./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3789022987 <...> DUID 00:04:dd:0f:a4:e5:cb:b8:04:95:2f:30:92:03:b3:b6:0d:bc forked to background, child pid 3208 [ 29.506117][ T3209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.515335][ T3209] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.118' (ECDSA) to the list of known hosts. execve("./syz-executor3789022987", ["./syz-executor3789022987"], 0x7fff303d6790 /* 10 vars */) = 0 brk(NULL) = 0x5555570ae000 brk(0x5555570aec40) = 0x5555570aec40 arch_prctl(ARCH_SET_FS, 0x5555570ae300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555570ae5d0) = 3630 set_robust_list(0x5555570ae5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f7be39ded90, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f7be39df460}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f7be39dee30, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f7be39df460}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3789022987", 4096) = 28 brk(0x5555570cfc40) = 0x5555570cfc40 brk(0x5555570d0000) = 0x5555570d0000 mprotect(0x7f7be3aa1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+memory", 7) = 7 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 syzkaller login: [ 67.920255][ T3630] cgroup: Unknown subsys name 'net' mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) [ 68.079345][ T3630] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 getpid() = 3630 mkdir("./syzkaller.bYUhlG", 0700) = 0 chmod("./syzkaller.bYUhlG", 0777) = 0 chdir("./syzkaller.bYUhlG") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3631 attached , child_tidptr=0x5555570ae5d0) = 3631 [pid 3631] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3631] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setsid() = 1 [pid 3631] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3631] unshare(CLONE_NEWNS) = 0 [pid 3631] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3631] unshare(CLONE_NEWIPC) = 0 [pid 3631] unshare(CLONE_NEWCGROUP) = 0 [pid 3631] unshare(CLONE_NEWUTS) = 0 [pid 3631] unshare(CLONE_SYSVSEM) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "16777216", 8) = 8 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "536870912", 9) = 9 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1024", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "8192", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1024", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1024", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3631] close(3) = 0 [pid 3631] getpid() = 1 [pid 3631] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3632] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... set_robust_list resumed>) = 0 [pid 3632] <... futex resumed>) = 0 [pid 3632] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3634] memfd_create("syzkaller", 0) = 3 [pid 3634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3634] munmap(0x7f7bdb400000, 32768) = 0 [pid 3634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3634] close(3) = 0 [pid 3634] mkdir("./file0", 0777) = 0 [pid 3634] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3634] chdir("./file0") = 0 [pid 3634] ioctl(4, LOOP_CLR_FD) = 0 [pid 3634] close(4) = 0 [pid 3634] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3634] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3632] <... futex resumed>) = 0 [pid 3632] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3634] <... futex resumed>) = 0 [pid 3634] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3632] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3634] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3632] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... futex resumed>) = 0 [pid 3632] <... futex resumed>) = 1 [pid 3634] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3632] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] <... openat resumed>) = 5 [pid 3634] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3632] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3632] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3635 attached , parent_tid=[4], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 4 [pid 3632] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] <... futex resumed>) = 0 [pid 3634] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3635] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3635] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3635] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3632] <... futex resumed>) = 0 [pid 3632] close(3) = 0 [pid 3635] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3632] close(4) = 0 [pid 3632] close(5) = 0 [pid 3632] close(6) = -1 EBADF (Bad file descriptor) [pid 3632] close(7) = -1 EBADF (Bad file descriptor) [pid 3632] close(8) = -1 EBADF (Bad file descriptor) [pid 3632] close(9) = -1 EBADF (Bad file descriptor) [pid 3632] close(10) = -1 EBADF (Bad file descriptor) [pid 3632] close(11) = -1 EBADF (Bad file descriptor) [pid 3632] close(12) = -1 EBADF (Bad file descriptor) [pid 3632] close(13) = -1 EBADF (Bad file descriptor) [pid 3632] close(14) = -1 EBADF (Bad file descriptor) [pid 3632] close(15) = -1 EBADF (Bad file descriptor) [pid 3632] close(16) = -1 EBADF (Bad file descriptor) [pid 3632] close(17) = -1 EBADF (Bad file descriptor) [pid 3632] close(18) = -1 EBADF (Bad file descriptor) [pid 3632] close(19) = -1 EBADF (Bad file descriptor) [pid 3632] close(20) = -1 EBADF (Bad file descriptor) [pid 3632] close(21) = -1 EBADF (Bad file descriptor) [pid 3632] close(22) = -1 EBADF (Bad file descriptor) [pid 3632] close(23) = -1 EBADF (Bad file descriptor) [pid 3632] close(24) = -1 EBADF (Bad file descriptor) [pid 3632] close(25) = -1 EBADF (Bad file descriptor) [pid 3632] close(26) = -1 EBADF (Bad file descriptor) [pid 3632] close(27) = -1 EBADF (Bad file descriptor) [pid 3632] close(28) = -1 EBADF (Bad file descriptor) [pid 3632] close(29) = -1 EBADF (Bad file descriptor) [pid 3632] exit_group(0 [pid 3635] <... futex resumed>) = ? [pid 3632] <... exit_group resumed>) = ? [pid 3635] +++ exited with 0 +++ [pid 3634] <... futex resumed>) = ? [ 68.326432][ T3634] loop0: detected capacity change from 0 to 64 [pid 3634] +++ exited with 0 +++ [pid 3632] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./0/binderfs") = 0 [pid 3631] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./0/cgroup") = 0 [pid 3631] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./0/cgroup.net") = 0 [pid 3631] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./0/file0") = 0 [pid 3631] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./0/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./0") = 0 [pid 3631] mkdir("./1", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3636 attached [pid 3636] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3636] chdir("./1" [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 5 [pid 3636] <... chdir resumed>) = 0 [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3636] setpgid(0, 0) = 0 [pid 3636] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3636] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3636] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3636] write(3, "1000", 4) = 4 [pid 3636] close(3) = 0 [pid 3636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3636] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3636] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3636] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3637 attached , parent_tid=[6], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 6 [pid 3637] set_robust_list(0x7f7be39cd9e0, 24 [pid 3636] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... set_robust_list resumed>) = 0 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3637] memfd_create("syzkaller", 0) = 3 [pid 3637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3637] munmap(0x7f7bdb400000, 32768) = 0 [pid 3637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3637] close(3) = 0 [pid 3637] mkdir("./file0", 0777) = 0 [pid 3637] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3637] chdir("./file0") = 0 [pid 3637] ioctl(4, LOOP_CLR_FD) = 0 [pid 3637] close(4) = 0 [pid 3637] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3636] <... futex resumed>) = 0 [pid 3637] <... openat resumed>) = 4 [pid 3636] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3636] <... futex resumed>) = 1 [pid 3637] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3636] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... openat resumed>) = 5 [pid 3636] <... futex resumed>) = 0 [pid 3637] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3637] <... futex resumed>) = 0 [pid 3636] <... mmap resumed>) = 0x7f7be398c000 [pid 3637] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3636] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 7 ./strace-static-x86_64: Process 3638 attached [pid 3636] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3638] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3638] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3638] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] close(3) = 0 [pid 3636] close(4) = 0 [pid 3636] close(5) = 0 [pid 3636] close(6) = -1 EBADF (Bad file descriptor) [pid 3636] close(7) = -1 EBADF (Bad file descriptor) [pid 3636] close(8) = -1 EBADF (Bad file descriptor) [pid 3636] close(9) = -1 EBADF (Bad file descriptor) [pid 3636] close(10) = -1 EBADF (Bad file descriptor) [pid 3636] close(11) = -1 EBADF (Bad file descriptor) [pid 3636] close(12) = -1 EBADF (Bad file descriptor) [pid 3636] close(13) = -1 EBADF (Bad file descriptor) [pid 3636] close(14) = -1 EBADF (Bad file descriptor) [pid 3636] close(15) = -1 EBADF (Bad file descriptor) [pid 3636] close(16) = -1 EBADF (Bad file descriptor) [pid 3636] close(17) = -1 EBADF (Bad file descriptor) [pid 3636] close(18) = -1 EBADF (Bad file descriptor) [pid 3636] close(19) = -1 EBADF (Bad file descriptor) [pid 3636] close(20) = -1 EBADF (Bad file descriptor) [pid 3636] close(21) = -1 EBADF (Bad file descriptor) [pid 3636] close(22) = -1 EBADF (Bad file descriptor) [pid 3636] close(23) = -1 EBADF (Bad file descriptor) [pid 3636] close(24) = -1 EBADF (Bad file descriptor) [pid 3636] close(25) = -1 EBADF (Bad file descriptor) [pid 3636] close(26) = -1 EBADF (Bad file descriptor) [pid 3636] close(27) = -1 EBADF (Bad file descriptor) [pid 3636] close(28) = -1 EBADF (Bad file descriptor) [pid 3636] close(29) = -1 EBADF (Bad file descriptor) [pid 3636] exit_group(0 [pid 3638] <... futex resumed>) = ? [pid 3637] <... futex resumed>) = ? [pid 3636] <... exit_group resumed>) = ? [pid 3638] +++ exited with 0 +++ [pid 3637] +++ exited with 0 +++ [pid 3636] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3631] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./1/binderfs") = 0 [pid 3631] umount2("./1/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./1/cgroup") = 0 [pid 3631] umount2("./1/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./1/cgroup.net") = 0 [ 68.445913][ T3637] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./1/file0") = 0 [pid 3631] umount2("./1/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./1/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./1") = 0 [pid 3631] mkdir("./2", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 8 ./strace-static-x86_64: Process 3639 attached [pid 3639] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3639] chdir("./2") = 0 [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3639] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3639] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3639] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3639] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3639] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[9], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 9 [pid 3639] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3640 attached [pid 3640] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3640] memfd_create("syzkaller", 0) = 3 [pid 3640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3640] munmap(0x7f7bdb400000, 32768) = 0 [pid 3640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3640] close(3) = 0 [pid 3640] mkdir("./file0", 0777) = 0 [pid 3640] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3640] chdir("./file0") = 0 [pid 3640] ioctl(4, LOOP_CLR_FD) = 0 [pid 3640] close(4) = 0 [pid 3640] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3640] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3639] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3639] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[10], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 10 [pid 3639] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3640] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3641 attached [pid 3641] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3641] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3641] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] close(3) = 0 [pid 3639] close(4) = 0 [pid 3639] close(5) = 0 [pid 3639] close(6) = -1 EBADF (Bad file descriptor) [pid 3639] close(7) = -1 EBADF (Bad file descriptor) [pid 3639] close(8) = -1 EBADF (Bad file descriptor) [pid 3639] close(9) = -1 EBADF (Bad file descriptor) [pid 3639] close(10) = -1 EBADF (Bad file descriptor) [pid 3639] close(11) = -1 EBADF (Bad file descriptor) [pid 3639] close(12) = -1 EBADF (Bad file descriptor) [pid 3639] close(13) = -1 EBADF (Bad file descriptor) [pid 3639] close(14) = -1 EBADF (Bad file descriptor) [pid 3639] close(15) = -1 EBADF (Bad file descriptor) [pid 3639] close(16) = -1 EBADF (Bad file descriptor) [pid 3639] close(17) = -1 EBADF (Bad file descriptor) [pid 3639] close(18) = -1 EBADF (Bad file descriptor) [pid 3639] close(19) = -1 EBADF (Bad file descriptor) [pid 3639] close(20) = -1 EBADF (Bad file descriptor) [pid 3639] close(21) = -1 EBADF (Bad file descriptor) [pid 3639] close(22) = -1 EBADF (Bad file descriptor) [pid 3639] close(23) = -1 EBADF (Bad file descriptor) [pid 3639] close(24) = -1 EBADF (Bad file descriptor) [pid 3641] <... futex resumed>) = 1 [pid 3639] close(25 [pid 3641] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3639] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3639] close(26) = -1 EBADF (Bad file descriptor) [pid 3639] close(27) = -1 EBADF (Bad file descriptor) [pid 3639] close(28) = -1 EBADF (Bad file descriptor) [pid 3639] close(29) = -1 EBADF (Bad file descriptor) [pid 3639] exit_group(0 [pid 3641] <... futex resumed>) = ? [pid 3640] <... futex resumed>) = ? [pid 3639] <... exit_group resumed>) = ? [pid 3640] +++ exited with 0 +++ [pid 3641] +++ exited with 0 +++ [pid 3639] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./2/binderfs") = 0 [pid 3631] umount2("./2/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./2/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./2/cgroup") = 0 [pid 3631] umount2("./2/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./2/cgroup.net") = 0 [pid 3631] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./2/file0") = 0 [pid 3631] umount2("./2/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./2/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./2") = 0 [pid 3631] mkdir("./3", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 11 ./strace-static-x86_64: Process 3642 attached [ 68.533940][ T3640] loop0: detected capacity change from 0 to 64 [pid 3642] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3642] chdir("./3") = 0 [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3642] setpgid(0, 0) = 0 [pid 3642] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3642] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3642] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3642] write(3, "1000", 4) = 4 [pid 3642] close(3) = 0 [pid 3642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3642] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3642] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[12], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 12 [pid 3642] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3643 attached [pid 3643] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3643] memfd_create("syzkaller", 0) = 3 [pid 3643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3643] munmap(0x7f7bdb400000, 32768) = 0 [pid 3643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3643] close(3) = 0 [pid 3643] mkdir("./file0", 0777) = 0 [pid 3643] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3643] chdir("./file0") = 0 [pid 3643] ioctl(4, LOOP_CLR_FD) = 0 [pid 3643] close(4) = 0 [pid 3643] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 1 [pid 3643] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3643] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3642] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3644 attached , parent_tid=[13], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 13 [pid 3642] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 1 [pid 3643] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3644] set_robust_list(0x7f7be39ac9e0, 24 [pid 3643] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3644] <... set_robust_list resumed>) = 0 [pid 3644] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3644] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3644] <... futex resumed>) = 1 [pid 3642] close(3 [pid 3644] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3642] <... close resumed>) = 0 [pid 3642] close(4) = 0 [pid 3642] close(5) = 0 [pid 3642] close(6) = -1 EBADF (Bad file descriptor) [pid 3642] close(7) = -1 EBADF (Bad file descriptor) [pid 3642] close(8) = -1 EBADF (Bad file descriptor) [pid 3642] close(9) = -1 EBADF (Bad file descriptor) [pid 3642] close(10) = -1 EBADF (Bad file descriptor) [pid 3642] close(11) = -1 EBADF (Bad file descriptor) [pid 3642] close(12) = -1 EBADF (Bad file descriptor) [pid 3642] close(13) = -1 EBADF (Bad file descriptor) [pid 3642] close(14) = -1 EBADF (Bad file descriptor) [pid 3642] close(15) = -1 EBADF (Bad file descriptor) [pid 3642] close(16) = -1 EBADF (Bad file descriptor) [pid 3642] close(17) = -1 EBADF (Bad file descriptor) [pid 3642] close(18) = -1 EBADF (Bad file descriptor) [pid 3642] close(19) = -1 EBADF (Bad file descriptor) [pid 3642] close(20) = -1 EBADF (Bad file descriptor) [pid 3642] close(21) = -1 EBADF (Bad file descriptor) [pid 3642] close(22) = -1 EBADF (Bad file descriptor) [pid 3642] close(23) = -1 EBADF (Bad file descriptor) [pid 3642] close(24) = -1 EBADF (Bad file descriptor) [pid 3642] close(25) = -1 EBADF (Bad file descriptor) [pid 3642] close(26) = -1 EBADF (Bad file descriptor) [pid 3642] close(27) = -1 EBADF (Bad file descriptor) [pid 3642] close(28) = -1 EBADF (Bad file descriptor) [pid 3642] close(29) = -1 EBADF (Bad file descriptor) [pid 3642] exit_group(0 [pid 3644] <... futex resumed>) = ? [pid 3643] <... futex resumed>) = ? [pid 3642] <... exit_group resumed>) = ? [pid 3644] +++ exited with 0 +++ [pid 3643] +++ exited with 0 +++ [pid 3642] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3631] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./3/binderfs") = 0 [pid 3631] umount2("./3/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./3/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./3/cgroup") = 0 [pid 3631] umount2("./3/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./3/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./3/cgroup.net") = 0 [ 68.614241][ T3643] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./3/file0") = 0 [pid 3631] umount2("./3/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./3/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./3/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./3") = 0 [pid 3631] mkdir("./4", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 14 ./strace-static-x86_64: Process 3645 attached [pid 3645] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3645] chdir("./4") = 0 [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3645] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3645] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3645] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3645] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3646 