3662] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3662] memfd_create("syzkaller", 0) = 3 [pid 3662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3662] munmap(0x7f818b720000, 32768) = 0 [pid 3662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3662] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3662] close(3) = 0 [pid 3662] mkdir("./file0", 0777) = 0 [pid 3662] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3662] chdir("./file0") = 0 [pid 3662] ioctl(4, LOOP_CLR_FD) = 0 [pid 3662] close(4) = 0 [pid 3662] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3661] <... futex resumed>) = 0 [pid 3662] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3661] <... futex resumed>) = 0 [pid 3661] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3662] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3662] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] <... futex resumed>) = 0 [pid 3661] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = 0 [pid 3661] <... futex resumed>) = 1 [pid 3662] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3661] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... openat resumed>) = 5 [pid 3661] <... futex resumed>) = 0 [pid 3662] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3662] <... futex resumed>) = 0 [pid 3661] <... mmap resumed>) = 0x7f818b707000 [pid 3662] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3661] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3663 attached , parent_tid=[3663], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3663 [pid 3663] set_robust_list(0x7f818b7279e0, 24 [pid 3661] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... set_robust_list resumed>) = 0 [pid 3661] <... futex resumed>) = 0 [pid 3663] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3661] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3663] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3663] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3661] <... futex resumed>) = 0 [pid 3663] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] exit_group(0 [pid 3663] <... futex resumed>) = ? [pid 3662] <... futex resumed>) = ? [pid 3661] <... exit_group resumed>) = ? [pid 3663] +++ exited with 0 +++ [pid 3662] +++ exited with 0 +++ [pid 3661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3664 ./strace-static-x86_64: Process 3664 attached [pid 3664] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3664] chdir("./10") = 0 [pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3664] setpgid(0, 0) = 0 [pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3664] write(3, "1000", 4) = 4 [pid 3664] close(3) = 0 [pid 3664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3664] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.086385][ T3662] loop0: detected capacity change from 0 to 64 [pid 3664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3664] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3664] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3665 attached , parent_tid=[3665], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3665 [pid 3664] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3665] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3665] memfd_create("syzkaller", 0) = 3 [pid 3665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3665] munmap(0x7f818b720000, 32768) = 0 [pid 3665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3665] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3665] close(3) = 0 [pid 3665] mkdir("./file0", 0777) = 0 [pid 3665] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3665] chdir("./file0") = 0 [pid 3665] ioctl(4, LOOP_CLR_FD) = 0 [pid 3665] close(4) = 0 [pid 3665] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3665] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... futex resumed>) = 0 [pid 3665] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3665] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3664] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3664] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3666], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3666 [pid 3664] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... futex resumed>) = 1 [pid 3665] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3665] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3666 attached [pid 3666] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3666] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3666] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = 0 [pid 3664] exit_group(0 [pid 3665] <... futex resumed>) = ? [pid 3664] <... exit_group resumed>) = ? [pid 3665] +++ exited with 0 +++ [pid 3666] <... futex resumed>) = ? [pid 3666] +++ exited with 0 +++ [pid 3664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3667 ./strace-static-x86_64: Process 3667 attached [pid 3667] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3667] chdir("./11") = 0 [pid 3667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3667] setpgid(0, 0) = 0 [pid 3667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 53.165938][ T3665] loop0: detected capacity change from 0 to 64 [pid 3667] write(3, "1000", 4) = 4 [pid 3667] close(3) = 0 [pid 3667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3667] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3667] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3667] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3668 attached [pid 3668] set_robust_list(0x7f8193b409e0, 24 [pid 3667] <... clone resumed>, parent_tid=[3668], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3668 [pid 3667] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] <... set_robust_list resumed>) = 0 [pid 3667] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3668] memfd_create("syzkaller", 0) = 3 [pid 3668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3668] munmap(0x7f818b720000, 32768) = 0 [pid 3668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3668] close(3) = 0 [pid 3668] mkdir("./file0", 0777) = 0 [pid 3668] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3668] chdir("./file0") = 0 [pid 3668] ioctl(4, LOOP_CLR_FD) = 0 [pid 3668] close(4) = 0 [pid 3668] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = 0 [pid 3668] <... futex resumed>) = 1 [pid 3667] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3667] <... futex resumed>) = 0 [pid 3668] <... openat resumed>) = 4 [pid 3667] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3667] <... futex resumed>) = 0 [pid 3668] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3667] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] <... openat resumed>) = 5 [pid 3667] <... futex resumed>) = 0 [pid 3668] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] <... futex resumed>) = 0 [pid 3667] <... futex resumed>) = 0 [pid 3668] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3667] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3667] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3669], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3669 [pid 3667] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3669 attached [pid 3669] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3669] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3669] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = 0 [pid 3667] exit_group(0 [pid 3668] <... futex resumed>) = ? [pid 3667] <... exit_group resumed>) = ? [pid 3668] +++ exited with 0 +++ [pid 3669] <... futex resumed>) = ? [pid 3669] +++ exited with 0 +++ [pid 3667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3667, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3670 attached , child_tidptr=0x5555559b15d0) = 3670 [pid 3670] set_robust_list(0x5555559b15e0, 24) = 0 [ 53.240888][ T3668] loop0: detected capacity change from 0 to 64 [pid 3670] chdir("./12") = 0 [pid 3670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3670] setpgid(0, 0) = 0 [pid 3670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3670] write(3, "1000", 4) = 4 [pid 3670] close(3) = 0 [pid 3670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3670] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3670] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3670] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3671], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3671 [pid 3670] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3671 attached [pid 3671] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3671] memfd_create("syzkaller", 0) = 3 [pid 3671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3671] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3671] munmap(0x7f818b720000, 32768) = 0 [pid 3671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3671] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3671] close(3) = 0 [pid 3671] mkdir("./file0", 0777) = 0 [pid 3671] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3671] chdir("./file0") = 0 [pid 3671] ioctl(4, LOOP_CLR_FD) = 0 [pid 3671] close(4) = 0 [pid 3671] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3671] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3670] <... futex resumed>) = 0 [pid 3670] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3670] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3671] <... futex resumed>) = 0 [pid 3671] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3671] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... futex resumed>) = 0 [pid 3670] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3670] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3670] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3672], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3672 [pid 3670] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3671] <... futex resumed>) = 1 [pid 3671] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3671] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3672 attached [pid 3672] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3672] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3672] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... futex resumed>) = 0 [pid 3670] exit_group(0) = ? [pid 3671] <... futex resumed>) = ? [pid 3671] +++ exited with 0 +++ [pid 3672] <... futex resumed>) = ? [pid 3672] +++ exited with 0 +++ [pid 3670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3670, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3673 ./strace-static-x86_64: Process 3673 attached [pid 3673] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3673] chdir("./13") = 0 [pid 3673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3673] setpgid(0, 0) = 0 [pid 3673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3673] write(3, "1000", 4) = 4 [pid 3673] close(3) = 0 [pid 3673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3673] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3673] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3673] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3674], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3674 [pid 3673] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3674 attached [pid 3674] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3674] memfd_create("syzkaller", 0) = 3 [ 53.326564][ T3671] loop0: detected capacity change from 0 to 64 [pid 3674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3674] munmap(0x7f818b720000, 32768) = 0 [pid 3674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3674] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3674] close(3) = 0 [pid 3674] mkdir("./file0", 0777) = 0 [pid 3674] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3674] chdir("./file0") = 0 [pid 3674] ioctl(4, LOOP_CLR_FD) = 0 [pid 3674] close(4) = 0 [pid 3674] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3674] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3673] <... futex resumed>) = 0 [pid 3673] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3673] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3674] <... futex resumed>) = 0 [pid 3674] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3674] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3673] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3673] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3673] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3675], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3675 [pid 3673] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3674] <... futex resumed>) = 1 [pid 3674] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3674] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3674] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3675 attached [pid 3675] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3675] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3675] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3673] exit_group(0 [pid 3674] <... futex resumed>) = ? [pid 3673] <... exit_group resumed>) = ? [pid 3674] +++ exited with 0 +++ [pid 3675] <... futex resumed>) = ? [pid 3675] +++ exited with 0 +++ [pid 3673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3673, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3676 ./strace-static-x86_64: Process 3676 attached [pid 3676] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3676] chdir("./14") = 