attached , parent_tid=[15], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 15 [pid 3646] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3645] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3646] memfd_create("syzkaller", 0) = 3 [pid 3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3646] munmap(0x7f7bdb400000, 32768) = 0 [pid 3646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3646] close(3) = 0 [pid 3646] mkdir("./file0", 0777) = 0 [pid 3646] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3646] chdir("./file0") = 0 [pid 3646] ioctl(4, LOOP_CLR_FD) = 0 [pid 3646] close(4) = 0 [pid 3646] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... futex resumed>) = 1 [pid 3646] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3646] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3645] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3647 attached [pid 3647] set_robust_list(0x7f7be39ac9e0, 24 [pid 3645] <... clone resumed>, parent_tid=[16], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 16 [pid 3645] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... set_robust_list resumed>) = 0 [pid 3645] <... futex resumed>) = 0 [pid 3647] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3645] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3647] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3647] <... futex resumed>) = 0 [pid 3647] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] <... futex resumed>) = 1 [pid 3646] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3646] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] close(3) = 0 [pid 3645] close(4) = 0 [pid 3645] close(5) = 0 [pid 3645] close(6) = -1 EBADF (Bad file descriptor) [pid 3645] close(7) = -1 EBADF (Bad file descriptor) [pid 3645] close(8) = -1 EBADF (Bad file descriptor) [pid 3645] close(9) = -1 EBADF (Bad file descriptor) [pid 3645] close(10) = -1 EBADF (Bad file descriptor) [pid 3645] close(11) = -1 EBADF (Bad file descriptor) [pid 3645] close(12) = -1 EBADF (Bad file descriptor) [pid 3645] close(13) = -1 EBADF (Bad file descriptor) [pid 3645] close(14) = -1 EBADF (Bad file descriptor) [pid 3645] close(15) = -1 EBADF (Bad file descriptor) [pid 3645] close(16) = -1 EBADF (Bad file descriptor) [pid 3645] close(17) = -1 EBADF (Bad file descriptor) [pid 3645] close(18) = -1 EBADF (Bad file descriptor) [pid 3645] close(19) = -1 EBADF (Bad file descriptor) [pid 3645] close(20) = -1 EBADF (Bad file descriptor) [pid 3645] close(21) = -1 EBADF (Bad file descriptor) [pid 3645] close(22) = -1 EBADF (Bad file descriptor) [pid 3645] close(23) = -1 EBADF (Bad file descriptor) [pid 3645] close(24) = -1 EBADF (Bad file descriptor) [pid 3645] close(25) = -1 EBADF (Bad file descriptor) [pid 3645] close(26) = -1 EBADF (Bad file descriptor) [pid 3645] close(27) = -1 EBADF (Bad file descriptor) [pid 3645] close(28) = -1 EBADF (Bad file descriptor) [pid 3645] close(29) = -1 EBADF (Bad file descriptor) [pid 3645] exit_group(0 [pid 3647] <... futex resumed>) = ? [pid 3645] <... exit_group resumed>) = ? [pid 3647] +++ exited with 0 +++ [pid 3646] <... futex resumed>) = ? [pid 3646] +++ exited with 0 +++ [pid 3645] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./4/binderfs") = 0 [pid 3631] umount2("./4/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./4/cgroup") = 0 [pid 3631] umount2("./4/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./4/cgroup.net") = 0 [ 68.715777][ T3646] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./4/file0") = 0 [pid 3631] umount2("./4/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./4/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./4") = 0 [pid 3631] mkdir("./5", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 17 ./strace-static-x86_64: Process 3648 attached [pid 3648] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3648] chdir("./5") = 0 [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3648] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3648] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 [pid 3648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3648] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3648] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3649 attached [pid 3649] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3649] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] <... clone resumed>, parent_tid=[18], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 18 [pid 3648] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3648] <... futex resumed>) = 1 [pid 3649] memfd_create("syzkaller", 0 [pid 3648] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3649] <... memfd_create resumed>) = 3 [pid 3649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3649] munmap(0x7f7bdb400000, 32768) = 0 [pid 3649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3649] close(3) = 0 [pid 3649] mkdir("./file0", 0777) = 0 [pid 3649] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3649] chdir("./file0") = 0 [pid 3649] ioctl(4, LOOP_CLR_FD) = 0 [pid 3649] close(4) = 0 [pid 3649] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] <... futex resumed>) = 0 [pid 3649] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3648] <... futex resumed>) = 0 [pid 3649] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3648] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... openat resumed>) = 4 [pid 3649] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3649] <... futex resumed>) = 1 [pid 3648] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3648] <... futex resumed>) = 0 [pid 3649] <... openat resumed>) = 5 [pid 3648] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] <... futex resumed>) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3648] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3650 attached , parent_tid=[19], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 19 [pid 3650] set_robust_list(0x7f7be39ac9e0, 24 [pid 3648] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... set_robust_list resumed>) = 0 [pid 3650] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3650] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] <... futex resumed>) = 0 [pid 3650] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] close(3) = 0 [pid 3648] close(4) = 0 [pid 3648] close(5) = 0 [pid 3648] close(6) = -1 EBADF (Bad file descriptor) [pid 3648] close(7) = -1 EBADF (Bad file descriptor) [pid 3648] close(8) = -1 EBADF (Bad file descriptor) [pid 3648] close(9) = -1 EBADF (Bad file descriptor) [pid 3648] close(10) = -1 EBADF (Bad file descriptor) [pid 3648] close(11) = -1 EBADF (Bad file descriptor) [pid 3648] close(12) = -1 EBADF (Bad file descriptor) [pid 3648] close(13) = -1 EBADF (Bad file descriptor) [pid 3648] close(14) = -1 EBADF (Bad file descriptor) [pid 3648] close(15) = -1 EBADF (Bad file descriptor) [pid 3648] close(16) = -1 EBADF (Bad file descriptor) [pid 3648] close(17) = -1 EBADF (Bad file descriptor) [pid 3648] close(18) = -1 EBADF (Bad file descriptor) [pid 3648] close(19) = -1 EBADF (Bad file descriptor) [pid 3648] close(20) = -1 EBADF (Bad file descriptor) [pid 3648] close(21) = -1 EBADF (Bad file descriptor) [pid 3648] close(22) = -1 EBADF (Bad file descriptor) [pid 3648] close(23) = -1 EBADF (Bad file descriptor) [pid 3648] close(24) = -1 EBADF (Bad file descriptor) [pid 3648] close(25) = -1 EBADF (Bad file descriptor) [pid 3648] close(26) = -1 EBADF (Bad file descriptor) [pid 3648] close(27) = -1 EBADF (Bad file descriptor) [pid 3648] close(28) = -1 EBADF (Bad file descriptor) [pid 3648] close(29) = -1 EBADF (Bad file descriptor) [pid 3648] exit_group(0 [pid 3650] <... futex resumed>) = ? [pid 3649] <... futex resumed>) = ? [pid 3648] <... exit_group resumed>) = ? [pid 3650] +++ exited with 0 +++ [pid 3649] +++ exited with 0 +++ [pid 3648] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3631] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./5/binderfs") = 0 [pid 3631] umount2("./5/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./5/cgroup") = 0 [pid 3631] umount2("./5/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./5/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./5/cgroup.net") = 0 [ 68.820209][ T3649] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./5/file0") = 0 [pid 3631] umount2("./5/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./5/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./5") = 0 [pid 3631] mkdir("./6", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 20 ./strace-static-x86_64: Process 3651 attached [pid 3651] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3651] chdir("./6") = 0 [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3651] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3651] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3651] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3651] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3652 attached [pid 3652] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3652] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] <... clone resumed>, parent_tid=[21], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 21 [pid 3651] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3652] <... futex resumed>) = 0 [pid 3651] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3652] memfd_create("syzkaller", 0) = 3 [pid 3652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3652] munmap(0x7f7bdb400000, 32768) = 0 [pid 3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3652] close(3) = 0 [pid 3652] mkdir("./file0", 0777) = 0 [pid 3652] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3652] chdir("./file0") = 0 [pid 3652] ioctl(4, LOOP_CLR_FD) = 0 [pid 3652] close(4) = 0 [pid 3652] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3652] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3651] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[22], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 22 ./strace-static-x86_64: Process 3653 attached [pid 3651] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 1 [pid 3652] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3652] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3653] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3653] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3653] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] close(3) = 0 [pid 3651] close(4) = 0 [pid 3651] close(5) = 0 [pid 3651] close(6) = -1 EBADF (Bad file descriptor) [pid 3651] close(7) = -1 EBADF (Bad file descriptor) [pid 3651] close(8) = -1 EBADF (Bad file descriptor) [pid 3651] close(9) = -1 EBADF (Bad file descriptor) [pid 3651] close(10) = -1 EBADF (Bad file descriptor) [pid 3651] close(11) = -1 EBADF (Bad file descriptor) [pid 3651] close(12) = -1 EBADF (Bad file descriptor) [pid 3651] close(13) = -1 EBADF (Bad file descriptor) [pid 3651] close(14) = -1 EBADF (Bad file descriptor) [pid 3651] close(15) = -1 EBADF (Bad file descriptor) [pid 3651] close(16) = -1 EBADF (Bad file descriptor) [pid 3651] close(17) = -1 EBADF (Bad file descriptor) [pid 3651] close(18) = -1 EBADF (Bad file descriptor) [pid 3651] close(19) = -1 EBADF (Bad file descriptor) [pid 3651] close(20 [pid 3653] <... futex resumed>) = 1 [pid 3651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3653] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] close(21) = -1 EBADF (Bad file descriptor) [pid 3651] close(22) = -1 EBADF (Bad file descriptor) [pid 3651] close(23) = -1 EBADF (Bad file descriptor) [pid 3651] close(24) = -1 EBADF (Bad file descriptor) [pid 3651] close(25) = -1 EBADF (Bad file descriptor) [pid 3651] close(26) = -1 EBADF (Bad file descriptor) [pid 3651] close(27) = -1 EBADF (Bad file descriptor) [pid 3651] close(28) = -1 EBADF (Bad file descriptor) [pid 3651] close(29) = -1 EBADF (Bad file descriptor) [pid 3651] exit_group(0 [pid 3653] <... futex resumed>) = ? [pid 3652] <... futex resumed>) = ? [pid 3651] <... exit_group resumed>) = ? [pid 3653] +++ exited with 0 +++ [pid 3652] +++ exited with 0 +++ [pid 3651] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3631] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./6/binderfs") = 0 [pid 3631] umount2("./6/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./6/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./6/cgroup") = 0 [pid 3631] umount2("./6/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./6/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./6/cgroup.net") = 0 [pid 3631] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 68.929763][ T3652] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./6/file0") = 0 [pid 3631] umount2("./6/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./6/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./6/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./6") = 0 [pid 3631] mkdir("./7", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 23 ./strace-static-x86_64: Process 3654 attached [pid 3654] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3654] chdir("./7") = 0 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3654] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3654] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3654] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3654] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3654] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3655 attached , parent_tid=[24], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 24 [pid 3655] set_robust_list(0x7f7be39cd9e0, 24 [pid 3654] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... set_robust_list resumed>) = 0 [pid 3654] <... futex resumed>) = 0 [pid 3655] memfd_create("syzkaller", 0 [pid 3654] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3655] <... memfd_create resumed>) = 3 [pid 3655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3655] munmap(0x7f7bdb400000, 32768) = 0 [pid 3655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3655] close(3) = 0 [pid 3655] mkdir("./file0", 0777) = 0 [pid 3655] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3655] chdir("./file0") = 0 [pid 3655] ioctl(4, LOOP_CLR_FD) = 0 [pid 3655] close(4) = 0 [pid 3655] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3655] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3654] <... futex resumed>) = 1 [pid 3655] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3654] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3655] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3654] <... mmap resumed>) = 0x7f7be398c000 [pid 3654] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE [pid 3655] <... openat resumed>) = 5 [pid 3654] <... mprotect resumed>) = 0 [pid 3654] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3655] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3656 attached [pid 3655] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3656] set_robust_list(0x7f7be39ac9e0, 24 [pid 3654] <... clone resumed>, parent_tid=[25], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 25 [pid 3656] <... set_robust_list resumed>) = 0 [pid 3654] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3656] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3654] <... futex resumed>) = 0 [pid 3656] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3654] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3656] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] close(3) = 0 [pid 3654] close(4) = 0 [pid 3654] close(5) = 0 [pid 3654] close(6) = -1 EBADF (Bad file descriptor) [pid 3654] close(7) = -1 EBADF (Bad file descriptor) [pid 3654] close(8) = -1 EBADF (Bad file descriptor) [pid 3654] close(9) = -1 EBADF (Bad file descriptor) [pid 3654] close(10) = -1 EBADF (Bad file descriptor) [pid 3654] close(11) = -1 EBADF (Bad file descriptor) [pid 3654] close(12) = -1 EBADF (Bad file descriptor) [pid 3654] close(13) = -1 EBADF (Bad file descriptor) [pid 3654] close(14) = -1 EBADF (Bad file descriptor) [pid 3654] close(15) = -1 EBADF (Bad file descriptor) [pid 3654] close(16) = -1 EBADF (Bad file descriptor) [pid 3654] close(17) = -1 EBADF (Bad file descriptor) [pid 3654] close(18) = -1 EBADF (Bad file descriptor) [pid 3654] close(19) = -1 EBADF (Bad file descriptor) [pid 3654] close(20) = -1 EBADF (Bad file descriptor) [pid 3654] close(21) = -1 EBADF (Bad file descriptor) [pid 3654] close(22) = -1 EBADF (Bad file descriptor) [pid 3654] close(23) = -1 EBADF (Bad file descriptor) [pid 3654] close(24) = -1 EBADF (Bad file descriptor) [pid 3654] close(25) = -1 EBADF (Bad file descriptor) [pid 3654] close(26) = -1 EBADF (Bad file descriptor) [pid 3654] close(27) = -1 EBADF (Bad file descriptor) [pid 3654] close(28) = -1 EBADF (Bad file descriptor) [pid 3654] close(29) = -1 EBADF (Bad file descriptor) [pid 3654] exit_group(0 [pid 3655] <... futex resumed>) = ? [pid 3654] <... exit_group resumed>) = ? [pid 3656] <... futex resumed>) = ? [pid 3655] +++ exited with 0 +++ [pid 3656] +++ exited with 0 +++ [pid 3654] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 69.024744][ T3655] loop0: detected capacity change from 0 to 64 [pid 3631] unlink("./7/binderfs") = 0 [pid 3631] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./7/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./7/cgroup") = 0 [pid 3631] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./7/cgroup.net") = 0 [pid 3631] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./7/file0") = 0 [pid 3631] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./7/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./7/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./7") = 0 [pid 3631] mkdir("./8", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3657 attached [pid 3657] set_robust_list(0x5555570ae5e0, 24 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 26 [pid 3657] <... set_robust_list resumed>) = 0 [pid 3657] chdir("./8") = 0 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3657] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3657] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3657] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3657] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3658 attached [pid 3658] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3658] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] <... clone resumed>, parent_tid=[27], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 27 [pid 3657] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... futex resumed>) = 0 [pid 3657] <... futex resumed>) = 1 [pid 3658] memfd_create("syzkaller", 0) = 3 [pid 3658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 3657] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3658] <... write resumed>) = 32768 [pid 3658] munmap(0x7f7bdb400000, 32768) = 0 [pid 3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3658] close(3) = 0 [pid 3658] mkdir("./file0", 0777) = 0 [pid 3658] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3658] chdir("./file0") = 0 [pid 3658] ioctl(4, LOOP_CLR_FD) = 0 [pid 3658] close(4) = 0 [pid 3658] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3657] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... openat resumed>) = 4 [pid 3658] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3658] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3657] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[28], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 28 [pid 3657] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... futex resumed>) = 0 [pid 3657] <... futex resumed>) = 0 [pid 3658] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3657] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... openat resumed>) = 5 ./strace-static-x86_64: Process 3659 attached [pid 3659] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3658] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3659] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... futex resumed>) = 0 [pid 3658] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] <... futex resumed>) = 1 [pid 3659] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] <... futex resumed>) = 0 [pid 3657] close(3) = 0 [pid 3657] close(4) = 0 [pid 3657] close(5) = 0 [pid 3657] close(6) = -1 EBADF (Bad file descriptor) [pid 