0 [pid 3676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3676] setpgid(0, 0) = 0 [pid 3676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3676] write(3, "1000", 4) = 4 [pid 3676] close(3) = 0 [pid 3676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3676] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3676] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [ 53.390396][ T3674] loop0: detected capacity change from 0 to 64 [pid 3676] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3677 attached , parent_tid=[3677], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3677 [pid 3677] set_robust_list(0x7f8193b409e0, 24 [pid 3676] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3677] <... set_robust_list resumed>) = 0 [pid 3677] memfd_create("syzkaller", 0) = 3 [pid 3677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3677] munmap(0x7f818b720000, 32768) = 0 [pid 3677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3677] close(3) = 0 [pid 3677] mkdir("./file0", 0777) = 0 [pid 3677] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3677] chdir("./file0") = 0 [pid 3677] ioctl(4, LOOP_CLR_FD) = 0 [pid 3677] close(4) = 0 [pid 3677] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] <... futex resumed>) = 0 [pid 3676] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3677] <... futex resumed>) = 1 [pid 3677] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3677] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] <... futex resumed>) = 0 [pid 3676] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3676] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3676] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3678], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3678 [pid 3676] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3677] <... futex resumed>) = 1 [pid 3677] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3677] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3678 attached [pid 3678] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3678] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3678] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3676] <... futex resumed>) = 0 [pid 3676] exit_group(0) = ? [pid 3678] <... futex resumed>) = ? [pid 3678] +++ exited with 0 +++ [pid 3677] <... futex resumed>) = ? [pid 3677] +++ exited with 0 +++ [pid 3676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3676, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3679 ./strace-static-x86_64: Process 3679 attached [pid 3679] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3679] chdir("./15") = 0 [pid 3679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3679] setpgid(0, 0) = 0 [pid 3679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3679] write(3, "1000", 4) = 4 [pid 3679] close(3) = 0 [pid 3679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3679] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3679] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3679] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3680], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3680 [pid 3679] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3680 attached [pid 3680] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3680] memfd_create("syzkaller", 0) = 3 [pid 3680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [ 53.457707][ T3677] loop0: detected capacity change from 0 to 64 [pid 3680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3680] munmap(0x7f818b720000, 32768) = 0 [pid 3680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3680] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3680] close(3) = 0 [pid 3680] mkdir("./file0", 0777) = 0 [pid 3680] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3680] chdir("./file0") = 0 [pid 3680] ioctl(4, LOOP_CLR_FD) = 0 [pid 3680] close(4) = 0 [pid 3680] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... futex resumed>) = 0 [pid 3679] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] <... futex resumed>) = 1 [pid 3680] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3680] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... futex resumed>) = 0 [pid 3679] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3679] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3679] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3681], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3681 [pid 3679] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] <... futex resumed>) = 1 [pid 3680] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 ./strace-static-x86_64: Process 3681 attached [pid 3680] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3680] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3681] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3681] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... futex resumed>) = 0 [pid 3679] exit_group(0 [pid 3681] <... futex resumed>) = ? [pid 3679] <... exit_group resumed>) = ? [pid 3681] +++ exited with 0 +++ [pid 3680] <... futex resumed>) = ? [pid 3680] +++ exited with 0 +++ [pid 3679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3679, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 53.521358][ T3680] loop0: detected capacity change from 0 to 64 [ 53.527415][ T3634] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3682 ./strace-static-x86_64: Process 3682 attached [pid 3682] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3682] chdir("./16") = 0 [pid 3682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3682] setpgid(0, 0) = 0 [pid 3682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3682] write(3, "1000", 4) = 4 [pid 3682] close(3) = 0 [pid 3682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3682] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3682] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3682] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3683 attached [pid 3683] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3683] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3682] <... clone resumed>, parent_tid=[3683], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3683 [pid 3682] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3683] <... futex resumed>) = 0 [pid 3682] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3683] memfd_create("syzkaller", 0) = 3 [pid 3683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3683] munmap(0x7f818b720000, 32768) = 0 [pid 3683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3683] close(3) = 0 [pid 3683] mkdir("./file0", 0777) = 0 [pid 3683] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3683] chdir("./file0") = 0 [pid 3683] ioctl(4, LOOP_CLR_FD) = 0 [pid 3683] close(4) = 0 [pid 3683] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3683] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3682] <... futex resumed>) = 0 [pid 3682] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3683] <... futex resumed>) = 0 [pid 3682] <... futex resumed>) = 1 [pid 3683] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3682] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3683] <... openat resumed>) = 4 [pid 3683] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3682] <... futex resumed>) = 0 [pid 3683] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3682] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3683] <... openat resumed>) = 5 [pid 3682] <... futex resumed>) = 0 [pid 3683] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3683] <... futex resumed>) = 0 [pid 3682] <... futex resumed>) = 0 [pid 3683] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3682] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3682] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3684], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3684 [pid 3682] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3684 attached [pid 3684] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3684] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3684] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3682] exit_group(0 [pid 3683] <... futex resumed>) = ? [pid 3682] <... exit_group resumed>) = ? [pid 3683] +++ exited with 0 +++ [pid 3684] <... futex resumed>) = ? [pid 3684] +++ exited with 0 +++ [pid 3682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3682, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 53.601034][ T3683] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3685 ./strace-static-x86_64: Process 3685 attached [pid 3685] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3685] chdir("./17") = 0 [pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3685] setpgid(0, 0) = 0 [pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3685] write(3, "1000", 4) = 4 [pid 3685] close(3) = 0 [pid 3685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3685] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3685] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3685] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3686], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3686 ./strace-static-x86_64: Process 3686 attached [pid 3685] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3686] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3686] memfd_create("syzkaller", 0) = 3 [pid 3686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3686] munmap(0x7f818b720000, 32768) = 0 [pid 3686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3686] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3686] close(3) = 0 [pid 3686] mkdir("./file0", 0777) = 0 [pid 3686] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3686] chdir("./file0") = 0 [pid 3686] ioctl(4, LOOP_CLR_FD) = 0 [pid 3686] close(4) = 0 [pid 3686] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... futex resumed>) = 1 [pid 3686] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3686] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3685] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3685] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3687], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3687 [pid 3685] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... futex resumed>) = 1 [pid 3686] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3686] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3687] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3687] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = 0 [pid 3685] exit_group(0) = ? [pid 3686] <... futex resumed>) = ? [pid 3686] +++ exited with 0 +++ [pid 3687] <... futex resumed>) = ? [pid 3687] +++ exited with 0 +++ [pid 3685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3685, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3688 ./strace-static-x86_64: Process 3688 attached [pid 3688] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3688] chdir("./18") = 0 [pid 3688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3688] setpgid(0, 0) = 0 [pid 3688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3688] write(3, "1000", 4) = 4 [pid 3688] close(3) = 0 [pid 3688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3688] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3688] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3688] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3689], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3689 [pid 3688] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3689 attached [ 53.682697][ T3686] loop0: detected capacity change from 0 to 64 [pid 3689] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3689] memfd_create("syzkaller", 0) = 3 [pid 3689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3689] munmap(0x7f818b720000, 32768) = 0 [pid 3689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3689] close(3) = 0 [pid 3689] mkdir("./file0", 0777) = 0 [pid 3689] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3689] chdir("./file0") = 0 [pid 3689] ioctl(4, LOOP_CLR_FD) = 0 [pid 3689] close(4) = 0 [pid 3689] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3689] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3689] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3688] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE [pid 3689] <... openat resumed>) = 5 [pid 3688] <... mprotect resumed>) = 0 [pid 3689] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3689] <... futex resumed>) = 0 [pid 3689] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] <... clone resumed>, parent_tid=[3690], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3690 [pid 3688] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3690 attached [pid 3690] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3690] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3690] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = 0 [pid 3688] exit_group(0 [pid 3689] <... futex resumed>) = ? [pid 3688] <... exit_group resumed>) = ? [pid 3689] +++ exited with 0 +++ [pid 3690] <... futex resumed>) = ? [pid 3690] +++ exited with 0 +++ [pid 3688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3688, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3691 ./strace-static-x86_64: Process 3691 attached [ 53.750239][ T3689] loop0: detected capacity change from 0 to 64 [ 53.754093][ T3634] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 3691] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3691] chdir("./19") = 0 [pid 3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3691] setpgid(0, 0) = 0 [pid 3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3691] write(3, "1000", 4) = 4 [pid 3691] close(3) = 0 [pid 3691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3691] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3691] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3691] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3692], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3692 [pid 3691] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3692 attached [pid 3692] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3692] memfd_create("syzkaller", 0) = 3 [pid 3692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3692] munmap(0x7f818b720000, 32768) = 0 [pid 3692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3692] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3692] close(3) = 0 [pid 3692] mkdir("./file0", 0777) = 0 [pid 3692] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3692] chdir("./file0") = 0 [pid 3692] ioctl(4, LOOP_CLR_FD) = 0 [pid 3692] close(4) = 0 [pid 3692] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... futex resumed>) = 1 [pid 3692] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3692] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3691] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3691] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3693], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3693 [pid 3691] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... futex resumed>) = 1 [pid 3692] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3692] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3693 attached [pid 3693] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3693] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3693] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... futex resumed>) = 0 [pid 3691] exit_group(0) = ? [pid 3692] <... futex resumed>) = ? [pid 3692] +++ exited with 0 +++ [pid 3693] <... futex resumed>) = ? [pid 3693] +++ exited with 0 +++ [pid 3691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3694 [ 53.826763][ T3692] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 3694 attached [pid 3694] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3694] chdir("./20") = 0 [pid 3694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3694] setpgid(0, 0) = 0 [pid 3694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3694] write(3, "1000", 4) = 4 [pid 3694] close(3) = 0 [pid 3694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3694] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3694] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3694] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3695 attached , parent_tid=[3695], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3695 [pid 3695] set_robust_list(0x7f8193b409e0, 24 [pid 3694] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3695] <... set_robust_list resumed>) = 0 [pid 3695] memfd_create("syzkaller", 0) = 3 [pid 3695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3695] munmap(0x7f818b720000, 32768) = 0 [pid 3695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3695] close(3) = 0 [pid 3695] mkdir("./file0", 0777) = 0 [pid 3695] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3695] chdir("./file0") = 0 [pid 3695] ioctl(4, LOOP_CLR_FD) = 0 [pid 3695] close(4) = 0 [pid 3695] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = 0 [pid 3694] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] <... futex resumed>) = 1 [pid 3695] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3695] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = 0 [pid 3694] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3694] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3694] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3696], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3696 [pid 3694] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] <... futex resumed>) = 1 [pid 3695] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3695] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3696 attached [pid 3696] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3696] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3696] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = 0 [pid 3694] exit_group(0 [pid 3695] <... futex resumed>) = ? [pid 3694] <... exit_group resumed>) = ? [pid 3695] +++ exited with 0 +++ [pid 3696] <... futex resumed>) = ? [pid 3696] +++ exited with 0 +++ [pid 3694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3694, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 53.907758][ T3695] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3697 ./strace-static-x86_64: Process 3697 attached [pid 3697] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3697] chdir("./21") = 0 [pid 3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3697] setpgid(0, 0) = 0 [pid 3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3697] write(3, "1000", 4) = 4 [pid 3697] close(3) = 0 [pid 3697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3697] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3697] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3697] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3698], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3698 [pid 3697] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3698 attached [pid 3698] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3698] memfd_create("syzkaller", 0) = 3 [pid 3698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3698] munmap(0x7f818b720000, 32768) = 0 [pid 3698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3698] close(3) = 0 [pid 3698] mkdir("./file0", 0777) = 0 [pid 3698] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3698] chdir("./file0") = 0 [pid 3698] ioctl(4, LOOP_CLR_FD) = 0 [pid 3698] close(4) = 0 [pid 3698] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 0 [pid 3697] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3698] <... futex resumed>) = 1 [pid 3698] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3698] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 0 [pid 3697] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3697] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3697] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3699], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3699 [pid 3697] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3698] <... futex resumed>) = 1 [pid 3698] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3698] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3699 attached [pid 3699] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3699] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3699] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 0 [pid 3697] exit_group(0) = ? [pid 3698] <... futex resumed>) = ? [pid 3698] +++ exited with 0 +++ [pid 3699] <... futex resumed>) = ? [pid 3699] +++ exited with 0 +++ [pid 3697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3700 ./strace-static-x86_64: Process 3700 attached [pid 3700] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3700] chdir("./22") = 0 [pid 3700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3700] setpgid(0, 0) = 0 [pid 3700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3700] write(3, "1000", 4) = 4 [pid 3700] close(3) = 0 [pid 3700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3700] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3700] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3700] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3701], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3701 [pid 3700] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3701 attached [pid 3701] set_robust_list(0x7f8193b409e0, 24) = 0 [ 53.979263][ T3698] loop0: detected capacity change from 0 to 64 [pid 3701] memfd_create("syzkaller", 0) = 3 [pid 3701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3701] munmap(0x7f818b720000, 32768) = 0 [pid 3701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3701] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3701] close(3) = 0 [pid 3701] mkdir("./file0", 0777) = 0 [pid 3701] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3701] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3701] chdir("./file0") = 0 [pid 3701] ioctl(4, LOOP_CLR_FD) = 0 [pid 3701] close(4) = 0 [pid 3701] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3700] <... futex resumed>) = 0 [pid 3700] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3701] <... futex resumed>) = 1 [pid 3701] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3701] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3700] <... futex resumed>) = 0 [pid 3700] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3700] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3700] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3702], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3702 [pid 3700] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3701] <... futex resumed>) = 1 [pid 3701] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3701] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3702 attached [pid 3702] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3702] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3702] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3700] <... futex resumed>) = 0 [pid 3700] exit_group(0 [pid 3701] <... futex resumed>) = ? [pid 3700] <... exit_group resumed>) = ? [pid 3702] <... futex resumed>) = ? [pid 3701] +++ exited with 0 +++ [pid 3702] +++ exited with 0 +++ [pid 3700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3700, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3703 ./strace-static-x86_64: Process 3703 attached [ 54.044902][ T3701] loop0: detected capacity change from 0 to 64 [pid 3703] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3703] chdir("./23") = 0 [pid 3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3703] setpgid(0, 0) = 0 [pid 3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3703] write(3, "1000", 4) = 4 [pid 3703] close(3) = 0 [pid 3703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3703] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3703] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3703] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3704 attached , parent_tid=[3704], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3704 [pid 3703] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3704] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3703] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3704] memfd_create("syzkaller", 0) = 3 [pid 3704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3704] munmap(0x7f818b720000, 32768) = 0 [pid 3704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3704] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3704] close(3) = 0 [pid 3704] mkdir("./file0", 0777) = 0 [pid 3704] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3704] chdir("./file0") = 0 [pid 3704] ioctl(4, LOOP_CLR_FD) = 0 [pid 3704] close(4) = 0 [pid 3704] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3703] <... futex resumed>) = 0 [pid 3703] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3704] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3703] <... futex resumed>) = 0 [pid 3703] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3703] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3703] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3705], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3705 [pid 3703] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3704] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3704] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3705 attached [pid 3705] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3705] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3705] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... futex resumed>) = 0 [pid 3703] exit_group(0) = ? [pid 3705] <... futex resumed>) = ? [pid 3704] <... futex resumed>) = ? [pid 3704] +++ exited with 0 +++ [pid 3705] +++ exited with 0 +++ [pid 3703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3703, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3706 ./strace-static-x86_64: Process 3706 attached [pid 3706] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3706] chdir("./24") = 0 [pid 3706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3706] setpgid(0, 0) = 0 [pid 3706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3706] write(3, "1000", 4) = 4 [pid 3706] close(3) = 0 [pid 3706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3706] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3706] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3706] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3707 attached , parent_tid=[3707], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3707 [pid 3706] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.119356][ T3704] loop0: detected capacity change from 0 to 64 [pid 3706] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3707] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3707] memfd_create("syzkaller", 