3657] close(7) = -1 EBADF (Bad file descriptor) [pid 3657] close(8) = -1 EBADF (Bad file descriptor) [pid 3657] close(9) = -1 EBADF (Bad file descriptor) [pid 3657] close(10) = -1 EBADF (Bad file descriptor) [pid 3657] close(11) = -1 EBADF (Bad file descriptor) [pid 3657] close(12) = -1 EBADF (Bad file descriptor) [pid 3657] close(13) = -1 EBADF (Bad file descriptor) [pid 3657] close(14) = -1 EBADF (Bad file descriptor) [pid 3657] close(15) = -1 EBADF (Bad file descriptor) [pid 3657] close(16) = -1 EBADF (Bad file descriptor) [pid 3657] close(17) = -1 EBADF (Bad file descriptor) [pid 3657] close(18) = -1 EBADF (Bad file descriptor) [pid 3657] close(19) = -1 EBADF (Bad file descriptor) [pid 3657] close(20) = -1 EBADF (Bad file descriptor) [pid 3657] close(21) = -1 EBADF (Bad file descriptor) [pid 3657] close(22) = -1 EBADF (Bad file descriptor) [pid 3657] close(23) = -1 EBADF (Bad file descriptor) [pid 3657] close(24) = -1 EBADF (Bad file descriptor) [pid 3657] close(25) = -1 EBADF (Bad file descriptor) [pid 3657] close(26) = -1 EBADF (Bad file descriptor) [pid 3657] close(27) = -1 EBADF (Bad file descriptor) [pid 3657] close(28) = -1 EBADF (Bad file descriptor) [pid 3657] close(29) = -1 EBADF (Bad file descriptor) [pid 3657] exit_group(0 [pid 3659] <... futex resumed>) = ? [pid 3658] <... futex resumed>) = ? [pid 3657] <... exit_group resumed>) = ? [pid 3659] +++ exited with 0 +++ [pid 3658] +++ exited with 0 +++ [pid 3657] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3631] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./8/binderfs") = 0 [pid 3631] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./8/cgroup") = 0 [pid 3631] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./8/cgroup.net") = 0 [pid 3631] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./8/file0") = 0 [pid 3631] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.124991][ T3658] loop0: detected capacity change from 0 to 64 [pid 3631] lstat("./8/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./8/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./8") = 0 [pid 3631] mkdir("./9", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3660 attached , child_tidptr=0x5555570ae5d0) = 29 [pid 3660] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3660] chdir("./9") = 0 [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3660] setpgid(0, 0) = 0 [pid 3660] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3660] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3660] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3660] write(3, "1000", 4) = 4 [pid 3660] close(3) = 0 [pid 3660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3660] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3660] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3660] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[30], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 30 [pid 3660] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3661 attached [pid 3661] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3661] memfd_create("syzkaller", 0) = 3 [pid 3661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3661] munmap(0x7f7bdb400000, 32768) = 0 [pid 3661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3661] close(3) = 0 [pid 3661] mkdir("./file0", 0777) = 0 [pid 3661] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3661] chdir("./file0") = 0 [pid 3661] ioctl(4, LOOP_CLR_FD) = 0 [pid 3661] close(4) = 0 [pid 3661] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 1 [pid 3661] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3661] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3660] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3660] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[31], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 31 [pid 3660] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 1 [pid 3661] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3661] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3662 attached [pid 3662] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3662] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3662] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] close(3) = 0 [pid 3660] close(4) = 0 [pid 3660] close(5) = 0 [pid 3660] close(6) = -1 EBADF (Bad file descriptor) [pid 3660] close(7) = -1 EBADF (Bad file descriptor) [pid 3660] close(8) = -1 EBADF (Bad file descriptor) [pid 3660] close(9) = -1 EBADF (Bad file descriptor) [pid 3660] close(10) = -1 EBADF (Bad file descriptor) [pid 3660] close(11) = -1 EBADF (Bad file descriptor) [pid 3660] close(12) = -1 EBADF (Bad file descriptor) [pid 3660] close(13) = -1 EBADF (Bad file descriptor) [pid 3660] close(14) = -1 EBADF (Bad file descriptor) [pid 3660] close(15) = -1 EBADF (Bad file descriptor) [pid 3660] close(16) = -1 EBADF (Bad file descriptor) [pid 3660] close(17) = -1 EBADF (Bad file descriptor) [pid 3662] <... futex resumed>) = 1 [pid 3660] close(18) = -1 EBADF (Bad file descriptor) [pid 3660] close(19) = -1 EBADF (Bad file descriptor) [pid 3660] close(20) = -1 EBADF (Bad file descriptor) [pid 3662] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] close(21) = -1 EBADF (Bad file descriptor) [pid 3660] close(22) = -1 EBADF (Bad file descriptor) [pid 3660] close(23) = -1 EBADF (Bad file descriptor) [pid 3660] close(24) = -1 EBADF (Bad file descriptor) [pid 3660] close(25) = -1 EBADF (Bad file descriptor) [pid 3660] close(26) = -1 EBADF (Bad file descriptor) [pid 3660] close(27) = -1 EBADF (Bad file descriptor) [pid 3660] close(28) = -1 EBADF (Bad file descriptor) [pid 3660] close(29) = -1 EBADF (Bad file descriptor) [pid 3660] exit_group(0 [pid 3662] <... futex resumed>) = ? [pid 3661] <... futex resumed>) = ? [pid 3660] <... exit_group resumed>) = ? [pid 3661] +++ exited with 0 +++ [pid 3662] +++ exited with 0 +++ [pid 3660] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./9/binderfs") = 0 [pid 3631] umount2("./9/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./9/cgroup") = 0 [pid 3631] umount2("./9/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./9/cgroup.net") = 0 [pid 3631] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./9/file0") = 0 [pid 3631] umount2("./9/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./9/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./9/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./9") = 0 [pid 3631] mkdir("./10", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [ 69.209192][ T3661] loop0: detected capacity change from 0 to 64 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3663 attached [pid 3663] set_robust_list(0x5555570ae5e0, 24 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 32 [pid 3663] <... set_robust_list resumed>) = 0 [pid 3663] chdir("./10") = 0 [pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3663] setpgid(0, 0) = 0 [pid 3663] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3663] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3663] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3663] write(3, "1000", 4) = 4 [pid 3663] close(3) = 0 [pid 3663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3663] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3663] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3664 attached , parent_tid=[33], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 33 [pid 3663] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3664] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3664] memfd_create("syzkaller", 0) = 3 [pid 3664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3664] munmap(0x7f7bdb400000, 32768) = 0 [pid 3664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3664] close(3) = 0 [pid 3664] mkdir("./file0", 0777) = 0 [pid 3664] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3664] chdir("./file0") = 0 [pid 3664] ioctl(4, LOOP_CLR_FD) = 0 [pid 3664] close(4) = 0 [pid 3664] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 0 [pid 3664] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3664] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3663] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3665 attached [pid 3665] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3663] <... clone resumed>, parent_tid=[34], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 34 [pid 3663] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3663] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3665] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3664] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3664] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] close(3) = 0 [pid 3663] close(4) = 0 [pid 3663] close(5) = 0 [pid 3663] close(6) = -1 EBADF (Bad file descriptor) [pid 3663] close(7) = -1 EBADF (Bad file descriptor) [pid 3663] close(8) = -1 EBADF (Bad file descriptor) [pid 3663] close(9) = -1 EBADF (Bad file descriptor) [pid 3663] close(10) = -1 EBADF (Bad file descriptor) [pid 3663] close(11) = -1 EBADF (Bad file descriptor) [pid 3663] close(12) = -1 EBADF (Bad file descriptor) [pid 3663] close(13) = -1 EBADF (Bad file descriptor) [pid 3663] close(14) = -1 EBADF (Bad file descriptor) [pid 3663] close(15) = -1 EBADF (Bad file descriptor) [pid 3663] close(16) = -1 EBADF (Bad file descriptor) [pid 3663] close(17) = -1 EBADF (Bad file descriptor) [pid 3663] close(18) = -1 EBADF (Bad file descriptor) [pid 3663] close(19) = -1 EBADF (Bad file descriptor) [pid 3663] close(20) = -1 EBADF (Bad file descriptor) [pid 3663] close(21) = -1 EBADF (Bad file descriptor) [pid 3663] close(22) = -1 EBADF (Bad file descriptor) [pid 3663] close(23) = -1 EBADF (Bad file descriptor) [pid 3663] close(24) = -1 EBADF (Bad file descriptor) [pid 3663] close(25) = -1 EBADF (Bad file descriptor) [pid 3663] close(26) = -1 EBADF (Bad file descriptor) [pid 3663] close(27) = -1 EBADF (Bad file descriptor) [pid 3663] close(28) = -1 EBADF (Bad file descriptor) [pid 3663] close(29) = -1 EBADF (Bad file descriptor) [pid 3663] exit_group(0) = ? [pid 3665] <... futex resumed>) = ? [pid 3664] <... futex resumed>) = ? [pid 3665] +++ exited with 0 +++ [pid 3664] +++ exited with 0 +++ [pid 3663] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./10/binderfs") = 0 [pid 3631] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./10/cgroup") = 0 [pid 3631] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./10/cgroup.net") = 0 [ 69.296142][ T3664] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./10/file0") = 0 [pid 3631] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./10/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./10") = 0 [pid 3631] mkdir("./11", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3666 attached [pid 3666] set_robust_list(0x5555570ae5e0, 24 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 35 [pid 3666] <... set_robust_list resumed>) = 0 [pid 3666] chdir("./11") = 0 [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3666] setpgid(0, 0) = 0 [pid 3666] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3666] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3666] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3666] write(3, "1000", 4) = 4 [pid 3666] close(3) = 0 [pid 3666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3666] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3666] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3666] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3667 attached , parent_tid=[36], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 36 [pid 3667] set_robust_list(0x7f7be39cd9e0, 24 [pid 3666] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... set_robust_list resumed>) = 0 [pid 3667] memfd_create("syzkaller", 0 [pid 3666] <... futex resumed>) = 0 [pid 3667] <... memfd_create resumed>) = 3 [pid 3666] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3667] munmap(0x7f7bdb400000, 32768) = 0 [pid 3667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3667] close(3) = 0 [pid 3667] mkdir("./file0", 0777) = 0 [pid 3667] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3667] chdir("./file0") = 0 [pid 3667] ioctl(4, LOOP_CLR_FD) = 0 [pid 3667] close(4) = 0 [pid 3667] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3667] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3667] <... futex resumed>) = 0 [pid 3667] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3666] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... openat resumed>) = 4 [pid 3667] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3666] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3667] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3667] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3668 attached [pid 3668] set_robust_list(0x7f7be39ac9e0, 24 [pid 3666] <... clone resumed>, parent_tid=[37], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 37 [pid 3668] <... set_robust_list resumed>) = 0 [pid 3666] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3668] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3666] close(3 [pid 3668] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] <... close resumed>) = 0 [pid 3666] close(4) = 0 [pid 3666] close(5) = 0 [pid 3666] close(6) = -1 EBADF (Bad file descriptor) [pid 3666] close(7) = -1 EBADF (Bad file descriptor) [pid 3666] close(8) = -1 EBADF (Bad file descriptor) [pid 3666] close(9) = -1 EBADF (Bad file descriptor) [pid 3666] close(10) = -1 EBADF (Bad file descriptor) [pid 3666] close(11) = -1 EBADF (Bad file descriptor) [pid 3666] close(12) = -1 EBADF (Bad file descriptor) [pid 3666] close(13) = -1 EBADF (Bad file descriptor) [pid 3666] close(14) = -1 EBADF (Bad file descriptor) [pid 3666] close(15) = -1 EBADF (Bad file descriptor) [pid 3666] close(16) = -1 EBADF (Bad file descriptor) [pid 3666] close(17) = -1 EBADF (Bad file descriptor) [pid 3666] close(18) = -1 EBADF (Bad file descriptor) [pid 3666] close(19) = -1 EBADF (Bad file descriptor) [pid 3666] close(20) = -1 EBADF (Bad file descriptor) [pid 3666] close(21) = -1 EBADF (Bad file descriptor) [pid 3666] close(22) = -1 EBADF (Bad file descriptor) [pid 3666] close(23) = -1 EBADF (Bad file descriptor) [pid 3666] close(24) = -1 EBADF (Bad file descriptor) [pid 3666] close(25) = -1 EBADF (Bad file descriptor) [pid 3666] close(26) = -1 EBADF (Bad file descriptor) [pid 3666] close(27) = -1 EBADF (Bad file descriptor) [pid 3666] close(28) = -1 EBADF (Bad file descriptor) [pid 3666] close(29) = -1 EBADF (Bad file descriptor) [pid 3666] exit_group(0) = ? [pid 3668] <... futex resumed>) = ? [pid 3667] <... futex resumed>) = ? [pid 3668] +++ exited with 0 +++ [pid 3667] +++ exited with 0 +++ [pid 3666] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./11/binderfs") = 0 [pid 3631] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./11/cgroup") = 0 [pid 3631] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./11/cgroup.net") = 0 [pid 3631] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [ 69.403386][ T3667] loop0: detected capacity change from 0 to 64 [pid 3631] rmdir("./11/file0") = 0 [pid 3631] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./11/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./11") = 0 [pid 3631] mkdir("./12", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 38 ./strace-static-x86_64: Process 3669 attached [pid 3669] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3669] chdir("./12") = 0 [pid 3669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3669] setpgid(0, 0) = 0 [pid 3669] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3669] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3669] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3669] write(3, "1000", 4) = 4 [pid 3669] close(3) = 0 [pid 3669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3669] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3669] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3669] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3670 attached [pid 3670] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3670] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] <... clone resumed>, parent_tid=[39], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 39 [pid 3669] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3670] <... futex resumed>) = 0 [pid 3669] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3670] memfd_create("syzkaller", 0) = 3 [pid 3670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3670] munmap(0x7f7bdb400000, 32768) = 0 [pid 3670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3670] close(3) = 0 [pid 3670] mkdir("./file0", 0777) = 0 [pid 3670] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3670] chdir("./file0") = 0 [pid 3670] ioctl(4, LOOP_CLR_FD) = 0 [pid 3670] close(4) = 0 [pid 3670] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3670] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3669] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3670] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3670] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[40], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 40 [pid 3669] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3671 attached [pid 3671] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3671] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3671] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3671] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] close(3) = 0 [pid 3669] close(4) = 0 [pid 3669] close(5) = 0 [pid 3669] close(6) = -1 EBADF (Bad file descriptor) [pid 3669] close(7) = -1 EBADF (Bad file descriptor) [pid 3669] close(8) = -1 EBADF (Bad file descriptor) [pid 3669] close(9) = -1 EBADF (Bad file descriptor) [pid 3669] close(10) = -1 EBADF (Bad file descriptor) [pid 3669] close(11) = -1 EBADF (Bad file descriptor) [pid 3669] close(12) = -1 EBADF (Bad file descriptor) [pid 3669] close(13) = -1 EBADF (Bad file descriptor) [pid 3669] close(14) = -1 EBADF (Bad file descriptor) [pid 3669] close(15) = -1 EBADF (Bad file descriptor) [pid 3669] close(16) = -1 EBADF (Bad file descriptor) [pid 3669] close(17) = -1 EBADF (Bad file descriptor) [pid 3669] close(18) = -1 EBADF (Bad file descriptor) [pid 3669] close(19) = -1 EBADF (Bad file descriptor) [pid 3669] close(20) = -1 EBADF (Bad file descriptor) [pid 3669] close(21) = -1 EBADF (Bad file descriptor) [pid 3669] close(22) = -1 EBADF (Bad file descriptor) [pid 3669] close(23) = -1 EBADF (Bad file descriptor) [pid 3669] close(24) = -1 EBADF (Bad file descriptor) [pid 3669] close(25) = -1 EBADF (Bad file descriptor) [pid 3669] close(26) = -1 EBADF (Bad file descriptor) [pid 3669] close(27) = -1 EBADF (Bad file descriptor) [pid 3669] close(28) = -1 EBADF (Bad file descriptor) [pid 3669] close(29) = -1 EBADF (Bad file descriptor) [pid 3669] exit_group(0 [pid 3671] <... futex resumed>) = ? [pid 3670] <... futex resumed>) = ? [pid 3669] <... exit_group resumed>) = ? [pid 3671] +++ exited with 0 +++ [pid 3670] +++ exited with 0 +++ [pid 3669] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3631] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./12/binderfs") = 0 [pid 3631] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./12/cgroup") = 0 [pid 3631] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./12/cgroup.net") = 0 [pid 3631] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./12/file0") = 0 [pid 3631] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./12/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./12") = 0 [pid 3631] mkdir("./13", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 69.502809][ T3670] loop0: detected capacity change from 0 to 64 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3672 attached , child_tidptr=0x5555570ae5d0) = 41 [pid 3672] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3672] chdir("./13") = 0 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 [pid 3672] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3672] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3672] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3672] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3672] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3673 attached , parent_tid=[42], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 42 [pid 