0) = 3 [pid 3707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3707] munmap(0x7f818b720000, 32768) = 0 [pid 3707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3707] close(3) = 0 [pid 3707] mkdir("./file0", 0777) = 0 [pid 3707] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3707] chdir("./file0") = 0 [pid 3707] ioctl(4, LOOP_CLR_FD) = 0 [pid 3707] close(4) = 0 [pid 3707] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3706] <... futex resumed>) = 0 [pid 3707] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3706] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... openat resumed>) = 4 [pid 3706] <... futex resumed>) = 0 [pid 3707] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3706] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3707] <... futex resumed>) = 0 [pid 3706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3707] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3706] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... openat resumed>) = 5 [pid 3706] <... futex resumed>) = 0 [pid 3707] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3706] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3706] <... futex resumed>) = 0 [pid 3707] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3706] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3706] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3708], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3708 [pid 3706] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3706] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3708 attached [pid 3708] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3708] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3708] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3706] <... futex resumed>) = 0 [pid 3706] exit_group(0 [pid 3707] <... futex resumed>) = ? [pid 3706] <... exit_group resumed>) = ? [pid 3707] +++ exited with 0 +++ [pid 3708] <... futex resumed>) = ? [pid 3708] +++ exited with 0 +++ [pid 3706] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3706, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3709 ./strace-static-x86_64: Process 3709 attached [pid 3709] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3709] chdir("./25") = 0 [pid 3709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3709] setpgid(0, 0) = 0 [pid 3709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3709] write(3, "1000", 4) = 4 [pid 3709] close(3) = 0 [pid 3709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3709] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3709] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [ 54.185429][ T3707] loop0: detected capacity change from 0 to 64 [pid 3709] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3710], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3710 [pid 3709] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3709] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3710 attached [pid 3710] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3710] memfd_create("syzkaller", 0) = 3 [pid 3710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3710] munmap(0x7f818b720000, 32768) = 0 [pid 3710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3710] close(3) = 0 [pid 3710] mkdir("./file0", 0777) = 0 [pid 3710] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3710] chdir("./file0") = 0 [pid 3710] ioctl(4, LOOP_CLR_FD) = 0 [pid 3710] close(4) = 0 [pid 3710] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3709] <... futex resumed>) = 0 [pid 3710] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3709] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3709] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3710] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3710] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... futex resumed>) = 0 [pid 3710] <... futex resumed>) = 1 [pid 3709] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3709] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3710] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3709] <... futex resumed>) = 0 [pid 3709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3710] <... openat resumed>) = 5 [pid 3709] <... mmap resumed>) = 0x7f818b707000 [pid 3710] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE [pid 3710] <... futex resumed>) = 0 [pid 3710] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3709] <... mprotect resumed>) = 0 [pid 3709] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3711 attached [pid 3711] set_robust_list(0x7f818b7279e0, 24 [pid 3709] <... clone resumed>, parent_tid=[3711], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3711 [pid 3709] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3709] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3711] <... set_robust_list resumed>) = 0 [pid 3711] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3711] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... futex resumed>) = 0 [pid 3709] exit_group(0) = ? [pid 3711] <... futex resumed>) = ? [pid 3710] <... futex resumed>) = ? [pid 3710] +++ exited with 0 +++ [pid 3711] +++ exited with 0 +++ [pid 3709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3709, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 54.253696][ T3710] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3712 ./strace-static-x86_64: Process 3712 attached [pid 3712] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3712] chdir("./26") = 0 [pid 3712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3712] setpgid(0, 0) = 0 [pid 3712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3712] write(3, "1000", 4) = 4 [pid 3712] close(3) = 0 [pid 3712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3712] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3712] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3712] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3713 attached , parent_tid=[3713], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3713 [pid 3712] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3713] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3713] memfd_create("syzkaller", 0) = 3 [pid 3713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3713] munmap(0x7f818b720000, 32768) = 0 [pid 3713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3713] close(3) = 0 [pid 3713] mkdir("./file0", 0777) = 0 [pid 3713] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3713] chdir("./file0") = 0 [pid 3713] ioctl(4, LOOP_CLR_FD) = 0 [pid 3713] close(4) = 0 [pid 3713] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3713] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3712] <... futex resumed>) = 0 [pid 3712] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3713] <... futex resumed>) = 0 [pid 3712] <... futex resumed>) = 1 [pid 3713] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3712] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3713] <... openat resumed>) = 4 [pid 3713] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3712] <... futex resumed>) = 0 [pid 3713] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3712] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3713] <... openat resumed>) = 5 [pid 3712] <... futex resumed>) = 0 [pid 3713] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3713] <... futex resumed>) = 0 [pid 3712] <... futex resumed>) = 0 [pid 3713] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3712] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3712] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3714], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3714 [pid 3712] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3714 attached [pid 3714] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3714] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3714] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = 0 [pid 3712] exit_group(0 [pid 3713] <... futex resumed>) = ? [pid 3712] <... exit_group resumed>) = ? [pid 3714] <... futex resumed>) = ? [pid 3713] +++ exited with 0 +++ [pid 3714] +++ exited with 0 +++ [pid 3712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3712, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3715 ./strace-static-x86_64: Process 3715 attached [pid 3715] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3715] chdir("./27") = 0 [pid 3715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3715] setpgid(0, 0) = 0 [pid 3715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3715] write(3, "1000", 4) = 4 [pid 3715] close(3) = 0 [pid 3715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3715] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3715] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3715] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3716], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3716 [pid 3715] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3715] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3716 attached [pid 3716] set_robust_list(0x7f8193b409e0, 24) = 0 [ 54.333579][ T3713] loop0: detected capacity change from 0 to 64 [pid 3716] memfd_create("syzkaller", 0) = 3 [pid 3716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3716] munmap(0x7f818b720000, 32768) = 0 [pid 3716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3716] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3716] close(3) = 0 [pid 3716] mkdir("./file0", 0777) = 0 [pid 3716] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3716] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3716] chdir("./file0") = 0 [pid 3716] ioctl(4, LOOP_CLR_FD) = 0 [pid 3716] close(4) = 0 [pid 3716] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3715] <... futex resumed>) = 0 [pid 3715] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3716] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3715] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3716] <... openat resumed>) = 4 [pid 3716] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3715] <... futex resumed>) = 0 [pid 3716] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3715] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3715] <... futex resumed>) = 0 [pid 3716] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3715] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3716] <... openat resumed>) = 5 [pid 3716] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3715] <... mmap resumed>) = 0x7f818b707000 [pid 3715] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE [pid 3716] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3715] <... mprotect resumed>) = 0 [pid 3715] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3717 attached , parent_tid=[3717], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3717 [pid 3717] set_robust_list(0x7f818b7279e0, 24 [pid 3715] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... set_robust_list resumed>) = 0 [pid 3715] <... futex resumed>) = 0 [pid 3717] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3715] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3717] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3717] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3715] <... futex resumed>) = 0 [pid 3715] exit_group(0 [pid 3716] <... futex resumed>) = ? [pid 3715] <... exit_group resumed>) = ? [pid 3716] +++ exited with 0 +++ [pid 3717] +++ exited with 0 +++ [pid 3715] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3715, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 54.398748][ T3716] loop0: detected capacity change from 0 to 64 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3718 ./strace-static-x86_64: Process 3718 attached [pid 3718] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3718] chdir("./28") = 0 [pid 3718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3718] setpgid(0, 0) = 0 [pid 3718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3718] write(3, "1000", 4) = 4 [pid 3718] close(3) = 0 [pid 3718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3718] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3718] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3718] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3719], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3719 [pid 3718] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3718] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3719 attached [pid 3719] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3719] memfd_create("syzkaller", 0) = 3 [pid 3719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3719] munmap(0x7f818b720000, 32768) = 0 [pid 3719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3719] close(3) = 0 [pid 3719] mkdir("./file0", 0777) = 0 [pid 3719] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3719] chdir("./file0") = 0 [pid 3719] ioctl(4, LOOP_CLR_FD) = 0 [pid 3719] close(4) = 0 [pid 3719] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3718] <... futex resumed>) = 0 [pid 3718] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3718] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3719] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3719] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3718] <... futex resumed>) = 0 [pid 3719] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3718] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3718] <... futex resumed>) = 0 [pid 3719] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3718] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3719] <... openat resumed>) = 5 [pid 3719] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] <... mmap resumed>) = 0x7f818b707000 [pid 3719] <... futex resumed>) = 0 [pid 3718] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE [pid 3719] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3718] <... mprotect resumed>) = 0 [pid 3718] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3720 attached [pid 3720] set_robust_list(0x7f818b7279e0, 24 [pid 3718] <... clone resumed>, parent_tid=[3720], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3720 [pid 3718] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3718] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3720] <... set_robust_list resumed>) = 0 [pid 3720] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3720] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] <... futex resumed>) = 0 [pid 3718] exit_group(0) = ? [pid 3719] <... futex resumed>) = ? [pid 3719] +++ exited with 0 +++ [pid 3720] <... futex resumed>) = ? [pid 3720] +++ exited with 0 +++ [pid 3718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3718, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3721 ./strace-static-x86_64: Process 3721 attached [pid 3721] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3721] chdir("./29") = 0 [ 54.469482][ T3719] loop0: detected capacity change from 0 to 64 [ 54.473049][ T3634] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 3721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3721] setpgid(0, 0) = 0 [pid 3721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3721] write(3, "1000", 4) = 4 [pid 3721] close(3) = 0 [pid 3721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3721] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3721] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3721] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3722], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3722 ./strace-static-x86_64: Process 3722 attached [pid 3721] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3722] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3721] <... futex resumed>) = 0 [pid 3721] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3722] memfd_create("syzkaller", 0) = 3 [pid 3722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3722] munmap(0x7f818b720000, 32768) = 0 [pid 3722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3722] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3722] close(3) = 0 [pid 3722] mkdir("./file0", 0777) = 0 [pid 3722] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3722] chdir("./file0") = 0 [pid 3722] ioctl(4, LOOP_CLR_FD) = 0 [pid 3722] close(4) = 0 [pid 3722] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3721] <... futex resumed>) = 0 [pid 3721] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3721] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3722] <... futex resumed>) = 1 [pid 3722] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3722] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3721] <... futex resumed>) = 0 [pid 3721] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3721] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3721] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3721] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3723], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3723 [pid 3721] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3721] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3722] <... futex resumed>) = 1 [pid 3722] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3722] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3723 attached [pid 3723] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3723] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3723] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3721] <... futex resumed>) = 0 [pid 3721] exit_group(0 [pid 3722] <... futex resumed>) = ? [pid 3721] <... exit_group resumed>) = ? [pid 3722] +++ exited with 0 +++ [pid 3723] +++ exited with 0 +++ [pid 3721] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3721, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3724 ./strace-static-x86_64: Process 3724 attached [ 54.544365][ T3722] loop0: detected capacity change from 0 to 64 [pid 3724] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3724] chdir("./30") = 0 [pid 3724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3724] setpgid(0, 0) = 0 [pid 3724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3724] write(3, "1000", 4) = 4 [pid 3724] close(3) = 0 [pid 3724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3724] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3724] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3724] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3725 attached [pid 3725] set_robust_list(0x7f8193b409e0, 24 [pid 3724] <... clone resumed>, parent_tid=[3725], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3725 [pid 3725] <... set_robust_list resumed>) = 0 [pid 3725] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3724] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3725] memfd_create("syzkaller", 0 [pid 3724] <... futex resumed>) = 0 [pid 3725] <... memfd_create resumed>) = 3 [pid 3724] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3725] munmap(0x7f818b720000, 32768) = 0 [pid 3725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3725] close(3) = 0 [pid 3725] mkdir("./file0", 0777) = 0 [pid 3725] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3725] chdir("./file0") = 0 [pid 3725] ioctl(4, LOOP_CLR_FD) = 0 [pid 3725] close(4) = 0 [pid 3725] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3724] <... futex resumed>) = 0 [pid 3725] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3724] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... openat resumed>) = 4 [pid 3724] <... futex resumed>) = 0 [pid 3724] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3725] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3724] <... futex resumed>) = 0 [pid 3724] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... futex resumed>) = 1 [pid 3724] <... futex resumed>) = 0 [pid 3725] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3724] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... openat resumed>) = 5 [pid 3724] <... futex resumed>) = 0 [pid 3725] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3725] <... futex resumed>) = 0 [pid 3724] <... mmap resumed>) = 0x7f818b707000 [pid 3725] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3724] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3724] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3726], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3726 [pid 3724] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3724] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3726 attached [pid 3726] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3726] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3726] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3724] <... futex resumed>) = 0 [pid 3724] exit_group(0 [pid 3725] <... futex resumed>) = ? [pid 3724] <... exit_group resumed>) = ? [pid 3725] +++ exited with 0 +++ [pid 3726] <... futex resumed>) = ? [pid 3726] +++ exited with 0 +++ [pid 3724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3724, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3727 ./strace-static-x86_64: Process 3727 attached [ 54.628024][ T3725] loop0: detected capacity change from 0 to 64 [pid 3727] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3727] chdir("./31") = 0 [pid 3727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3727] setpgid(0, 0) = 0 [pid 3727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3727] write(3, "1000", 4) = 4 [pid 3727] close(3) = 0 [pid 3727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3727] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3727] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3727] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3728 attached , parent_tid=[3728], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3728 [pid 3727] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3728] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3728] memfd_create("syzkaller", 0) = 3 [pid 3728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3728] munmap(0x7f818b720000, 32768) = 0 [pid 3728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3728] close(3) = 0 [pid 3728] mkdir("./file0", 0777) = 0 [pid 3728] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3728] chdir("./file0") = 0 [pid 3728] ioctl(4, LOOP_CLR_FD) = 0 [pid 3728] close(4) = 0 [pid 3728] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] <... futex resumed>) = 0 [pid 3727] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3728] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3728] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] <... futex resumed>) = 0 [pid 3728] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3727] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3727] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3728] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3727] <... futex resumed>) = 0 [pid 3727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3728] <... openat resumed>) = 5 [pid 3727] <... mmap resumed>) = 0x7f818b707000 [pid 3727] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3728] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3727] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3729 attached [pid 3728] <... futex resumed>) = 0 [pid 3727] <... clone resumed>, parent_tid=[3729], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3729 [pid 3727] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000 [pid 3728] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3727] <... futex resumed>) = 0 [pid 3727] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3729] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3729] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3729] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] <... futex resumed>) = 0 [pid 3729] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3727] exit_group(0 [pid 3729] <... futex resumed>) = ? [pid 3728] <... futex resumed>) = ? [pid 3727] <... exit_group resumed>) = ? [pid 3728] +++ exited with 0 +++ [pid 3729] +++ exited with 0 +++ [pid 3727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3727, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3730 ./strace-static-x86_64: Process 3730 attached [pid 3730] set_robust_list(0x5555559b15e0, 24) = 0 [ 54.715318][ T3728] loop0: detected capacity change from 0 to 64 [pid 3730] chdir("./32") = 0 [pid 3730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3730] setpgid(0, 0) = 0 [pid 3730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3730] write(3, "1000", 4) = 4 [pid 3730] close(3) = 0 [pid 3730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3730] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3730] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3730] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3731], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3731 [pid 3730] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3730] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3731 attached [pid 3731] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3731] memfd_create("syzkaller", 0) = 3 [pid 3731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3731] munmap(0x7f818b720000, 32768) = 0 [pid 3731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3731] close(3) = 0 [pid 3731] mkdir("./file0", 0777) = 0 [pid 3731] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3731] chdir("./file0") = 0 [pid 3731] ioctl(4, LOOP_CLR_FD) = 0 [pid 3731] close(4) = 0 [pid 3731] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3731] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3730] <... futex resumed>) = 0 [pid 3730] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3730] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3731] <... futex resumed>) = 0 [pid 3731] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3731] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3730] <... futex resumed>) = 0 [pid 3730] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3730] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3730] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3730] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3732], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3732 [pid 3730] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3730] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3731] <... futex resumed>) = 1 [pid 3731] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3731] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3731] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3732 attached [pid 3732] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3732] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3732] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3730] <... futex resumed>) = 0 [pid 