3673] set_robust_list(0x7f7be39cd9e0, 24 [pid 3672] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... set_robust_list resumed>) = 0 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3673] memfd_create("syzkaller", 0) = 3 [pid 3673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3673] munmap(0x7f7bdb400000, 32768) = 0 [pid 3673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3673] close(3) = 0 [pid 3673] mkdir("./file0", 0777) = 0 [pid 3673] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3673] chdir("./file0") = 0 [pid 3673] ioctl(4, LOOP_CLR_FD) = 0 [pid 3673] close(4) = 0 [pid 3673] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3673] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 0 [pid 3672] <... futex resumed>) = 1 [pid 3673] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3672] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... openat resumed>) = 4 [pid 3673] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = 0 [pid 3673] <... futex resumed>) = 1 [pid 3672] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3672] <... futex resumed>) = 0 [pid 3673] <... openat resumed>) = 5 [pid 3672] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = 0 [pid 3673] <... futex resumed>) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3673] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] <... mmap resumed>) = 0x7f7be398c000 [pid 3672] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[43], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 43 [pid 3672] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3674 attached [pid 3674] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3674] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3674] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3674] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] close(3) = 0 [pid 3672] close(4) = 0 [pid 3672] close(5) = 0 [pid 3672] close(6) = -1 EBADF (Bad file descriptor) [pid 3672] close(7) = -1 EBADF (Bad file descriptor) [pid 3672] close(8) = -1 EBADF (Bad file descriptor) [pid 3672] close(9) = -1 EBADF (Bad file descriptor) [pid 3672] close(10) = -1 EBADF (Bad file descriptor) [pid 3672] close(11) = -1 EBADF (Bad file descriptor) [pid 3672] close(12) = -1 EBADF (Bad file descriptor) [pid 3672] close(13) = -1 EBADF (Bad file descriptor) [pid 3672] close(14) = -1 EBADF (Bad file descriptor) [pid 3672] close(15) = -1 EBADF (Bad file descriptor) [pid 3672] close(16) = -1 EBADF (Bad file descriptor) [pid 3672] close(17) = -1 EBADF (Bad file descriptor) [pid 3672] close(18) = -1 EBADF (Bad file descriptor) [pid 3672] close(19) = -1 EBADF (Bad file descriptor) [pid 3672] close(20) = -1 EBADF (Bad file descriptor) [pid 3672] close(21) = -1 EBADF (Bad file descriptor) [pid 3672] close(22) = -1 EBADF (Bad file descriptor) [pid 3672] close(23) = -1 EBADF (Bad file descriptor) [pid 3672] close(24) = -1 EBADF (Bad file descriptor) [pid 3672] close(25) = -1 EBADF (Bad file descriptor) [pid 3672] close(26) = -1 EBADF (Bad file descriptor) [pid 3672] close(27) = -1 EBADF (Bad file descriptor) [pid 3672] close(28) = -1 EBADF (Bad file descriptor) [pid 3672] close(29) = -1 EBADF (Bad file descriptor) [pid 3672] exit_group(0 [pid 3674] <... futex resumed>) = ? [pid 3673] <... futex resumed>) = ? [pid 3672] <... exit_group resumed>) = ? [pid 3674] +++ exited with 0 +++ [pid 3673] +++ exited with 0 +++ [pid 3672] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./13/binderfs") = 0 [pid 3631] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./13/cgroup") = 0 [pid 3631] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./13/cgroup.net") = 0 [pid 3631] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./13/file0") = 0 [pid 3631] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./13/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [ 69.581183][ T3673] loop0: detected capacity change from 0 to 64 [pid 3631] rmdir("./13") = 0 [pid 3631] mkdir("./14", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 44 ./strace-static-x86_64: Process 3675 attached [pid 3675] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3675] chdir("./14") = 0 [pid 3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3675] setpgid(0, 0) = 0 [pid 3675] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3675] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3675] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3675] write(3, "1000", 4) = 4 [pid 3675] close(3) = 0 [pid 3675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3675] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3675] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3675] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[45], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 45 [pid 3675] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3676 attached [pid 3676] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3676] memfd_create("syzkaller", 0) = 3 [pid 3676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3676] munmap(0x7f7bdb400000, 32768) = 0 [pid 3676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3676] close(3) = 0 [pid 3676] mkdir("./file0", 0777) = 0 [pid 3676] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3676] chdir("./file0") = 0 [pid 3676] ioctl(4, LOOP_CLR_FD) = 0 [pid 3676] close(4) = 0 [pid 3676] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3676] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3675] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3675] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3677 attached [pid 3677] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3677] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] <... clone resumed>, parent_tid=[46], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 46 [pid 3675] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3677] <... futex resumed>) = 0 [pid 3677] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3677] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3676] <... futex resumed>) = 1 [pid 3676] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3676] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] close(3) = 0 [pid 3675] close(4) = 0 [pid 3675] close(5) = 0 [pid 3675] close(6) = -1 EBADF (Bad file descriptor) [pid 3675] close(7) = -1 EBADF (Bad file descriptor) [pid 3675] close(8) = -1 EBADF (Bad file descriptor) [pid 3675] close(9) = -1 EBADF (Bad file descriptor) [pid 3675] close(10) = -1 EBADF (Bad file descriptor) [pid 3675] close(11) = -1 EBADF (Bad file descriptor) [pid 3675] close(12) = -1 EBADF (Bad file descriptor) [pid 3675] close(13) = -1 EBADF (Bad file descriptor) [pid 3675] close(14) = -1 EBADF (Bad file descriptor) [pid 3675] close(15) = -1 EBADF (Bad file descriptor) [pid 3675] close(16) = -1 EBADF (Bad file descriptor) [pid 3675] close(17) = -1 EBADF (Bad file descriptor) [pid 3675] close(18) = -1 EBADF (Bad file descriptor) [pid 3675] close(19) = -1 EBADF (Bad file descriptor) [pid 3675] close(20) = -1 EBADF (Bad file descriptor) [pid 3675] close(21) = -1 EBADF (Bad file descriptor) [pid 3675] close(22) = -1 EBADF (Bad file descriptor) [pid 3675] close(23) = -1 EBADF (Bad file descriptor) [pid 3675] close(24) = -1 EBADF (Bad file descriptor) [pid 3675] close(25) = -1 EBADF (Bad file descriptor) [pid 3675] close(26) = -1 EBADF (Bad file descriptor) [pid 3675] close(27) = -1 EBADF (Bad file descriptor) [pid 3675] close(28) = -1 EBADF (Bad file descriptor) [pid 3675] close(29) = -1 EBADF (Bad file descriptor) [pid 3675] exit_group(0 [pid 3677] <... futex resumed>) = ? [pid 3676] <... futex resumed>) = ? [pid 3675] <... exit_group resumed>) = ? [pid 3676] +++ exited with 0 +++ [ 69.661359][ T3676] loop0: detected capacity change from 0 to 64 [ 69.666186][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 3677] +++ exited with 0 +++ [pid 3675] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./14/binderfs") = 0 [pid 3631] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./14/cgroup") = 0 [pid 3631] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./14/cgroup.net") = 0 [pid 3631] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./14/file0") = 0 [pid 3631] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./14/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./14") = 0 [pid 3631] mkdir("./15", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 47 ./strace-static-x86_64: Process 3678 attached [pid 3678] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3678] chdir("./15") = 0 [pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3678] setpgid(0, 0) = 0 [pid 3678] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3678] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3678] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3678] write(3, "1000", 4) = 4 [pid 3678] close(3) = 0 [pid 3678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3678] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3678] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3678] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[48], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 48 ./strace-static-x86_64: Process 3679 attached [pid 3679] set_robust_list(0x7f7be39cd9e0, 24 [pid 3678] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... set_robust_list resumed>) = 0 [pid 3678] <... futex resumed>) = 0 [pid 3679] memfd_create("syzkaller", 0 [pid 3678] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3679] <... memfd_create resumed>) = 3 [pid 3679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3679] munmap(0x7f7bdb400000, 32768) = 0 [pid 3679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3679] close(3) = 0 [pid 3679] mkdir("./file0", 0777) = 0 [pid 3679] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3679] chdir("./file0") = 0 [pid 3679] ioctl(4, LOOP_CLR_FD) = 0 [pid 3679] close(4) = 0 [pid 3679] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3679] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... futex resumed>) = 0 [pid 3679] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3679] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3678] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3678] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3679] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000./strace-static-x86_64: Process 3680 attached [pid 3678] <... clone resumed>, parent_tid=[49], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 49 [pid 3680] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3680] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... openat resumed>) = 5 [pid 3680] <... futex resumed>) = 0 [pid 3678] <... futex resumed>) = 1 [pid 3679] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... futex resumed>) = 0 [pid 3679] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3680] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3680] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] <... futex resumed>) = 0 [pid 3678] close(3) = 0 [pid 3678] close(4) = 0 [pid 3678] close(5) = 0 [pid 3678] close(6) = -1 EBADF (Bad file descriptor) [pid 3680] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] close(7) = -1 EBADF (Bad file descriptor) [pid 3678] close(8) = -1 EBADF (Bad file descriptor) [pid 3678] close(9) = -1 EBADF (Bad file descriptor) [pid 3678] close(10) = -1 EBADF (Bad file descriptor) [pid 3678] close(11) = -1 EBADF (Bad file descriptor) [pid 3678] close(12) = -1 EBADF (Bad file descriptor) [pid 3678] close(13) = -1 EBADF (Bad file descriptor) [pid 3678] close(14) = -1 EBADF (Bad file descriptor) [pid 3678] close(15) = -1 EBADF (Bad file descriptor) [pid 3678] close(16) = -1 EBADF (Bad file descriptor) [pid 3678] close(17) = -1 EBADF (Bad file descriptor) [pid 3678] close(18) = -1 EBADF (Bad file descriptor) [pid 3678] close(19) = -1 EBADF (Bad file descriptor) [pid 3678] close(20) = -1 EBADF (Bad file descriptor) [pid 3678] close(21) = -1 EBADF (Bad file descriptor) [pid 3678] close(22) = -1 EBADF (Bad file descriptor) [pid 3678] close(23) = -1 EBADF (Bad file descriptor) [pid 3678] close(24) = -1 EBADF (Bad file descriptor) [pid 3678] close(25) = -1 EBADF (Bad file descriptor) [pid 3678] close(26) = -1 EBADF (Bad file descriptor) [pid 3678] close(27) = -1 EBADF (Bad file descriptor) [pid 3678] close(28) = -1 EBADF (Bad file descriptor) [pid 3678] close(29) = -1 EBADF (Bad file descriptor) [pid 3678] exit_group(0 [pid 3680] <... futex resumed>) = ? [pid 3679] <... futex resumed>) = ? [pid 3678] <... exit_group resumed>) = ? [pid 3680] +++ exited with 0 +++ [pid 3679] +++ exited with 0 +++ [pid 3678] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./15/binderfs") = 0 [pid 3631] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./15/cgroup") = 0 [pid 3631] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./15/cgroup.net") = 0 [ 69.763329][ T3679] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./15/file0") = 0 [pid 3631] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./15/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./15") = 0 [pid 3631] mkdir("./16", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 50 ./strace-static-x86_64: Process 3681 attached [pid 3681] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3681] chdir("./16") = 0 [pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3681] setpgid(0, 0) = 0 [pid 3681] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3681] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3681] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3681] write(3, "1000", 4) = 4 [pid 3681] close(3) = 0 [pid 3681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3681] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3681] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3681] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[51], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 51 ./strace-static-x86_64: Process 3682 attached [pid 3681] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] set_robust_list(0x7f7be39cd9e0, 24 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3682] <... set_robust_list resumed>) = 0 [pid 3682] memfd_create("syzkaller", 0) = 3 [pid 3682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3682] munmap(0x7f7bdb400000, 32768) = 0 [pid 3682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3682] close(3) = 0 [pid 3682] mkdir("./file0", 0777) = 0 [pid 3682] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3682] chdir("./file0") = 0 [pid 3682] ioctl(4, LOOP_CLR_FD) = 0 [pid 3682] close(4) = 0 [pid 3682] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3682] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... futex resumed>) = 0 [pid 3682] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3682] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3682] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3681] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... openat resumed>) = 5 [pid 3681] <... futex resumed>) = 0 [pid 3682] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3682] <... futex resumed>) = 0 [pid 3682] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] <... mmap resumed>) = 0x7f7be398c000 [pid 3681] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3681] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3683 attached , parent_tid=[52], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 52 [pid 3681] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3683] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3683] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3683] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3681] close(3) = 0 [pid 3683] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] close(4) = 0 [pid 3681] close(5) = 0 [pid 3681] close(6) = -1 EBADF (Bad file descriptor) [pid 3681] close(7) = -1 EBADF (Bad file descriptor) [pid 3681] close(8) = -1 EBADF (Bad file descriptor) [pid 3681] close(9) = -1 EBADF (Bad file descriptor) [pid 3681] close(10) = -1 EBADF (Bad file descriptor) [pid 3681] close(11) = -1 EBADF (Bad file descriptor) [pid 3681] close(12) = -1 EBADF (Bad file descriptor) [pid 3681] close(13) = -1 EBADF (Bad file descriptor) [pid 3681] close(14) = -1 EBADF (Bad file descriptor) [pid 3681] close(15) = -1 EBADF (Bad file descriptor) [pid 3681] close(16) = -1 EBADF (Bad file descriptor) [pid 3681] close(17) = -1 EBADF (Bad file descriptor) [pid 3681] close(18) = -1 EBADF (Bad file descriptor) [pid 3681] close(19) = -1 EBADF (Bad file descriptor) [pid 3681] close(20) = -1 EBADF (Bad file descriptor) [pid 3681] close(21) = -1 EBADF (Bad file descriptor) [pid 3681] close(22) = -1 EBADF (Bad file descriptor) [pid 3681] close(23) = -1 EBADF (Bad file descriptor) [pid 3681] close(24) = -1 EBADF (Bad file descriptor) [pid 3681] close(25) = -1 EBADF (Bad file descriptor) [pid 3681] close(26) = -1 EBADF (Bad file descriptor) [pid 3681] close(27) = -1 EBADF (Bad file descriptor) [pid 3681] close(28) = -1 EBADF (Bad file descriptor) [pid 3681] close(29) = -1 EBADF (Bad file descriptor) [pid 3681] exit_group(0 [pid 3682] <... futex resumed>) = ? [pid 3681] <... exit_group resumed>) = ? [pid 3683] <... futex resumed>) = ? [pid 3682] +++ exited with 0 +++ [pid 3683] +++ exited with 0 +++ [pid 3681] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./16/binderfs") = 0 [pid 3631] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./16/cgroup") = 0 [pid 3631] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./16/cgroup.net") = 0 [ 69.864681][ T3682] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./16/file0") = 0 [pid 3631] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./16/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./16") = 0 [pid 3631] mkdir("./17", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3684 attached , child_tidptr=0x5555570ae5d0) = 53 [pid 3684] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3684] chdir("./17") = 0 [pid 3684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3684] setpgid(0, 0) = 0 [pid 3684] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3684] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3684] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3684] write(3, "1000", 4) = 4 [pid 3684] close(3) = 0 [pid 3684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3684] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3684] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3684] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3685 attached [pid 3685] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3685] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3684] <... clone resumed>, parent_tid=[54], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 54 [pid 3684] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3684] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3685] memfd_create("syzkaller", 0) = 3 [pid 3685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3685] munmap(0x7f7bdb400000, 32768) = 0 [pid 3685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3685] close(3) = 0 [pid 3685] mkdir("./file0", 0777) = 0 [pid 3685] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3685] chdir("./file0") = 0 [pid 3685] ioctl(4, LOOP_CLR_FD) = 0 [pid 3685] close(4) = 0 [pid 3685] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3684] <... futex resumed>) = 0 [pid 3685] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3684] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... openat resumed>) = 4 [pid 3684] <... futex resumed>) = 0 [pid 3685] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3684] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3685] <... futex resumed>) = 0 [pid 3684] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3685] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3684] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... openat resumed>) = 5 [pid 3684] <... futex resumed>) = 0 [pid 3685] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3684] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = 0 [pid 3684] <... futex resumed>) = 0 [pid 3685] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3684] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3684] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3686 attached [pid 3686] set_robust_list(0x7f7be39ac9e0, 