3732] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3730] exit_group(0) = ? [pid 3732] <... futex resumed>) = ? [pid 3732] +++ exited with 0 +++ [pid 3731] <... futex resumed>) = ? [pid 3731] +++ exited with 0 +++ [pid 3730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3730, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3733 ./strace-static-x86_64: Process 3733 attached [pid 3733] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3733] chdir("./33") = 0 [pid 3733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3733] setpgid(0, 0) = 0 [ 54.789114][ T3731] loop0: detected capacity change from 0 to 64 [pid 3733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3733] write(3, "1000", 4) = 4 [pid 3733] close(3) = 0 [pid 3733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3733] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3733] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3733] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3734], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3734 [pid 3733] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3734 attached [pid 3734] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3734] memfd_create("syzkaller", 0) = 3 [pid 3734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3734] munmap(0x7f818b720000, 32768) = 0 [pid 3734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3734] close(3) = 0 [pid 3734] mkdir("./file0", 0777) = 0 [pid 3734] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3734] chdir("./file0") = 0 [pid 3734] ioctl(4, LOOP_CLR_FD) = 0 [pid 3734] close(4) = 0 [pid 3734] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3734] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 0 [pid 3734] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3734] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3733] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3733] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3735], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3735 [pid 3733] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3734] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3734] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3735 attached [pid 3735] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3735] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3735] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3735] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] <... futex resumed>) = 0 [pid 3733] exit_group(0) = ? [pid 3735] <... futex resumed>) = ? [pid 3735] +++ exited with 0 +++ [pid 3734] <... futex resumed>) = ? [pid 3734] +++ exited with 0 +++ [pid 3733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3733, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3736 ./strace-static-x86_64: Process 3736 attached [pid 3736] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3736] chdir("./34") = 0 [pid 3736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3736] setpgid(0, 0) = 0 [pid 3736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3736] write(3, "1000", 4) = 4 [pid 3736] close(3) = 0 [pid 3736] symlink("/dev/binderfs", "./binderfs") = 0 [ 54.870839][ T3734] loop0: detected capacity change from 0 to 64 [pid 3736] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3736] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3736] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3737], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3737 [pid 3736] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3736] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3737 attached [pid 3737] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3737] memfd_create("syzkaller", 0) = 3 [pid 3737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3737] munmap(0x7f818b720000, 32768) = 0 [pid 3737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3737] close(3) = 0 [pid 3737] mkdir("./file0", 0777) = 0 [pid 3737] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3737] chdir("./file0") = 0 [pid 3737] ioctl(4, LOOP_CLR_FD) = 0 [pid 3737] close(4) = 0 [pid 3737] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3736] <... futex resumed>) = 0 [pid 3736] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3736] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3737] <... futex resumed>) = 0 [pid 3737] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3737] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3736] <... futex resumed>) = 0 [pid 3736] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3736] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3736] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3736] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3738], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3738 [pid 3736] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3736] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3737] <... futex resumed>) = 1 [pid 3737] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3737] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3737] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3738 attached [pid 3738] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3738] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3738] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3736] <... futex resumed>) = 0 [pid 3736] exit_group(0 [pid 3737] <... futex resumed>) = ? [pid 3736] <... exit_group resumed>) = ? [pid 3737] +++ exited with 0 +++ [pid 3738] <... futex resumed>) = ? [pid 3738] +++ exited with 0 +++ [pid 3736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3736, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3739 attached , child_tidptr=0x5555559b15d0) = 3739 [pid 3739] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3739] chdir("./35") = 0 [pid 3739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3739] setpgid(0, 0) = 0 [pid 3739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3739] write(3, "1000", 4) = 4 [pid 3739] close(3) = 0 [pid 3739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3739] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3739] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [ 54.944548][ T3737] loop0: detected capacity change from 0 to 64 [pid 3739] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3740], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3740 ./strace-static-x86_64: Process 3740 attached [pid 3739] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3740] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3740] memfd_create("syzkaller", 0) = 3 [pid 3740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3740] munmap(0x7f818b720000, 32768) = 0 [pid 3740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3740] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3740] close(3) = 0 [pid 3740] mkdir("./file0", 0777) = 0 [pid 3740] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3740] chdir("./file0") = 0 [pid 3740] ioctl(4, LOOP_CLR_FD) = 0 [pid 3740] close(4) = 0 [pid 3740] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3740] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3739] <... futex resumed>) = 0 [pid 3739] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3739] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3740] <... futex resumed>) = 0 [pid 3740] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3740] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] <... futex resumed>) = 0 [pid 3739] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3739] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3739] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3740] <... futex resumed>) = 1 [pid 3740] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3739] <... clone resumed>, parent_tid=[3741], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3741 [pid 3740] <... openat resumed>) = 5 [pid 3739] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000 [pid 3740] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] <... futex resumed>) = 0 [pid 3740] <... futex resumed>) = 0 [pid 3739] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3740] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3741 attached [pid 3741] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3741] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3741] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3739] <... futex resumed>) = 0 [pid 3741] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3739] exit_group(0 [pid 3741] <... futex resumed>) = ? [pid 3740] <... futex resumed>) = ? [pid 3739] <... exit_group resumed>) = ? [pid 3741] +++ exited with 0 +++ [pid 3740] +++ exited with 0 +++ [pid 3739] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3739, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3742 ./strace-static-x86_64: Process 3742 attached [ 55.010170][ T3740] loop0: detected capacity change from 0 to 64 [pid 3742] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3742] chdir("./36") = 0 [pid 3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3742] setpgid(0, 0) = 0 [pid 3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3742] write(3, "1000", 4) = 4 [pid 3742] close(3) = 0 [pid 3742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3742] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3742] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3742] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3743], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3743 ./strace-static-x86_64: Process 3743 attached [pid 3743] set_robust_list(0x7f8193b409e0, 24 [pid 3742] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] <... set_robust_list resumed>) = 0 [pid 3742] <... futex resumed>) = 0 [pid 3742] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3743] memfd_create("syzkaller", 0) = 3 [pid 3743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3743] munmap(0x7f818b720000, 32768) = 0 [pid 3743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3743] close(3) = 0 [pid 3743] mkdir("./file0", 0777) = 0 [pid 3743] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3743] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3743] chdir("./file0") = 0 [pid 3743] ioctl(4, LOOP_CLR_FD) = 0 [pid 3743] close(4) = 0 [pid 3743] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3742] <... futex resumed>) = 0 [pid 3743] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3742] <... futex resumed>) = 0 [pid 3743] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3742] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3743] <... openat resumed>) = 4 [pid 3743] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3742] <... futex resumed>) = 0 [pid 3743] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3743] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3742] <... futex resumed>) = 0 [pid 3742] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3743] <... openat resumed>) = 5 [pid 3742] <... mmap resumed>) = 0x7f818b707000 [pid 3743] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE [pid 3743] <... futex resumed>) = 0 [pid 3743] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] <... mprotect resumed>) = 0 [pid 3742] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3744 attached , parent_tid=[3744], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3744 [pid 3742] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] set_robust_list(0x7f818b7279e0, 24 [pid 3742] <... futex resumed>) = 0 [pid 3744] <... set_robust_list resumed>) = 0 [pid 3742] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3744] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3744] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... futex resumed>) = 0 [pid 3742] exit_group(0) = ? [pid 3743] <... futex resumed>) = ? [pid 3744] <... futex resumed>) = ? [pid 3743] +++ exited with 0 +++ [pid 3744] +++ exited with 0 +++ [pid 3742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3742, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 [ 55.089637][ T3743] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3745 ./strace-static-x86_64: Process 3745 attached [pid 3745] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3745] chdir("./37") = 0 [pid 3745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3745] setpgid(0, 0) = 0 [pid 3745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3745] write(3, "1000", 4) = 4 [pid 3745] close(3) = 0 [pid 3745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3745] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3745] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3745] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3746], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3746 ./strace-static-x86_64: Process 3746 attached [pid 3745] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3745] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3746] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3746] memfd_create("syzkaller", 0) = 3 [pid 3746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3746] munmap(0x7f818b720000, 32768) = 0 [pid 3746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3746] close(3) = 0 [pid 3746] mkdir("./file0", 0777) = 0 [pid 3746] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3746] chdir("./file0") = 0 [pid 3746] ioctl(4, LOOP_CLR_FD) = 0 [pid 3746] close(4) = 0 [pid 3746] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3745] <... futex resumed>) = 0 [pid 3746] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3745] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3746] <... openat resumed>) = 4 [pid 3745] <... futex resumed>) = 0 [pid 3746] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3746] <... futex resumed>) = 0 [pid 3745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3746] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3745] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3746] <... openat resumed>) = 5 [pid 3745] <... futex resumed>) = 0 [pid 3746] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3746] <... futex resumed>) = 0 [pid 3745] <... futex resumed>) = 0 [pid 3746] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3745] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3745] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3747], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3747 [pid 3745] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3745] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3747 attached [pid 3747] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3747] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3747] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] <... futex resumed>) = 0 [pid 3745] exit_group(0 [pid 3746] <... futex resumed>) = ? [pid 3745] <... exit_group resumed>) = ? [pid 3746] +++ exited with 0 +++ [pid 3747] <... futex resumed>) = ? [pid 3747] +++ exited with 0 +++ [pid 3745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3745, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3748 ./strace-static-x86_64: Process 3748 attached [pid 3748] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3748] chdir("./38") = 0 [pid 3748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 55.176369][ T3746] loop0: detected capacity change from 0 to 64 [pid 3748] setpgid(0, 0) = 0 [pid 3748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3748] write(3, "1000", 4) = 4 [pid 3748] close(3) = 0 [pid 3748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3748] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3748] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3748] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3749], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3749 ./strace-static-x86_64: Process 3749 attached [pid 3748] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3748] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3749] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3749] memfd_create("syzkaller", 0) = 3 [pid 3749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3749] munmap(0x7f818b720000, 32768) = 0 [pid 3749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3749] close(3) = 0 [pid 3749] mkdir("./file0", 0777) = 0 [pid 3749] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3749] chdir("./file0") = 0 [pid 3749] ioctl(4, LOOP_CLR_FD) = 0 [pid 3749] close(4) = 0 [pid 3749] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... futex resumed>) = 0 [pid 3748] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3748] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3749] <... futex resumed>) = 1 [pid 3749] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3749] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... futex resumed>) = 0 [pid 3748] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3748] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3748] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3748] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3750], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3750 [pid 3748] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3748] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3749] <... futex resumed>) = 1 [pid 3749] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3749] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3749] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3750 attached [pid 3750] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3750] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3750] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... futex resumed>) = 0 [pid 3748] exit_group(0) = ? [pid 3749] <... futex resumed>) = ? [pid 3749] +++ exited with 0 +++ [pid 3750] <... futex resumed>) = ? [pid 3750] +++ exited with 0 +++ [pid 3748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3748, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3751 ./strace-static-x86_64: Process 3751 attached [pid 3751] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3751] chdir("./39") = 0 [pid 3751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3751] setpgid(0, 0) = 0 [pid 3751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3751] write(3, "1000", 4) = 4 [pid 3751] close(3) = 0 [pid 3751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3751] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3751] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3751] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3752 attached , parent_tid=[3752], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3752 [pid 3751] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3751] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3752] set_robust_list(0x7f8193b409e0, 24) = 0 [ 55.251489][ T3749] loop0: detected capacity change from 0 to 64 [pid 3752] memfd_create("syzkaller", 0) = 3 [pid 3752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3752] munmap(0x7f818b720000, 32768) = 0 [pid 3752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3752] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3752] close(3) = 0 [pid 3752] mkdir("./file0", 0777) = 0 [pid 3752] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3752] chdir("./file0") = 0 [pid 3752] ioctl(4, LOOP_CLR_FD) = 0 [pid 3752] close(4) = 0 [pid 3752] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3752] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3751] <... futex resumed>) = 0 [pid 3751] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3751] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3752] <... futex resumed>) = 0 [pid 3752] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3752] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] <... futex resumed>) = 0 [pid 3751] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000 [pid 3752] <... futex resumed>) = 1 [pid 3751] <... futex resumed>) = 0 [pid 3752] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3751] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3752] <... openat resumed>) = 5 [pid 3751] <... futex resumed>) = 0 [pid 3752] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3752] <... futex resumed>) = 0 [pid 3751] <... mmap resumed>) = 0x7f818b707000 [pid 3752] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3751] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3751] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3753], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3753 [pid 3751] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3751] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3753 attached [pid 3753] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3753] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3753] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] <... futex resumed>) = 0 [pid 3751] exit_group(0 [pid 3752] <... futex resumed>) = ? [pid 3751] <... exit_group resumed>) = ? [pid 3752] +++ exited with 0 +++ [pid 3753] <... futex resumed>) = ? [pid 3753] +++ exited with 0 +++ [pid 3751] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3751, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 [ 55.319306][ T3752] loop0: detected capacity change from 0 to 64 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3754 ./strace-static-x86_64: Process 3754 attached [pid 3754] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3754] chdir("./40") = 0 [pid 3754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3754] setpgid(0, 0) = 0 [pid 3754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3754] write(3, "1000", 4) = 4 [pid 3754] close(3) = 0 [pid 3754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3754] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3754] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3754] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3755], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3755 [pid 3754] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3754] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3755 attached [pid 3755] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3755] memfd_create("syzkaller", 0) = 3 [pid 3755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3755] munmap(0x7f818b720000, 32768) = 0 [pid 3755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3755] close(3) = 0 [pid 3755] mkdir("./file0", 0777) = 0 [pid 3755] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3755] chdir("./file0") = 0 [pid 3755] ioctl(4, LOOP_CLR_FD) = 0 [pid 3755] close(4) = 0 [pid 3755] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3754] <... futex resumed>) = 0 [pid 3754] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3754] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3755] <... futex resumed>) = 1 [pid 3755] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3755] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3754] <... futex resumed>) = 0 [pid 3754] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3754] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3754] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3754] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3756], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3756 [pid 3754] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3754] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3755] <... futex resumed>) = 1 [pid 3755] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3755] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3756 attached [pid 3756] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3756] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3756] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3754] <... futex resumed>) = 0 [pid 3754] exit_group(0) = ? [pid 3755] <... futex resumed>) = ? [pid 3755] +++ exited with 0 +++ [pid 3756] <... futex resumed>) = ? [pid 3756] +++ exited with 0 +++ [pid 3754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3754, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3757 ./strace-static-x86_64: Process 3757 attached [pid 3757] set_robust_list(0x5555559b15e0, 24) = 0 [pid 3757] chdir("./41") = 0 [pid 3757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3757] setpgid(0, 0) = 0 [pid 3757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3757] write(3, "1000", 4) = 4 [pid 3757] close(3) = 0 [pid 3757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3757] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3757] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3757] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3758 attached , parent_tid=[3758], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3758 [pid 3757] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3758] set_robust_list(0x7f8193b409e0, 24 [ 55.404407][ T3755] loop0: detected capacity change from 0 to 64 [pid 3757] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3758] <... set_robust_list resumed>) = 0 [pid 3758] memfd_create("syzkaller", 0) = 3 [pid 3758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3758] munmap(0x7f818b720000, 32768) = 0 [pid 3758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3758] close(3) = 0 [pid 3758] mkdir("./file0", 0777) = 0 [pid 3758] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3758] chdir("./file0") = 0 [pid 3758] ioctl(4, LOOP_CLR_FD) = 0 [pid 3758] close(4) = 0 [pid 3758] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] <... futex resumed>) = 0 [pid 3758] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3757] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... futex resumed>) = 0 [pid 3758] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3758] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... futex resumed>) = 0 [pid 3757] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3757] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3757] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3759], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3759 [pid 3757] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... futex resumed>) = 1 [pid 3758] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3758] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3758] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3759 attached [pid 3759] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3759] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3759] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... futex resumed>) = 0 [pid 3757] exit_group(0 [pid 3758] <... futex resumed>) = ? [pid 3757] <... exit_group resumed>) = ? [pid 3758] +++ exited with 0 +++ [pid 3759] <... futex resumed>) = ? [pid 3759] +++ exited with 0 +++ [pid 