24 [pid 3684] <... clone resumed>, parent_tid=[55], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 55 [pid 3686] <... set_robust_list resumed>) = 0 [pid 3684] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3684] <... futex resumed>) = 0 [pid 3686] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3684] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3684] <... futex resumed>) = 0 [pid 3686] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3684] close(3) = 0 [pid 3684] close(4) = 0 [pid 3684] close(5) = 0 [pid 3684] close(6) = -1 EBADF (Bad file descriptor) [pid 3684] close(7) = -1 EBADF (Bad file descriptor) [pid 3684] close(8) = -1 EBADF (Bad file descriptor) [pid 3684] close(9) = -1 EBADF (Bad file descriptor) [pid 3684] close(10) = -1 EBADF (Bad file descriptor) [pid 3684] close(11) = -1 EBADF (Bad file descriptor) [pid 3684] close(12) = -1 EBADF (Bad file descriptor) [pid 3684] close(13) = -1 EBADF (Bad file descriptor) [pid 3684] close(14) = -1 EBADF (Bad file descriptor) [pid 3684] close(15) = -1 EBADF (Bad file descriptor) [pid 3684] close(16) = -1 EBADF (Bad file descriptor) [pid 3684] close(17) = -1 EBADF (Bad file descriptor) [pid 3684] close(18) = -1 EBADF (Bad file descriptor) [pid 3684] close(19) = -1 EBADF (Bad file descriptor) [pid 3684] close(20) = -1 EBADF (Bad file descriptor) [pid 3684] close(21) = -1 EBADF (Bad file descriptor) [pid 3684] close(22) = -1 EBADF (Bad file descriptor) [pid 3684] close(23) = -1 EBADF (Bad file descriptor) [pid 3684] close(24) = -1 EBADF (Bad file descriptor) [pid 3684] close(25) = -1 EBADF (Bad file descriptor) [pid 3684] close(26) = -1 EBADF (Bad file descriptor) [pid 3684] close(27) = -1 EBADF (Bad file descriptor) [pid 3684] close(28) = -1 EBADF (Bad file descriptor) [pid 3684] close(29) = -1 EBADF (Bad file descriptor) [pid 3684] exit_group(0 [pid 3686] <... futex resumed>) = ? [pid 3685] <... futex resumed>) = ? [pid 3684] <... exit_group resumed>) = ? [pid 3686] +++ exited with 0 +++ [pid 3685] +++ exited with 0 +++ [pid 3684] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3631] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./17/binderfs") = 0 [pid 3631] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./17/cgroup") = 0 [pid 3631] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./17/cgroup.net") = 0 [pid 3631] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./17/file0") = 0 [pid 3631] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.968728][ T3685] loop0: detected capacity change from 0 to 64 [pid 3631] lstat("./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./17/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./17") = 0 [pid 3631] mkdir("./18", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x5555570ae5e0, 24 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 56 [pid 3687] <... set_robust_list resumed>) = 0 [pid 3687] chdir("./18") = 0 [pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3687] setpgid(0, 0) = 0 [pid 3687] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3687] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3687] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3687] write(3, "1000", 4) = 4 [pid 3687] close(3) = 0 [pid 3687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3687] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3687] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3687] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3688 attached , parent_tid=[57], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 57 [pid 3688] set_robust_list(0x7f7be39cd9e0, 24 [pid 3687] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... set_robust_list resumed>) = 0 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3688] memfd_create("syzkaller", 0) = 3 [pid 3688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3688] munmap(0x7f7bdb400000, 32768) = 0 [pid 3688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3688] close(3) = 0 [pid 3688] mkdir("./file0", 0777) = 0 [pid 3688] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3688] chdir("./file0") = 0 [pid 3688] ioctl(4, LOOP_CLR_FD) = 0 [pid 3688] close(4) = 0 [pid 3688] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3687] <... futex resumed>) = 0 [pid 3688] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3687] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3687] <... futex resumed>) = 0 [pid 3688] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3687] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... openat resumed>) = 4 [pid 3688] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3688] <... futex resumed>) = 1 [pid 3687] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... openat resumed>) = 5 [pid 3687] <... futex resumed>) = 0 [pid 3688] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3687] <... mmap resumed>) = 0x7f7be398c000 [pid 3687] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3687] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3689 attached [pid 3689] set_robust_list(0x7f7be39ac9e0, 24 [pid 3687] <... clone resumed>, parent_tid=[58], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 58 [pid 3689] <... set_robust_list resumed>) = 0 [pid 3687] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3689] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3687] <... futex resumed>) = 0 [pid 3689] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3687] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3687] <... futex resumed>) = 0 [pid 3689] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3687] close(3) = 0 [pid 3687] close(4) = 0 [pid 3687] close(5) = 0 [pid 3687] close(6) = -1 EBADF (Bad file descriptor) [pid 3687] close(7) = -1 EBADF (Bad file descriptor) [pid 3687] close(8) = -1 EBADF (Bad file descriptor) [pid 3687] close(9) = -1 EBADF (Bad file descriptor) [pid 3687] close(10) = -1 EBADF (Bad file descriptor) [pid 3687] close(11) = -1 EBADF (Bad file descriptor) [pid 3687] close(12) = -1 EBADF (Bad file descriptor) [pid 3687] close(13) = -1 EBADF (Bad file descriptor) [pid 3687] close(14) = -1 EBADF (Bad file descriptor) [pid 3687] close(15) = -1 EBADF (Bad file descriptor) [pid 3687] close(16) = -1 EBADF (Bad file descriptor) [pid 3687] close(17) = -1 EBADF (Bad file descriptor) [pid 3687] close(18) = -1 EBADF (Bad file descriptor) [pid 3687] close(19) = -1 EBADF (Bad file descriptor) [pid 3687] close(20) = -1 EBADF (Bad file descriptor) [pid 3687] close(21) = -1 EBADF (Bad file descriptor) [pid 3687] close(22) = -1 EBADF (Bad file descriptor) [pid 3687] close(23) = -1 EBADF (Bad file descriptor) [pid 3687] close(24) = -1 EBADF (Bad file descriptor) [pid 3687] close(25) = -1 EBADF (Bad file descriptor) [pid 3687] close(26) = -1 EBADF (Bad file descriptor) [pid 3687] close(27) = -1 EBADF (Bad file descriptor) [pid 3687] close(28) = -1 EBADF (Bad file descriptor) [pid 3687] close(29) = -1 EBADF (Bad file descriptor) [pid 3687] exit_group(0 [pid 3689] <... futex resumed>) = ? [pid 3688] <... futex resumed>) = ? [pid 3687] <... exit_group resumed>) = ? [pid 3688] +++ exited with 0 +++ [pid 3689] +++ exited with 0 +++ [pid 3687] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./18/binderfs") = 0 [pid 3631] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./18/cgroup") = 0 [pid 3631] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./18/cgroup.net") = 0 [pid 3631] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 70.062200][ T3688] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./18/file0") = 0 [pid 3631] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./18/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./18") = 0 [pid 3631] mkdir("./19", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3690 attached , child_tidptr=0x5555570ae5d0) = 59 [pid 3690] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3690] chdir("./19") = 0 [pid 3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3690] setpgid(0, 0) = 0 [pid 3690] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3690] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3690] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3690] write(3, "1000", 4) = 4 [pid 3690] close(3) = 0 [pid 3690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3690] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3690] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3690] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[60], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 60 ./strace-static-x86_64: Process 3691 attached [pid 3691] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3691] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3690] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3691] memfd_create("syzkaller", 0) = 3 [pid 3691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3691] munmap(0x7f7bdb400000, 32768) = 0 [pid 3691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3691] close(3) = 0 [pid 3691] mkdir("./file0", 0777) = 0 [pid 3691] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3691] chdir("./file0") = 0 [pid 3691] ioctl(4, LOOP_CLR_FD) = 0 [pid 3691] close(4) = 0 [pid 3691] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3691] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3690] <... futex resumed>) = 0 [pid 3691] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3690] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... openat resumed>) = 4 [pid 3691] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3691] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3690] <... futex resumed>) = 0 [pid 3691] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3690] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... openat resumed>) = 5 [pid 3690] <... futex resumed>) = 0 [pid 3691] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3691] <... futex resumed>) = 0 [pid 3690] <... mmap resumed>) = 0x7f7be398c000 [pid 3691] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3690] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[61], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 61 [pid 3690] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3692 attached [pid 3692] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3692] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3692] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3692] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] close(3) = 0 [pid 3690] close(4) = 0 [pid 3690] close(5) = 0 [pid 3690] close(6) = -1 EBADF (Bad file descriptor) [pid 3690] close(7) = -1 EBADF (Bad file descriptor) [pid 3690] close(8) = -1 EBADF (Bad file descriptor) [pid 3690] close(9) = -1 EBADF (Bad file descriptor) [pid 3690] close(10) = -1 EBADF (Bad file descriptor) [pid 3690] close(11) = -1 EBADF (Bad file descriptor) [pid 3690] close(12) = -1 EBADF (Bad file descriptor) [pid 3690] close(13) = -1 EBADF (Bad file descriptor) [pid 3690] close(14) = -1 EBADF (Bad file descriptor) [pid 3690] close(15) = -1 EBADF (Bad file descriptor) [pid 3690] close(16) = -1 EBADF (Bad file descriptor) [pid 3690] close(17) = -1 EBADF (Bad file descriptor) [pid 3690] close(18) = -1 EBADF (Bad file descriptor) [pid 3690] close(19) = -1 EBADF (Bad file descriptor) [pid 3690] close(20) = -1 EBADF (Bad file descriptor) [pid 3690] close(21) = -1 EBADF (Bad file descriptor) [pid 3690] close(22) = -1 EBADF (Bad file descriptor) [pid 3690] close(23) = -1 EBADF (Bad file descriptor) [pid 3690] close(24) = -1 EBADF (Bad file descriptor) [pid 3690] close(25) = -1 EBADF (Bad file descriptor) [pid 3690] close(26) = -1 EBADF (Bad file descriptor) [pid 3690] close(27) = -1 EBADF (Bad file descriptor) [pid 3690] close(28) = -1 EBADF (Bad file descriptor) [pid 3690] close(29) = -1 EBADF (Bad file descriptor) [pid 3690] exit_group(0 [pid 3692] <... futex resumed>) = ? [pid 3691] <... futex resumed>) = ? [pid 3690] <... exit_group resumed>) = ? [pid 3692] +++ exited with 0 +++ [pid 3691] +++ exited with 0 +++ [pid 3690] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3631] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./19/binderfs") = 0 [pid 3631] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./19/cgroup") = 0 [pid 3631] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./19/cgroup.net") = 0 [pid 3631] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 70.169817][ T3691] loop0: detected capacity change from 0 to 64 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./19/file0") = 0 [pid 3631] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./19/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./19") = 0 [pid 3631] mkdir("./20", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3693 attached [pid 3693] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 62 [pid 3693] chdir("./20") = 0 [pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3693] setpgid(0, 0) = 0 [pid 3693] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3693] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3693] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3693] write(3, "1000", 4) = 4 [pid 3693] close(3) = 0 [pid 3693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3693] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3693] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3693] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3694 attached [pid 3694] set_robust_list(0x7f7be39cd9e0, 24 [pid 3693] <... clone resumed>, parent_tid=[63], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 63 [pid 3694] <... set_robust_list resumed>) = 0 [pid 3693] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] memfd_create("syzkaller", 0 [pid 3693] <... futex resumed>) = 0 [pid 3694] <... memfd_create resumed>) = 3 [pid 3693] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3694] munmap(0x7f7bdb400000, 32768) = 0 [pid 3694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3694] close(3) = 0 [pid 3694] mkdir("./file0", 0777) = 0 [pid 3694] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3694] chdir("./file0") = 0 [pid 3694] ioctl(4, LOOP_CLR_FD) = 0 [pid 3694] close(4) = 0 [pid 3694] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3694] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] <... futex resumed>) = 0 [pid 3693] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = 0 [pid 3693] <... futex resumed>) = 1 [pid 3694] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3693] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... openat resumed>) = 4 [pid 3694] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3693] <... futex resumed>) = 0 [pid 3694] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3693] <... futex resumed>) = 0 [pid 3694] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3693] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... openat resumed>) = 5 [pid 3693] <... futex resumed>) = 0 [pid 3694] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3694] <... futex resumed>) = 0 [pid 3693] <... mmap resumed>) = 0x7f7be398c000 [pid 3694] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3693] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3695 attached [pid 3695] set_robust_list(0x7f7be39ac9e0, 24 [pid 3693] <... clone resumed>, parent_tid=[64], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 64 [pid 3695] <... set_robust_list resumed>) = 0 [pid 3693] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3693] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3695] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3693] <... futex resumed>) = 0 [pid 3695] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] close(3) = 0 [pid 3693] close(4) = 0 [pid 3693] close(5) = 0 [pid 3693] close(6) = -1 EBADF (Bad file descriptor) [pid 3693] close(7) = -1 EBADF (Bad file descriptor) [pid 3693] close(8) = -1 EBADF (Bad file descriptor) [pid 3693] close(9) = -1 EBADF (Bad file descriptor) [pid 3693] close(10) = -1 EBADF (Bad file descriptor) [pid 3693] close(11) = -1 EBADF (Bad file descriptor) [pid 3693] close(12) = -1 EBADF (Bad file descriptor) [pid 3693] close(13) = -1 EBADF (Bad file descriptor) [pid 3693] close(14) = -1 EBADF (Bad file descriptor) [pid 3693] close(15) = -1 EBADF (Bad file descriptor) [pid 3693] close(16) = -1 EBADF (Bad file descriptor) [pid 3693] close(17) = -1 EBADF (Bad file descriptor) [pid 3693] close(18) = -1 EBADF (Bad file descriptor) [pid 3693] close(19) = -1 EBADF (Bad file descriptor) [pid 3693] close(20) = -1 EBADF (Bad file descriptor) [pid 3693] close(21) = -1 EBADF (Bad file descriptor) [pid 3693] close(22) = -1 EBADF (Bad file descriptor) [pid 3693] close(23) = -1 EBADF (Bad file descriptor) [pid 3693] close(24) = -1 EBADF (Bad file descriptor) [pid 3693] close(25) = -1 EBADF (Bad file descriptor) [pid 3693] close(26) = -1 EBADF (Bad file descriptor) [pid 3693] close(27) = -1 EBADF (Bad file descriptor) [pid 3693] close(28) = -1 EBADF (Bad file descriptor) [pid 3693] close(29) = -1 EBADF (Bad file descriptor) [ 70.262503][ T3694] loop0: detected capacity change from 0 to 64 [pid 3693] exit_group(0) = ? [pid 3695] <... futex resumed>) = ? [pid 3695] +++ exited with 0 +++ [pid 3694] <... futex resumed>) = ? [pid 3694] +++ exited with 0 +++ [pid 3693] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./20/binderfs") = 0 [pid 3631] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./20/cgroup") = 0 [pid 3631] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./20/cgroup.net") = 0 [pid 3631] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./20/file0") = 0 [pid 3631] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./20/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./20") = 0 [pid 3631] mkdir("./21", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3696 attached [pid 3696] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 65 [pid 3696] chdir("./21") = 0 [pid 3696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3696] setpgid(0, 0) = 0 [pid 3696] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3696] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3696] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3696] write(3, "1000", 4) = 4 [pid 3696] close(3) = 0 [pid 3696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3696] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3696] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3696] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3697 attached [pid 3697] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3697] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3696] <... clone resumed>, parent_tid=[66], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 66 [pid 3696] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 0 [pid 3696] <... futex resumed>) = 1 [pid 3697] memfd_create("syzkaller", 0) = 3 [pid 3697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3696] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3697] munmap(0x7f7bdb400000, 32768) = 0 [pid 3697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3697] close(3) = 0 [pid 3697] mkdir("./file0", 0777) = 0 [pid 3697] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3697] chdir("./file0") = 0 [pid 3697] ioctl(4, LOOP_CLR_FD) = 0 [pid 3697] close(4) = 0 [pid 3697] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3697] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3696] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... openat resumed>) = 4 [pid 3696] <... futex resumed>) = 0 [pid 3697] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... futex resumed>) = 0 [pid 3696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3697] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3696] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... openat resumed>) = 5 [pid 3696] <... futex resumed>) = 0 [pid 3697] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 0 [pid 3696] <... futex resumed>) = 0 [pid 3697] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3696] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3696] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[67], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 67 [pid 3696] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3698 attached [pid 