3757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3757, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555559ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555559b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559b15d0) = 3760 ./strace-static-x86_64: Process 3760 attached [pid 3760] set_robust_list(0x5555559b15e0, 24) = 0 [ 55.472033][ T3758] loop0: detected capacity change from 0 to 64 [pid 3760] chdir("./42") = 0 [pid 3760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3760] setpgid(0, 0) = 0 [pid 3760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3760] write(3, "1000", 4) = 4 [pid 3760] close(3) = 0 [pid 3760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3760] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8193b20000 [pid 3760] mprotect(0x7f8193b21000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3760] clone(child_stack=0x7f8193b403f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3761], tls=0x7f8193b40700, child_tidptr=0x7f8193b409d0) = 3761 [pid 3760] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3761 attached [pid 3761] set_robust_list(0x7f8193b409e0, 24) = 0 [pid 3761] memfd_create("syzkaller", 0) = 3 [pid 3761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f818b720000 [pid 3761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3761] munmap(0x7f818b720000, 32768) = 0 [pid 3761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3761] close(3) = 0 [pid 3761] mkdir("./file0", 0777) = 0 [pid 3761] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3761] chdir("./file0") = 0 [pid 3761] ioctl(4, LOOP_CLR_FD) = 0 [pid 3761] close(4) = 0 [pid 3761] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3761] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3760] <... futex resumed>) = 0 [pid 3760] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3760] futex(0x7f8193c1978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3761] <... futex resumed>) = 0 [pid 3761] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3761] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3760] <... futex resumed>) = 0 [pid 3760] futex(0x7f8193c19788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f818b707000 [pid 3760] mprotect(0x7f818b708000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3761] <... futex resumed>) = 1 [pid 3760] clone(child_stack=0x7f818b7273f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3762], tls=0x7f818b727700, child_tidptr=0x7f818b7279d0) = 3762 [pid 3760] futex(0x7f8193c19798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] futex(0x7f8193c1979c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3762 attached [pid 3761] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3762] set_robust_list(0x7f818b7279e0, 24) = 0 [pid 3762] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3762] futex(0x7f8193c1979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3760] <... futex resumed>) = 0 [pid 3762] <... futex resumed>) = 1 [pid 3762] futex(0x7f8193c19798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3761] <... openat resumed>) = 5 [pid 3761] futex(0x7f8193c1978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3761] futex(0x7f8193c19788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3760] exit_group(0) = ? [pid 3761] <... futex resumed>) = ? [pid 3761] +++ exited with 0 +++ [pid 3762] <... futex resumed>) = ? [pid 3762] +++ exited with 0 +++ [pid 3760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3760, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555559b2620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 [ 55.545103][ T3761] loop0: detected capacity change from 0 to 64 [ 55.547502][ T3634] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 55.597044][ T1091] ================================================================== [ 55.605154][ T1091] BUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x147/0x170 [ 55.612459][ T1091] Read of size 1 at addr ffff8880204501ce by task kworker/u4:5/1091 [ 55.620435][ T1091] [ 55.622765][ T1091] CPU: 0 PID: 1091 Comm: kworker/u4:5 Not tainted 6.1.0-syzkaller-00071-g3a28c2c89f4b #0 [ 55.632663][ T1091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 55.642715][ T1091] Workqueue: writeback wb_workfn (flush-7:0) [ 55.648722][ T1091] Call Trace: [ 55.651987][ T1091] [ 55.654990][ T1091] dump_stack_lvl+0xd1/0x138 [ 55.659593][ T1091] print_report+0x15e/0x45d [ 55.664270][ T1091] ? __phys_addr+0xc8/0x140 [ 55.668776][ T1091] ? hfs_strcmp+0x147/0x170 [ 55.673276][ T1091] kasan_report+0xbf/0x1f0 [ 55.677692][ T1091] ? hfs_strcmp+0x147/0x170 [ 55.682196][ T1091] hfs_strcmp+0x147/0x170 [ 55.686523][ T1091] hfs_cat_keycmp+0x17d/0x1d0 [ 55.691195][ T1091] ? hfs_cat_create+0xaa0/0xaa0 [ 55.696039][ T1091] __hfs_brec_find+0x1d0/0x4d0 [ 55.700893][ T1091] ? hfs_find_exit+0xd0/0xd0 [ 55.705481][ T1091] ? hfs_find_init+0x1c9/0x240 [ 55.710245][ T1091] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 55.715826][ T1091] hfs_brec_find+0x202/0x4e0 [ 55.720420][ T1091] ? __hfs_brec_find+0x4d0/0x4d0 [ 55.725357][ T1091] ? rcu_read_lock_sched_held+0x3e/0x70 [ 55.730905][ T1091] ? trace_kmalloc+0x35/0x100 [ 55.735585][ T1091] hfs_write_inode+0x349/0x980 [ 55.740401][ T1091] ? hfs_inode_write_fork+0x1c0/0x1c0 [ 55.745775][ T1091] ? find_held_lock+0x2d/0x110 [ 55.750544][ T1091] ? __writeback_single_inode+0x323/0x1440 [ 55.756355][ T1091] ? lock_downgrade+0x6e0/0x6e0 [ 55.761226][ T1091] ? do_raw_spin_lock+0x124/0x2b0 [ 55.766242][ T1091] __writeback_single_inode+0xcfc/0x1440 [ 55.771870][ T1091] writeback_sb_inodes+0x54d/0xf90 [ 55.776979][ T1091] ? sync_inode_metadata+0xe0/0xe0 [ 55.782086][ T1091] ? rcu_read_lock_sched_held+0x3e/0x70 [ 55.787631][ T1091] ? queue_io+0x427/0x600 [ 55.791967][ T1091] wb_writeback+0x2c5/0xd70 [ 55.796465][ T1091] ? __writeback_inodes_wb+0x280/0x280 [ 55.801921][ T1091] wb_workfn+0x2e0/0x12f0 [ 55.806249][ T1091] ? inode_wait_for_writeback+0x40/0x40 [ 55.811828][ T1091] ? lock_release+0x810/0x810 [ 55.816506][ T1091] ? lock_downgrade+0x6e0/0x6e0 [ 55.821353][ T1091] ? __switch_to+0x5d0/0x10e0 [ 55.826021][ T1091] process_one_work+0x9bf/0x1710 [ 55.830954][ T1091] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 55.836319][ T1091] ? rwlock_bug.part.0+0x90/0x90 [ 55.841245][ T1091] ? _raw_spin_lock_irq+0x45/0x50 [ 55.846447][ T1091] worker_thread+0x669/0x1090 [ 55.851213][ T1091] ? __kthread_parkme+0x163/0x220 [ 55.856246][ T1091] ? process_one_work+0x1710/0x1710 [ 55.861448][ T1091] kthread+0x2e8/0x3a0 [ 55.865601][ T1091] ? kthread_complete_and_exit+0x40/0x40 [ 55.871229][ T1091] ret_from_fork+0x1f/0x30 [ 55.875735][ T1091] [ 55.878749][ T1091] [ 55.881058][ T1091] Allocated by task 1091: [ 55.885368][ T1091] kasan_save_stack+0x22/0x40 [ 55.890046][ T1091] kasan_set_track+0x25/0x30 [ 55.894717][ T1091] __kasan_kmalloc+0xa5/0xb0 [ 55.899318][ T1091] __kmalloc+0x5a/0xd0 [ 55.903374][ T1091] hfs_find_init+0x95/0x240 [ 55.907864][ T1091] hfs_write_inode+0x225/0x980 [ 55.912620][ T1091] __writeback_single_inode+0xcfc/0x1440 [ 55.918268][ T1091] writeback_sb_inodes+0x54d/0xf90 [ 55.923366][ T1091] wb_writeback+0x2c5/0xd70 [ 55.927856][ T1091] wb_workfn+0x2e0/0x12f0 [ 55.932190][ T1091] process_one_work+0x9bf/0x1710 [ 55.937201][ T1091] worker_thread+0x669/0x1090 [ 55.941868][ T1091] kthread+0x2e8/0x3a0 [ 55.945920][ T1091] ret_from_fork+0x1f/0x30 [ 55.950329][ T1091] [ 55.952636][ T1091] The buggy address belongs to the object at ffff888020450180 [ 55.952636][ T1091] which belongs to the cache kmalloc-96 of size 96 [ 55.966501][ T1091] The buggy address is located 78 bytes inside of [ 55.966501][ T1091] 96-byte region [ffff888020450180, ffff8880204501e0) [ 55.979590][ T1091] [ 55.981903][ T1091] The buggy address belongs to the physical page: [ 55.988298][ T1091] page:ffffea0000811400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20450 [ 55.998437][ T1091] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 56.006000][ T1091] raw: 00fff00000000200 ffffea00005f3e40 dead000000000002 ffff888012041780 [ 56.014569][ T1091] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 56.023133][ T1091] page dumped because: kasan: bad access detected [ 56.029524][ T1091] page_owner tracks the page as allocated [ 56.035221][ T1091] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 9, tgid 9 (kworker/u4:0), ts 7013039595, free_ts 7011439514 [ 56.052834][ T1091] get_page_from_freelist+0x10b5/0x2d50 [ 56.058508][ T1091] __alloc_pages+0x1cb/0x5b0 [ 56.063106][ T1091] alloc_pages+0x1aa/0x270 [ 56.067539][ T1091] allocate_slab+0x25f/0x350 [ 56.072143][ T1091] ___slab_alloc+0xa91/0x1400 [ 56.076828][ T1091] __slab_alloc.constprop.0+0x56/0xa0 [ 56.082281][ T1091] __kmem_cache_alloc_node+0x199/0x3e0 [ 56.087735][ T1091] kmalloc_trace+0x26/0x60 [ 56.092144][ T1091] blk_mq_init_allocated_queue+0x1ad/0x1470 [ 56.098035][ T1091] blk_mq_init_queue+0xc7/0x150 [ 56.102900][ T1091] scsi_alloc_sdev+0x852/0xd90 [ 56.107655][ T1091] scsi_probe_and_add_lun+0x208b/0x34d0 [ 56.113211][ T1091] __scsi_scan_target+0x21f/0xda0 [ 56.118229][ T1091] scsi_scan_channel+0x148/0x1e0 [ 56.123155][ T1091] scsi_scan_host_selected+0x2e3/0x3b0 [ 56.128607][ T1091] do_scsi_scan_host+0x1e8/0x260 [ 56.133547][ T1091] page last free stack trace: [ 56.138210][ T1091] free_pcp_prepare+0x65c/0xd90 [ 56.143054][ T1091] free_unref_page_list+0x176/0xc40 [ 56.148255][ T1091] release_pages+0xc8a/0x1360 [ 56.152930][ T1091] tlb_batch_pages_flush+0xa8/0x1a0 [ 56.158206][ T1091] tlb_finish_mmu+0x14b/0x7e0 [ 56.162880][ T1091] exit_mmap+0x202/0x7b0 [ 56.167114][ T1091] __mmput+0x128/0x4c0 [ 56.171169][ T1091] mmput+0x60/0x70 [ 56.174876][ T1091] free_bprm+0x65/0x2e0 [ 56.179057][ T1091] kernel_execve+0x3fe/0x500 [ 56.183647][ T1091] call_usermodehelper_exec_async+0x2e7/0x580 [ 56.189833][ T1091] ret_from_fork+0x1f/0x30 [ 56.194244][ T1091] [ 56.196552][ T1091] Memory state around the buggy address: [ 56.202170][ T1091] ffff888020450080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 56.210219][ T1091] ffff888020450100: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 56.218440][ T1091] >ffff888020450180: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 56.226484][ T1091] ^ [ 56.232878][ T1091] ffff888020450200: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 56.240924][ T1091] ffff888020450280: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 56.248969][ T1091] ================================================================== [ 56.257335][ T1091] Kernel panic - not syncing: panic_on_warn set ... [ 56.263925][ T1091] CPU: 1 PID: 1091 Comm: kworker/u4:5 Not tainted 6.1.0-syzkaller-00071-g3a28c2c89f4b #0 [ 56.273896][ T1091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 56.283977][ T1091] Workqueue: writeback wb_workfn (flush-7:0) [ 56.290039][ T1091] Call Trace: [ 56.293297][ T1091] [ 56.296215][ T1091] dump_stack_lvl+0xd1/0x138 [ 56.300790][ T1091] panic+0x2cc/0x626 [ 56.304677][ T1091] ? panic_print_sys_info.part.0+0x110/0x110 [ 56.310654][ T1091] ? preempt_schedule_common+0x59/0xc0 [ 56.316364][ T1091] ? preempt_schedule_thunk+0x1a/0x1c [ 56.321729][ T1091] end_report.part.0+0x3f/0x7c [ 56.326504][ T1091] ? hfs_strcmp+0x147/0x170 [ 56.330991][ T1091] kasan_report.cold+0xa/0xf [ 56.335650][ T1091] ? hfs_strcmp+0x147/0x170 [ 56.340160][ T1091] hfs_strcmp+0x147/0x170 [ 56.344479][ T1091] hfs_cat_keycmp+0x17d/0x1d0 [ 56.349143][ T1091] ? hfs_cat_create+0xaa0/0xaa0 [ 56.353983][ T1091] __hfs_brec_find+0x1d0/0x4d0 [ 56.358752][ T1091] ? hfs_find_exit+0xd0/0xd0 [ 56.363430][ T1091] ? hfs_find_init+0x1c9/0x240 [ 56.368264][ T1091] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 56.373796][ T1091] hfs_brec_find+0x202/0x4e0 [ 56.378634][ T1091] ? __hfs_brec_find+0x4d0/0x4d0 [ 56.383574][ T1091] ? rcu_read_lock_sched_held+0x3e/0x70 [ 56.389110][ T1091] ? trace_kmalloc+0x35/0x100 [ 56.393776][ T1091] hfs_write_inode+0x349/0x980 [ 56.398526][ T1091] ? hfs_inode_write_fork+0x1c0/0x1c0 [ 56.403885][ T1091] ? find_held_lock+0x2d/0x110 [ 56.408635][ T1091] ? __writeback_single_inode+0x323/0x1440 [ 56.414426][ T1091] ? lock_downgrade+0x6e0/0x6e0 [ 56.419270][ T1091] ? do_raw_spin_lock+0x124/0x2b0 [ 56.424364][ T1091] __writeback_single_inode+0xcfc/0x1440 [ 56.429981][ T1091] writeback_sb_inodes+0x54d/0xf90 [ 56.435181][ T1091] ? sync_inode_metadata+0xe0/0xe0 [ 56.440454][ T1091] ? rcu_read_lock_sched_held+0x3e/0x70 [ 56.446005][ T1091] ? queue_io+0x427/0x600 [ 56.450317][ T1091] wb_writeback+0x2c5/0xd70 [ 56.454811][ T1091] ? __writeback_inodes_wb+0x280/0x280 [ 56.460344][ T1091] wb_workfn+0x2e0/0x12f0 [ 56.464675][ T1091] ? inode_wait_for_writeback+0x40/0x40 [ 56.470205][ T1091] ? lock_release+0x810/0x810 [ 56.474870][ T1091] ? lock_downgrade+0x6e0/0x6e0 [ 56.479710][ T1091] ? __switch_to+0x5d0/0x10e0 [ 56.484368][ T1091] process_one_work+0x9bf/0x1710 [ 56.489312][ T1091] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 56.494667][ T1091] ? rwlock_bug.part.0+0x90/0x90 [ 56.499585][ T1091] ? _raw_spin_lock_irq+0x45/0x50 [ 56.504619][ T1091] worker_thread+0x669/0x1090 [ 56.509472][ T1091] ? __kthread_parkme+0x163/0x220 [ 56.514507][ T1091] ? process_one_work+0x1710/0x1710 [ 56.519696][ T1091] kthread+0x2e8/0x3a0 [ 56.523753][ T1091] ? kthread_complete_and_exit+0x40/0x40 [ 56.529377][ T1091] ret_from_fork+0x1f/0x30 [ 56.533784][ T1091] [ 56.537261][ T1091] Kernel Offset: disabled [ 56.541601][ T1091] Rebooting in 86400 seconds..