3698] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3698] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3698] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3698] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3696] close(3) = 0 [pid 3696] close(4) = 0 [pid 3696] close(5) = 0 [pid 3696] close(6) = -1 EBADF (Bad file descriptor) [pid 3696] close(7) = -1 EBADF (Bad file descriptor) [pid 3696] close(8) = -1 EBADF (Bad file descriptor) [pid 3696] close(9) = -1 EBADF (Bad file descriptor) [pid 3696] close(10) = -1 EBADF (Bad file descriptor) [pid 3696] close(11) = -1 EBADF (Bad file descriptor) [pid 3696] close(12) = -1 EBADF (Bad file descriptor) [pid 3696] close(13) = -1 EBADF (Bad file descriptor) [pid 3696] close(14) = -1 EBADF (Bad file descriptor) [pid 3696] close(15) = -1 EBADF (Bad file descriptor) [pid 3696] close(16) = -1 EBADF (Bad file descriptor) [pid 3696] close(17) = -1 EBADF (Bad file descriptor) [pid 3696] close(18) = -1 EBADF (Bad file descriptor) [pid 3696] close(19) = -1 EBADF (Bad file descriptor) [pid 3696] close(20) = -1 EBADF (Bad file descriptor) [pid 3696] close(21) = -1 EBADF (Bad file descriptor) [pid 3696] close(22) = -1 EBADF (Bad file descriptor) [pid 3696] close(23) = -1 EBADF (Bad file descriptor) [pid 3696] close(24) = -1 EBADF (Bad file descriptor) [pid 3696] close(25) = -1 EBADF (Bad file descriptor) [pid 3696] close(26) = -1 EBADF (Bad file descriptor) [pid 3696] close(27) = -1 EBADF (Bad file descriptor) [pid 3696] close(28) = -1 EBADF (Bad file descriptor) [pid 3696] close(29) = -1 EBADF (Bad file descriptor) [pid 3696] exit_group(0 [pid 3698] <... futex resumed>) = ? [pid 3697] <... futex resumed>) = ? [pid 3696] <... exit_group resumed>) = ? [pid 3698] +++ exited with 0 +++ [pid 3697] +++ exited with 0 +++ [pid 3696] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3631] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./21/binderfs") = 0 [pid 3631] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./21/cgroup") = 0 [pid 3631] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./21/cgroup.net") = 0 [pid 3631] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./21/file0") = 0 [pid 3631] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./21/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./21") = 0 [pid 3631] mkdir("./22", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 70.373225][ T3697] loop0: detected capacity change from 0 to 64 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 68 ./strace-static-x86_64: Process 3699 attached [pid 3699] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3699] chdir("./22") = 0 [pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3699] setpgid(0, 0) = 0 [pid 3699] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3699] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3699] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3699] write(3, "1000", 4) = 4 [pid 3699] close(3) = 0 [pid 3699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3699] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3699] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3699] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[69], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 69 [pid 3699] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3700 attached [pid 3700] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3700] memfd_create("syzkaller", 0) = 3 [pid 3700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3700] munmap(0x7f7bdb400000, 32768) = 0 [pid 3700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3700] close(3) = 0 [pid 3700] mkdir("./file0", 0777) = 0 [pid 3700] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3700] chdir("./file0") = 0 [pid 3700] ioctl(4, LOOP_CLR_FD) = 0 [pid 3700] close(4) = 0 [pid 3700] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... futex resumed>) = 1 [pid 3700] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3700] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3699] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3699] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[70], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 70 [pid 3699] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... futex resumed>) = 1 [pid 3700] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3700] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3701 attached [pid 3701] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3701] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3701] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3699] close(3) = 0 [pid 3699] close(4) = 0 [pid 3699] close(5 [pid 3701] <... futex resumed>) = 1 [pid 3699] <... close resumed>) = 0 [pid 3701] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3699] close(6) = -1 EBADF (Bad file descriptor) [pid 3699] close(7) = -1 EBADF (Bad file descriptor) [pid 3699] close(8) = -1 EBADF (Bad file descriptor) [pid 3699] close(9) = -1 EBADF (Bad file descriptor) [pid 3699] close(10) = -1 EBADF (Bad file descriptor) [pid 3699] close(11) = -1 EBADF (Bad file descriptor) [pid 3699] close(12) = -1 EBADF (Bad file descriptor) [pid 3699] close(13) = -1 EBADF (Bad file descriptor) [pid 3699] close(14) = -1 EBADF (Bad file descriptor) [pid 3699] close(15) = -1 EBADF (Bad file descriptor) [pid 3699] close(16) = -1 EBADF (Bad file descriptor) [pid 3699] close(17) = -1 EBADF (Bad file descriptor) [pid 3699] close(18) = -1 EBADF (Bad file descriptor) [pid 3699] close(19) = -1 EBADF (Bad file descriptor) [pid 3699] close(20) = -1 EBADF (Bad file descriptor) [pid 3699] close(21) = -1 EBADF (Bad file descriptor) [pid 3699] close(22) = -1 EBADF (Bad file descriptor) [pid 3699] close(23) = -1 EBADF (Bad file descriptor) [pid 3699] close(24) = -1 EBADF (Bad file descriptor) [pid 3699] close(25) = -1 EBADF (Bad file descriptor) [pid 3699] close(26) = -1 EBADF (Bad file descriptor) [pid 3699] close(27) = -1 EBADF (Bad file descriptor) [pid 3699] close(28) = -1 EBADF (Bad file descriptor) [pid 3699] close(29) = -1 EBADF (Bad file descriptor) [pid 3699] exit_group(0 [pid 3701] <... futex resumed>) = ? [pid 3700] <... futex resumed>) = ? [pid 3699] <... exit_group resumed>) = ? [pid 3701] +++ exited with 0 +++ [pid 3700] +++ exited with 0 +++ [pid 3699] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3631] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 70.445522][ T3700] loop0: detected capacity change from 0 to 64 [ 70.448414][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 3631] unlink("./22/binderfs") = 0 [pid 3631] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./22/cgroup") = 0 [pid 3631] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./22/cgroup.net") = 0 [pid 3631] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./22/file0") = 0 [pid 3631] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./22/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./22") = 0 [pid 3631] mkdir("./23", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3702 attached [pid 3702] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3702] chdir("./23") = 0 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 71 [pid 3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3702] setpgid(0, 0) = 0 [pid 3702] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3702] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3702] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3702] write(3, "1000", 4) = 4 [pid 3702] close(3) = 0 [pid 3702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3702] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3702] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3702] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[72], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 72 ./strace-static-x86_64: Process 3703 attached [pid 3702] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] set_robust_list(0x7f7be39cd9e0, 24 [pid 3702] <... futex resumed>) = 0 [pid 3703] <... set_robust_list resumed>) = 0 [pid 3702] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3703] memfd_create("syzkaller", 0) = 3 [pid 3703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3703] munmap(0x7f7bdb400000, 32768) = 0 [pid 3703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3703] close(3) = 0 [pid 3703] mkdir("./file0", 0777) = 0 [pid 3703] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3703] chdir("./file0") = 0 [pid 3703] ioctl(4, LOOP_CLR_FD) = 0 [pid 3703] close(4) = 0 [pid 3703] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3703] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3702] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3702] <... futex resumed>) = 0 [pid 3703] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3702] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] <... openat resumed>) = 4 [pid 3703] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3703] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3702] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... openat resumed>) = 5 [pid 3702] <... futex resumed>) = 0 [pid 3703] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... futex resumed>) = 0 [pid 3702] <... futex resumed>) = 0 [pid 3703] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3702] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3702] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3704 attached [pid 3704] set_robust_list(0x7f7be39ac9e0, 24 [pid 3702] <... clone resumed>, parent_tid=[73], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 73 [pid 3704] <... set_robust_list resumed>) = 0 [pid 3702] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3704] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3702] <... futex resumed>) = 0 [pid 3704] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3702] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3704] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3702] close(3) = 0 [pid 3702] close(4) = 0 [pid 3702] close(5) = 0 [pid 3702] close(6) = -1 EBADF (Bad file descriptor) [pid 3702] close(7) = -1 EBADF (Bad file descriptor) [pid 3702] close(8) = -1 EBADF (Bad file descriptor) [pid 3702] close(9) = -1 EBADF (Bad file descriptor) [pid 3702] close(10) = -1 EBADF (Bad file descriptor) [pid 3702] close(11) = -1 EBADF (Bad file descriptor) [pid 3702] close(12) = -1 EBADF (Bad file descriptor) [pid 3702] close(13) = -1 EBADF (Bad file descriptor) [pid 3702] close(14) = -1 EBADF (Bad file descriptor) [pid 3702] close(15) = -1 EBADF (Bad file descriptor) [pid 3702] close(16) = -1 EBADF (Bad file descriptor) [pid 3702] close(17) = -1 EBADF (Bad file descriptor) [pid 3702] close(18) = -1 EBADF (Bad file descriptor) [pid 3702] close(19) = -1 EBADF (Bad file descriptor) [pid 3702] close(20) = -1 EBADF (Bad file descriptor) [pid 3702] close(21) = -1 EBADF (Bad file descriptor) [pid 3702] close(22) = -1 EBADF (Bad file descriptor) [pid 3702] close(23) = -1 EBADF (Bad file descriptor) [pid 3702] close(24) = -1 EBADF (Bad file descriptor) [pid 3702] close(25) = -1 EBADF (Bad file descriptor) [pid 3702] close(26) = -1 EBADF (Bad file descriptor) [pid 3702] close(27) = -1 EBADF (Bad file descriptor) [pid 3702] close(28) = -1 EBADF (Bad file descriptor) [pid 3702] close(29) = -1 EBADF (Bad file descriptor) [pid 3702] exit_group(0 [pid 3704] <... futex resumed>) = ? [pid 3703] <... futex resumed>) = ? [pid 3702] <... exit_group resumed>) = ? [pid 3704] +++ exited with 0 +++ [pid 3703] +++ exited with 0 +++ [pid 3702] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=71, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./23/binderfs") = 0 [pid 3631] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./23/cgroup") = 0 [pid 3631] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./23/cgroup.net") = 0 [pid 3631] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./23/file0") = 0 [pid 3631] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./23/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./23/cgroup.cpu") = 0 [ 70.553852][ T3703] loop0: detected capacity change from 0 to 64 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./23") = 0 [pid 3631] mkdir("./24", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 74 ./strace-static-x86_64: Process 3705 attached [pid 3705] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3705] chdir("./24") = 0 [pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3705] setpgid(0, 0) = 0 [pid 3705] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3705] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3705] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3705] write(3, "1000", 4) = 4 [pid 3705] close(3) = 0 [pid 3705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3705] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3705] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3705] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3706 attached [pid 3706] set_robust_list(0x7f7be39cd9e0, 24 [pid 3705] <... clone resumed>, parent_tid=[75], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 75 [pid 3705] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3706] <... set_robust_list resumed>) = 0 [pid 3706] memfd_create("syzkaller", 0) = 3 [pid 3706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3706] munmap(0x7f7bdb400000, 32768) = 0 [pid 3706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3706] close(3) = 0 [pid 3706] mkdir("./file0", 0777) = 0 [pid 3706] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3706] chdir("./file0") = 0 [pid 3706] ioctl(4, LOOP_CLR_FD) = 0 [pid 3706] close(4) = 0 [pid 3706] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... futex resumed>) = 1 [pid 3706] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3706] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3705] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3705] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[76], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 76 [pid 3705] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... futex resumed>) = 1 [pid 3706] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3706] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3706] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3707 attached [pid 3707] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3707] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3707] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = 0 [pid 3705] close(3) = 0 [pid 3705] close(4) = 0 [pid 3705] close(5) = 0 [pid 3705] close(6) = -1 EBADF (Bad file descriptor) [pid 3705] close(7) = -1 EBADF (Bad file descriptor) [pid 3705] close(8) = -1 EBADF (Bad file descriptor) [pid 3705] close(9) = -1 EBADF (Bad file descriptor) [pid 3705] close(10) = -1 EBADF (Bad file descriptor) [pid 3705] close(11) = -1 EBADF (Bad file descriptor) [pid 3705] close(12) = -1 EBADF (Bad file descriptor) [pid 3705] close(13) = -1 EBADF (Bad file descriptor) [pid 3705] close(14) = -1 EBADF (Bad file descriptor) [pid 3705] close(15) = -1 EBADF (Bad file descriptor) [pid 3705] close(16) = -1 EBADF (Bad file descriptor) [pid 3705] close(17) = -1 EBADF (Bad file descriptor) [pid 3705] close(18) = -1 EBADF (Bad file descriptor) [pid 3705] close(19) = -1 EBADF (Bad file descriptor) [pid 3705] close(20) = -1 EBADF (Bad file descriptor) [pid 3705] close(21) = -1 EBADF (Bad file descriptor) [pid 3705] close(22) = -1 EBADF (Bad file descriptor) [pid 3705] close(23) = -1 EBADF (Bad file descriptor) [pid 3705] close(24 [pid 3707] <... futex resumed>) = 1 [pid 3705] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3707] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3705] close(25) = -1 EBADF (Bad file descriptor) [pid 3705] close(26) = -1 EBADF (Bad file descriptor) [pid 3705] close(27) = -1 EBADF (Bad file descriptor) [pid 3705] close(28) = -1 EBADF (Bad file descriptor) [pid 3705] close(29) = -1 EBADF (Bad file descriptor) [pid 3705] exit_group(0 [pid 3707] <... futex resumed>) = ? [pid 3706] <... futex resumed>) = ? [pid 3705] <... exit_group resumed>) = ? [pid 3707] +++ exited with 0 +++ [pid 3706] +++ exited with 0 +++ [pid 3705] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=74, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./24/binderfs") = 0 [pid 3631] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./24/cgroup") = 0 [pid 3631] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./24/cgroup.net") = 0 [pid 3631] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 70.646602][ T3706] loop0: detected capacity change from 0 to 64 [pid 3631] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./24/file0") = 0 [pid 3631] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./24/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./24") = 0 [pid 3631] mkdir("./25", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 77 ./strace-static-x86_64: Process 3708 attached [pid 3708] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3708] chdir("./25") = 0 [pid 3708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3708] setpgid(0, 0) = 0 [pid 3708] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3708] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3708] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3708] write(3, "1000", 4) = 4 [pid 3708] close(3) = 0 [pid 3708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3708] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3708] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3708] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3709 attached [pid 3709] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3709] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3708] <... clone resumed>, parent_tid=[78], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 78 [pid 3708] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... futex resumed>) = 0 [pid 3708] <... futex resumed>) = 1 [pid 3709] memfd_create("syzkaller", 0 [pid 3708] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3709] <... memfd_create resumed>) = 3 [pid 3709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3709] munmap(0x7f7bdb400000, 32768) = 0 [pid 3709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3709] close(3) = 0 [pid 3709] mkdir("./file0", 0777) = 0 [pid 3709] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3709] chdir("./file0") = 0 [pid 3709] ioctl(4, LOOP_CLR_FD) = 0 [pid 3709] close(4) = 0 [pid 3709] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3709] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3708] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... openat resumed>) = 4 [pid 3708] <... futex resumed>) = 0 [pid 3709] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] <... futex resumed>) = 0 [pid 3708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3709] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3708] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... openat resumed>) = 5 [pid 3708] <... futex resumed>) = 0 [pid 3709] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... futex resumed>) = 0 [pid 3708] <... futex resumed>) = 0 [pid 3709] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3708] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3708] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3710 attached , parent_tid=[79], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 79 [pid 3708] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3710] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3710] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3710] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3710] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3708] close(3) = 0 [pid 3708] close(4) = 0 [pid 3708] close(5) = 0 [pid 3708] close(6) = -1 EBADF (Bad file descriptor) [pid 3708] close(7) = -1 EBADF (Bad file descriptor) [pid 3708] close(8) = -1 EBADF (Bad file descriptor) [pid 3708] close(9) = -1 EBADF (Bad file descriptor) [pid 3708] close(10) = -1 EBADF (Bad file descriptor) [pid 3708] close(11) = -1 EBADF (Bad file descriptor) [pid 3708] close(12) = -1 EBADF (Bad file descriptor) [pid 3708] close(13) = -1 EBADF (Bad file descriptor) [pid 3708] close(14) = -1 EBADF (Bad file descriptor) [pid 3708] close(15) = -1 EBADF (Bad file descriptor) [pid 3708] close(16) = -1 EBADF (Bad file descriptor) [pid 3708] close(17) = -1 EBADF (Bad file descriptor) [pid 3708] close(18) = -1 EBADF (Bad file descriptor) [pid 3708] close(19) = -1 EBADF (Bad file descriptor) [pid 3708] close(20) = -1 EBADF (Bad file descriptor) [pid 3708] close(21) = -1 EBADF (Bad file descriptor) [pid 3708] close(22) = -1 EBADF (Bad file descriptor) [pid 3708] close(23) = -1 EBADF (Bad file descriptor) [pid 3708] close(24) = -1 EBADF (Bad file descriptor) [pid 3708] close(25) = -1 EBADF (Bad file descriptor) [pid 3708] close(26) = -1 EBADF (Bad file descriptor) [pid 3708] close(27) = -1 EBADF (Bad file descriptor) [pid 3708] close(28) = -1 EBADF (Bad file descriptor) [pid 3708] close(29) = -1 EBADF (Bad file descriptor) [pid 3708] exit_group(0 [pid 3710] <... futex resumed>) = ? [pid 3709] <... futex resumed>) = ? [pid 3708] <... exit_group resumed>) = ? [pid 3710] +++ exited with 0 +++ [pid 3709] +++ exited with 0 +++ [pid 3708] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=77, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./25/binderfs") = 0 [pid 3631] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./25/cgroup") = 0 [pid 3631] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./25/cgroup.net") = 0 [pid 3631] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 70.750825][ T3709] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./25/file0") = 0 [pid 3631] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./25/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./25") = 0 [pid 3631] mkdir("./26", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3711 attached [pid 3711] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3711] chdir("./26") = 0 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 80 [pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3711] setpgid(0, 0) = 0 [pid 3711] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3711] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3711] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3711] write(3, "1000", 4) = 4 [pid 3711] close(3) = 0 [pid 3711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3711] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3711] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3712 attached [pid 3712] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3712] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] <... clone resumed>, parent_tid=[81], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 81 [pid 3711] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = 0 [pid 3711] <... futex resumed>) = 1 [pid 3712] memfd_create("syzkaller", 0) = 3 [pid 3711] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3712] munmap(0x7f7bdb400000, 32768) = 0 [pid 3712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3712] close(3) = 0 [pid 3712] mkdir("./file0", 0777) = 0 [pid 3712] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3712] chdir("./file0") = 0 [pid 3712] ioctl(4, LOOP_CLR_FD) = 0 [pid 3712] close(4) = 0 [pid 3712] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3712] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3711] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... openat resumed>) = 4 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 0 [pid 3711] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3712] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3711] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... openat resumed>) = 5 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = 0 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3711] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[82], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 82 [pid 3711] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3713 attached [pid 3713] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3713] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3713] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3713] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] close(3) = 0 [pid 3711] close(4) = 0 [pid 3711] close(5) = 0 [pid 3711] close(6) = -1 EBADF (Bad file descriptor) [pid 3711] close(7) = -1 EBADF (Bad file descriptor) [pid 3711] close(8) = -1 EBADF (Bad file descriptor) [pid 3711] close(9) = -1 EBADF (Bad file descriptor) [pid 3711] close(10) = -1 EBADF (Bad file descriptor) [pid 3711] close(11) = -1 EBADF (Bad file descriptor) [pid 3711] close(12) = -1 EBADF (Bad file descriptor) [pid 3711] close(13) = -1 EBADF (Bad file descriptor) [pid 3711] close(14) = -1 EBADF (Bad file descriptor) [pid 3711] close(15) = -1 EBADF (Bad file descriptor) [pid 3711] close(16) = -1 EBADF (Bad file descriptor) [pid 3711] close(17) = -1 EBADF (Bad file descriptor) [pid 3711] close(18) = -1 EBADF (Bad file descriptor) [pid 3711] close(19) = -1 EBADF (Bad file descriptor) [pid 3711] close(20) = -1 EBADF (Bad file descriptor) [pid 3711] close(21) = -1 EBADF (Bad file descriptor) [pid 3711] close(22) = -1 EBADF (Bad file descriptor) [pid 3711] close(23) = -1 EBADF (Bad file descriptor) [pid 3711] close(24) = -1 EBADF (Bad file descriptor) [pid 3711] close(25) = -1 EBADF (Bad file descriptor) [pid 3711] close(26) = -1 EBADF (Bad file descriptor) [pid 3711] close(27) = -1 EBADF (Bad file descriptor) [pid 3711] close(28) = -1 EBADF (Bad file descriptor) [pid 3711] close(29) = -1 EBADF (Bad file descriptor) [pid 3711] exit_group(0 [pid 3713] <... futex resumed>) = ? [pid 3712] <... futex resumed>) = ? [pid 3711] <... exit_group resumed>) = ? [pid 3713] +++ exited with 0 +++ [pid 3712] +++ exited with 0 +++ [pid 3711] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=80, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./26/binderfs") = 0 [pid 3631] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./26/cgroup") = 0 [pid 3631] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./26/cgroup.net") = 0 [pid 3631] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./26/file0") = 0 [pid 3631] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./26/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./26") = 0 [pid 3631] mkdir("./27", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 83 ./strace-static-x86_64: Process 3714 attached [ 70.847349][ T3712] loop0: detected capacity change from 0 to 64 [pid 3714] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3714] chdir("./27") = 0 [pid 3714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3714] setpgid(0, 0) = 0 [pid 3714] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3714] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3714] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3714] write(3, "1000", 4) = 4 [pid 3714] close(3) = 0 [pid 3714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3714] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3714] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3714] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[84], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 84 ./strace-static-x86_64: Process 3715 attached [pid 3715] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3715] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3714] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] <... futex resumed>) = 0 [pid 3714] <... futex resumed>) = 1 [pid 3715] memfd_create("syzkaller", 0 [pid 3714] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3715] <... memfd_create resumed>) = 3 [pid 3715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3715] munmap(0x7f7bdb400000, 32768) = 0 [pid 3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3715] close(3) = 0 [pid 3715] mkdir("./file0", 0777) = 0 [pid 3715] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3715] chdir("./file0") = 0 [pid 3715] ioctl(4, LOOP_CLR_FD) = 0 [pid 3715] close(4) = 0 [pid 3715] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3714] <... futex resumed>) = 0 [pid 3715] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3714] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] <... openat resumed>) = 4 [pid 3714] <... futex resumed>) = 0 [pid 3715] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... futex resumed>) = 0 [pid 3714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3715] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3714] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] <... openat resumed>) = 5 [pid 3714] <... futex resumed>) = 0 [pid 3715] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] <... futex resumed>) = 0 [pid 3714] <... futex resumed>) = 0 [pid 3715] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3714] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3714] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[85], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 85 [pid 3714] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3716 attached [pid 3716] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3716] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3716] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3714] <... futex resumed>) = 0 [pid 3716] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3714] close(3) = 0 [pid 3714] close(4) = 0 [pid 3714] close(5) = 0 [pid 3714] close(6) = -1 EBADF (Bad file descriptor) [pid 3714] close(7) = -1 EBADF (Bad file descriptor) [pid 3714] close(8) = -1 EBADF (Bad file descriptor) [pid 3714] close(9) = -1 EBADF (Bad file descriptor) [pid 3714] close(10) = -1 EBADF (Bad file descriptor) [pid 3714] close(11) = -1 EBADF (Bad file descriptor) [pid 3714] close(12) = -1 EBADF (Bad file descriptor) [pid 3714] close(13) = -1 EBADF (Bad file descriptor) [pid 3714] close(14) = -1 EBADF (Bad file descriptor) [pid 3714] close(15) = -1 EBADF (Bad file descriptor) [pid 3714] close(16) = -1 EBADF (Bad file descriptor) [pid 3714] close(17) = -1 EBADF (Bad file descriptor) [pid 3714] close(18) = -1 EBADF (Bad file descriptor) [pid 3714] close(19) = -1 EBADF (Bad file descriptor) [pid 3714] close(20) = -1 EBADF (Bad file descriptor) [pid 3714] close(21) = -1 EBADF (Bad file descriptor) [pid 3714] close(22) = -1 EBADF (Bad file descriptor) [pid 3714] close(23) = -1 EBADF (Bad file descriptor) [pid 3714] close(24) = -1 EBADF (Bad file descriptor) [pid 3714] close(25) = -1 EBADF (Bad file descriptor) [pid 3714] close(26) = -1 EBADF (Bad file descriptor) [pid 3714] close(27) = -1 EBADF (Bad file descriptor) [pid 3714] close(28) = -1 EBADF (Bad file descriptor) [pid 3714] close(29) = -1 EBADF (Bad file descriptor) [pid 3714] exit_group(0 [pid 3716] <... futex resumed>) = ? [pid 3715] <... futex resumed>) = ? [pid 3714] <... exit_group resumed>) = ? [pid 3716] +++ exited with 0 +++ [pid 3715] +++ exited with 0 +++ [pid 3714] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=83, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3631] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./27/binderfs") = 0 [pid 3631] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./27/cgroup") = 0 [pid 3631] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./27/cgroup.net") = 0 [pid 3631] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./27/file0") = 0 [pid 3631] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./27/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./27") = 0 [ 70.926581][ T3715] loop0: detected capacity change from 0 to 64 [pid 3631] mkdir("./28", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 86 ./strace-static-x86_64: Process 3717 attached [pid 3717] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3717] chdir("./28") = 0 [pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3717] setpgid(0, 0) = 0 [pid 3717] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3717] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3717] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3717] write(3, "1000", 4) = 4 [pid 3717] close(3) = 0 [pid 3717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3717] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3717] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3717] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3718 attached , parent_tid=[87], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 87 [pid 3718] set_robust_list(0x7f7be39cd9e0, 24 [pid 3717] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] <... set_robust_list resumed>) = 0 [pid 3717] <... futex resumed>) = 0 [pid 3718] memfd_create("syzkaller", 0 [pid 3717] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3718] <... memfd_create resumed>) = 3 [pid 3718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3718] munmap(0x7f7bdb400000, 32768) = 0 [pid 3718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3718] close(3) = 0 [pid 3718] mkdir("./file0", 0777) = 0 [pid 3718] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3718] chdir("./file0") = 0 [pid 3718] ioctl(4, LOOP_CLR_FD) = 0 [pid 3718] close(4) = 0 [pid 3718] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3718] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] <... futex resumed>) = 0 [pid 3717] <... futex resumed>) = 1 [pid 3718] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3717] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... openat resumed>) = 4 [pid 3718] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] <... futex resumed>) = 0 [pid 3718] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3717] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3718] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3717] <... futex resumed>) = 0 [pid 3718] <... openat resumed>) = 5 [pid 3717] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3718] <... futex resumed>) = 0 [pid 3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3718] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3717] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3717] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3719 attached [pid 3719] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3719] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3717] <... clone resumed>, parent_tid=[88], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 88 [pid 3717] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... futex resumed>) = 0 [pid 3717] <... futex resumed>) = 1 [pid 3719] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3717] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3719] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3719] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] <... futex resumed>) = 0 [pid 3719] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3717] close(3) = 0 [pid 3717] close(4) = 0 [pid 3717] close(5) = 0 [pid 3717] close(6) = -1 EBADF (Bad file descriptor) [pid 3717] close(7) = -1 EBADF (Bad file descriptor) [pid 3717] close(8) = -1 EBADF (Bad file descriptor) [pid 3717] close(9) = -1 EBADF (Bad file descriptor) [pid 3717] close(10) = -1 EBADF (Bad file descriptor) [pid 3717] close(11) = -1 EBADF (Bad file descriptor) [pid 3717] close(12) = -1 EBADF (Bad file descriptor) [pid 3717] close(13) = -1 EBADF (Bad file descriptor) [pid 3717] close(14) = -1 EBADF (Bad file descriptor) [pid 3717] close(15) = -1 EBADF (Bad file descriptor) [pid 3717] close(16) = -1 EBADF (Bad file descriptor) [pid 3717] close(17) = -1 EBADF (Bad file descriptor) [pid 3717] close(18) = -1 EBADF (Bad file descriptor) [pid 3717] close(19) = -1 EBADF (Bad file descriptor) [pid 3717] close(20) = -1 EBADF (Bad file descriptor) [pid 3717] close(21) = -1 EBADF (Bad file descriptor) [pid 3717] close(22) = -1 EBADF (Bad file descriptor) [pid 3717] close(23) = -1 EBADF (Bad file descriptor) [pid 3717] close(24) = -1 EBADF (Bad file descriptor) [pid 3717] close(25) = -1 EBADF (Bad file descriptor) [pid 3717] close(26) = -1 EBADF (Bad file descriptor) [pid 3717] close(27) = -1 EBADF (Bad file descriptor) [pid 3717] close(28) = -1 EBADF (Bad file descriptor) [pid 3717] close(29) = -1 EBADF (Bad file descriptor) [pid 3717] exit_group(0 [pid 3719] <... futex resumed>) = ? [pid 3718] <... futex resumed>) = ? [pid 3717] <... exit_group resumed>) = ? [pid 3719] +++ exited with 0 +++ [pid 3718] +++ exited with 0 +++ [pid 3717] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=86, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3631] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./28/binderfs") = 0 [pid 3631] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./28/cgroup") = 0 [pid 3631] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./28/cgroup.net") = 0 [ 71.011134][ T3718] loop0: detected capacity change from 0 to 64 [pid 3631] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./28/file0") = 0 [pid 3631] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./28/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./28") = 0 [pid 3631] mkdir("./29", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3720 attached [pid 3720] set_robust_list(0x5555570ae5e0, 24 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 89 [pid 3720] <... set_robust_list resumed>) = 0 [pid 3720] chdir("./29") = 0 [pid 3720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3720] setpgid(0, 0) = 0 [pid 3720] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3720] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3720] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3720] write(3, "1000", 4) = 4 [pid 3720] close(3) = 0 [pid 3720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3720] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3720] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3720] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3721 attached [pid 3721] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3721] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3720] <... clone resumed>, parent_tid=[90], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 90 [pid 3720] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3721] <... futex resumed>) = 0 [pid 3720] <... futex resumed>) = 1 [pid 3721] memfd_create("syzkaller", 0 [pid 3720] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3721] <... memfd_create resumed>) = 3 [pid 3721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3721] munmap(0x7f7bdb400000, 32768) = 0 [pid 3721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3721] close(3) = 0 [pid 3721] mkdir("./file0", 0777) = 0 [pid 3721] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3721] chdir("./file0") = 0 [pid 3721] ioctl(4, LOOP_CLR_FD) = 0 [pid 3721] close(4) = 0 [pid 3721] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3721] <... futex resumed>) = 1 [pid 3720] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3721] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3721] <... openat resumed>) = 4 [pid 3721] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3721] <... futex resumed>) = 1 [pid 3720] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3721] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3720] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE [pid 3721] <... openat resumed>) = 5 [pid 3720] <... mprotect resumed>) = 0 [pid 3721] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3721] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3722 attached [pid 3721] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3722] set_robust_list(0x7f7be39ac9e0, 24) = 0 [pid 3722] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3720] <... clone resumed>, parent_tid=[91], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 91 [pid 3720] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3722] <... futex resumed>) = 0 [pid 3722] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3720] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3722] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3722] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.111183][ T3721] loop0: detected capacity change from 0 to 64 [pid 3722] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3720] close(3) = 0 [pid 3720] close(4) = 0 [pid 3720] close(5) = 0 [pid 3720] close(6) = -1 EBADF (Bad file descriptor) [pid 3720] close(7) = -1 EBADF (Bad file descriptor) [pid 3720] close(8) = -1 EBADF (Bad file descriptor) [pid 3720] close(9) = -1 EBADF (Bad file descriptor) [pid 3720] close(10) = -1 EBADF (Bad file descriptor) [pid 3720] close(11) = -1 EBADF (Bad file descriptor) [pid 3720] close(12) = -1 EBADF (Bad file descriptor) [pid 3720] close(13) = -1 EBADF (Bad file descriptor) [pid 3720] close(14) = -1 EBADF (Bad file descriptor) [pid 3720] close(15) = -1 EBADF (Bad file descriptor) [pid 3720] close(16) = -1 EBADF (Bad file descriptor) [pid 3720] close(17) = -1 EBADF (Bad file descriptor) [pid 3720] close(18) = -1 EBADF (Bad file descriptor) [pid 3720] close(19) = -1 EBADF (Bad file descriptor) [pid 3720] close(20) = -1 EBADF (Bad file descriptor) [pid 3720] close(21) = -1 EBADF (Bad file descriptor) [pid 3720] close(22) = -1 EBADF (Bad file descriptor) [pid 3720] close(23) = -1 EBADF (Bad file descriptor) [pid 3720] close(24) = -1 EBADF (Bad file descriptor) [pid 3720] close(25) = -1 EBADF (Bad file descriptor) [pid 3720] close(26) = -1 EBADF (Bad file descriptor) [pid 3720] close(27) = -1 EBADF (Bad file descriptor) [pid 3720] close(28) = -1 EBADF (Bad file descriptor) [pid 3720] close(29) = -1 EBADF (Bad file descriptor) [pid 3720] exit_group(0) = ? [pid 3722] <... futex resumed>) = ? [pid 3722] +++ exited with 0 +++ [pid 3721] <... futex resumed>) = ? [pid 3721] +++ exited with 0 +++ [pid 3720] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=89, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./29/binderfs") = 0 [pid 3631] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./29/cgroup") = 0 [pid 3631] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./29/cgroup.net") = 0 [pid 3631] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./29/file0") = 0 [pid 3631] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./29/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./29") = 0 [pid 3631] mkdir("./30", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 92 ./strace-static-x86_64: Process 3723 attached [pid 3723] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3723] chdir("./30") = 0 [pid 3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3723] setpgid(0, 0) = 0 [pid 3723] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3723] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3723] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3723] write(3, "1000", 4) = 4 [pid 3723] close(3) = 0 [pid 3723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3723] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3723] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3723] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3724 attached , parent_tid=[93], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 93 [pid 3724] set_robust_list(0x7f7be39cd9e0, 24 [pid 3723] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3724] <... set_robust_list resumed>) = 0 [pid 3723] <... futex resumed>) = 0 [pid 3723] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3724] memfd_create("syzkaller", 0) = 3 [pid 3724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3724] munmap(0x7f7bdb400000, 32768) = 0 [pid 3724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3724] close(3) = 0 [pid 3724] mkdir("./file0", 0777) = 0 [pid 3724] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3724] chdir("./file0") = 0 [pid 3724] ioctl(4, LOOP_CLR_FD) = 0 [pid 3724] close(4) = 0 [pid 3724] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3723] <... futex resumed>) = 0 [pid 3723] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3724] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3724] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3723] <... futex resumed>) = 0 [pid 3724] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3723] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3724] <... openat resumed>) = 5 [pid 3723] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3724] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = 0 [pid 3724] <... futex resumed>) = 0 [ 71.331786][ T3724] loop0: detected capacity change from 0 to 64 [pid 3724] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3723] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3723] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3725 attached , parent_tid=[94], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 94 [pid 3725] set_robust_list(0x7f7be39ac9e0, 24 [pid 3723] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... set_robust_list resumed>) = 0 [pid 3723] <... futex resumed>) = 0 [pid 3723] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3725] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102) = -1 EINVAL (Invalid argument) [pid 3725] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = 0 [pid 3725] <... futex resumed>) = 1 [pid 3723] close(3) = 0 [pid 3725] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3723] close(4) = 0 [pid 3723] close(5) = 0 [pid 3723] close(6) = -1 EBADF (Bad file descriptor) [pid 3723] close(7) = -1 EBADF (Bad file descriptor) [pid 3723] close(8) = -1 EBADF (Bad file descriptor) [pid 3723] close(9) = -1 EBADF (Bad file descriptor) [pid 3723] close(10) = -1 EBADF (Bad file descriptor) [pid 3723] close(11) = -1 EBADF (Bad file descriptor) [pid 3723] close(12) = -1 EBADF (Bad file descriptor) [pid 3723] close(13) = -1 EBADF (Bad file descriptor) [pid 3723] close(14) = -1 EBADF (Bad file descriptor) [pid 3723] close(15) = -1 EBADF (Bad file descriptor) [pid 3723] close(16) = -1 EBADF (Bad file descriptor) [pid 3723] close(17) = -1 EBADF (Bad file descriptor) [pid 3723] close(18) = -1 EBADF (Bad file descriptor) [pid 3723] close(19) = -1 EBADF (Bad file descriptor) [pid 3723] close(20) = -1 EBADF (Bad file descriptor) [pid 3723] close(21) = -1 EBADF (Bad file descriptor) [pid 3723] close(22) = -1 EBADF (Bad file descriptor) [pid 3723] close(23) = -1 EBADF (Bad file descriptor) [pid 3723] close(24) = -1 EBADF (Bad file descriptor) [pid 3723] close(25) = -1 EBADF (Bad file descriptor) [pid 3723] close(26) = -1 EBADF (Bad file descriptor) [pid 3723] close(27) = -1 EBADF (Bad file descriptor) [pid 3723] close(28) = -1 EBADF (Bad file descriptor) [pid 3723] close(29) = -1 EBADF (Bad file descriptor) [pid 3723] exit_group(0) = ? [pid 3724] <... futex resumed>) = ? [pid 3724] +++ exited with 0 +++ [pid 3725] <... futex resumed>) = ? [pid 3725] +++ exited with 0 +++ [pid 3723] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=92, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3631] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./30/binderfs") = 0 [pid 3631] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./30/cgroup") = 0 [pid 3631] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./30/cgroup.net") = 0 [pid 3631] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./30/file0") = 0 [pid 3631] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./30/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./30") = 0 [pid 3631] mkdir("./31", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3726 attached , child_tidptr=0x5555570ae5d0) = 95 [pid 3726] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3726] chdir("./31") = 0 [pid 3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3726] setpgid(0, 0) = 0 [pid 3726] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3726] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3726] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3726] write(3, "1000", 4) = 4 [pid 3726] close(3) = 0 [pid 3726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3726] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3726] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3726] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3727 attached , parent_tid=[96], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 96 [pid 3727] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3727] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3726] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3727] memfd_create("syzkaller", 0 [pid 3726] <... futex resumed>) = 0 [pid 3727] <... memfd_create resumed>) = 3 [pid 3726] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3727] munmap(0x7f7bdb400000, 32768) = 0 [pid 3727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3727] close(3) = 0 [pid 3727] mkdir("./file0", 0777) = 0 [pid 3727] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3727] chdir("./file0") = 0 [pid 3727] ioctl(4, LOOP_CLR_FD) = 0 [pid 3727] close(4) = 0 [pid 3727] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3726] <... futex resumed>) = 0 [pid 3726] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3726] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3727] <... futex resumed>) = 0 [pid 3727] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3727] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3726] <... futex resumed>) = 0 [pid 3726] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3726] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3727] <... futex resumed>) = 0 [pid 3726] <... futex resumed>) = 0 [pid 3727] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3727] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] <... mmap resumed>) = 0x7f7be398c000 [pid 3727] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3726] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3726] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3728 attached [pid 3728] set_robust_list(0x7f7be39ac9e0, 24 [pid 3726] <... clone resumed>, parent_tid=[97], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 97 [pid 3728] <... set_robust_list resumed>) = 0 [pid 3728] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3726] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3728] <... futex resumed>) = 0 [pid 3726] <... futex resumed>) = 1 [pid 3728] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3726] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3728] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3728] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3726] <... futex resumed>) = 0 [pid 3728] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3726] close(3) = 0 [pid 3726] close(4) = 0 [pid 3726] close(5) = 0 [pid 3726] close(6) = -1 EBADF (Bad file descriptor) [pid 3726] close(7) = -1 EBADF (Bad file descriptor) [pid 3726] close(8) = -1 EBADF (Bad file descriptor) [pid 3726] close(9) = -1 EBADF (Bad file descriptor) [pid 3726] close(10) = -1 EBADF (Bad file descriptor) [pid 3726] close(11) = -1 EBADF (Bad file descriptor) [ 71.534604][ T3727] loop0: detected capacity change from 0 to 64 [pid 3726] close(12) = -1 EBADF (Bad file descriptor) [pid 3726] close(13) = -1 EBADF (Bad file descriptor) [pid 3726] close(14) = -1 EBADF (Bad file descriptor) [pid 3726] close(15) = -1 EBADF (Bad file descriptor) [pid 3726] close(16) = -1 EBADF (Bad file descriptor) [pid 3726] close(17) = -1 EBADF (Bad file descriptor) [pid 3726] close(18) = -1 EBADF (Bad file descriptor) [pid 3726] close(19) = -1 EBADF (Bad file descriptor) [pid 3726] close(20) = -1 EBADF (Bad file descriptor) [pid 3726] close(21) = -1 EBADF (Bad file descriptor) [pid 3726] close(22) = -1 EBADF (Bad file descriptor) [pid 3726] close(23) = -1 EBADF (Bad file descriptor) [pid 3726] close(24) = -1 EBADF (Bad file descriptor) [pid 3726] close(25) = -1 EBADF (Bad file descriptor) [pid 3726] close(26) = -1 EBADF (Bad file descriptor) [pid 3726] close(27) = -1 EBADF (Bad file descriptor) [pid 3726] close(28) = -1 EBADF (Bad file descriptor) [pid 3726] close(29) = -1 EBADF (Bad file descriptor) [pid 3726] exit_group(0 [pid 3728] <... futex resumed>) = ? [pid 3727] <... futex resumed>) = ? [pid 3726] <... exit_group resumed>) = ? [pid 3728] +++ exited with 0 +++ [pid 3727] +++ exited with 0 +++ [pid 3726] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=95, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./31/binderfs") = 0 [pid 3631] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./31/cgroup") = 0 [pid 3631] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./31/cgroup.net") = 0 [pid 3631] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./31/file0") = 0 [pid 3631] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./31/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./31") = 0 [pid 3631] mkdir("./32", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3729 attached [pid 3729] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3729] chdir("./32") = 0 [pid 3631] <... clone resumed>, child_tidptr=0x5555570ae5d0) = 98 [pid 3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3729] setpgid(0, 0) = 0 [pid 3729] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3729] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3729] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3729] write(3, "1000", 4) = 4 [pid 3729] close(3) = 0 [pid 3729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3729] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3729] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3729] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3730 attached , parent_tid=[99], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 99 [pid 3730] set_robust_list(0x7f7be39cd9e0, 24 [pid 3729] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3730] <... set_robust_list resumed>) = 0 [pid 3729] <... futex resumed>) = 0 [pid 3729] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3730] memfd_create("syzkaller", 0) = 3 [pid 3730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3730] munmap(0x7f7bdb400000, 32768) = 0 [pid 3730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3730] close(3) = 0 [pid 3730] mkdir("./file0", 0777) = 0 [pid 3730] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3730] chdir("./file0") = 0 [pid 3730] ioctl(4, LOOP_CLR_FD) = 0 [pid 3730] close(4) = 0 [pid 3730] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] <... futex resumed>) = 0 [pid 3729] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] <... futex resumed>) = 1 [pid 3730] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3730] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3729] <... futex resumed>) = 0 [pid 3729] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3729] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3729] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3731 attached [pid 3731] set_robust_list(0x7f7be39ac9e0, 24 [pid 3729] <... clone resumed>, parent_tid=[100], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 100 [pid 3731] <... set_robust_list resumed>) = 0 [ 71.709133][ T3730] loop0: detected capacity change from 0 to 64 [pid 3729] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3731] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3729] <... futex resumed>) = 0 [pid 3731] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3729] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3731] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3731] <... futex resumed>) = 0 [pid 3731] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3730] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 5 [pid 3730] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] close(3) = 0 [pid 3729] close(4) = 0 [pid 3729] close(5) = 0 [pid 3729] close(6) = -1 EBADF (Bad file descriptor) [pid 3729] close(7) = -1 EBADF (Bad file descriptor) [pid 3729] close(8) = -1 EBADF (Bad file descriptor) [pid 3729] close(9) = -1 EBADF (Bad file descriptor) [pid 3729] close(10) = -1 EBADF (Bad file descriptor) [pid 3729] close(11 [pid 3730] <... futex resumed>) = 0 [pid 3729] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3730] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3729] close(12) = -1 EBADF (Bad file descriptor) [pid 3729] close(13) = -1 EBADF (Bad file descriptor) [pid 3729] close(14) = -1 EBADF (Bad file descriptor) [pid 3729] close(15) = -1 EBADF (Bad file descriptor) [pid 3729] close(16) = -1 EBADF (Bad file descriptor) [pid 3729] close(17) = -1 EBADF (Bad file descriptor) [pid 3729] close(18) = -1 EBADF (Bad file descriptor) [pid 3729] close(19) = -1 EBADF (Bad file descriptor) [pid 3729] close(20) = -1 EBADF (Bad file descriptor) [pid 3729] close(21) = -1 EBADF (Bad file descriptor) [pid 3729] close(22) = -1 EBADF (Bad file descriptor) [pid 3729] close(23) = -1 EBADF (Bad file descriptor) [pid 3729] close(24) = -1 EBADF (Bad file descriptor) [pid 3729] close(25) = -1 EBADF (Bad file descriptor) [pid 3729] close(26) = -1 EBADF (Bad file descriptor) [pid 3729] close(27) = -1 EBADF (Bad file descriptor) [pid 3729] close(28) = -1 EBADF (Bad file descriptor) [pid 3729] close(29) = -1 EBADF (Bad file descriptor) [pid 3729] exit_group(0 [pid 3731] <... futex resumed>) = ? [pid 3730] <... futex resumed>) = ? [pid 3729] <... exit_group resumed>) = ? [pid 3730] +++ exited with 0 +++ [pid 3731] +++ exited with 0 +++ [pid 3729] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=98, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./32/binderfs") = 0 [pid 3631] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./32/cgroup") = 0 [pid 3631] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./32/cgroup.net") = 0 [pid 3631] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x5555570b7660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x5555570b7660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./32/file0") = 0 [pid 3631] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./32/cgroup.cpu") = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./32") = 0 [pid 3631] mkdir("./33", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ae5d0) = 101 ./strace-static-x86_64: Process 3732 attached [pid 3732] set_robust_list(0x5555570ae5e0, 24) = 0 [pid 3732] chdir("./33") = 0 [pid 3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3732] setpgid(0, 0) = 0 [pid 3732] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3732] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3732] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3732] write(3, "1000", 4) = 4 [pid 3732] close(3) = 0 [pid 3732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3732] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be39ad000 [pid 3732] mprotect(0x7f7be39ae000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3732] clone(child_stack=0x7f7be39cd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[102], tls=0x7f7be39cd700, child_tidptr=0x7f7be39cd9d0) = 102 [pid 3732] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3733 attached [pid 3733] set_robust_list(0x7f7be39cd9e0, 24) = 0 [pid 3733] memfd_create("syzkaller", 0) = 3 [pid 3733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7bdb400000 [pid 3733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3733] munmap(0x7f7bdb400000, 32768) = 0 [pid 3733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3733] close(3) = 0 [pid 3733] mkdir("./file0", 0777) = 0 [pid 3733] mount("/dev/loop0", "./file0", "hfs", 0, "gid=0x000000000000ee00,iocharset=cp932,") = 0 [pid 3733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3733] chdir("./file0") = 0 [pid 3733] ioctl(4, LOOP_CLR_FD) = 0 [pid 3733] close(4) = 0 [pid 3733] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f7be3aa77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... futex resumed>) = 1 [pid 3733] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_DIRECT, 000) = 4 [pid 3733] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7f7be3aa77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7be398c000 [pid 3732] mprotect(0x7f7be398d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3732] clone(child_stack=0x7f7be39ac3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3734 attached [pid 3734] set_robust_list(0x7f7be39ac9e0, 24 [pid 3732] <... clone resumed>, parent_tid=[103], tls=0x7f7be39ac700, child_tidptr=0x7f7be39ac9d0) = 103 [pid 3732] futex(0x7f7be3aa77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f7be3aa77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... futex resumed>) = 1 [pid 3734] <... set_robust_list resumed>) = 0 [pid 3734] write(4, "0000000000000000000700000000000000000006 0000000000000000000100000000000000000003000000000000000000"..., 102 [pid 3733] openat(AT_FDCWD, "00000000000000000300000000000000000009", O_WRONLY|O_CREAT|O_DIRECT, 000 [pid 3734] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 3734] futex(0x7f7be3aa77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3732] <... futex resumed>) = 0 [pid 3734] futex(0x7f7be3aa77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] <... openat resumed>) = 5 [pid 3733] futex(0x7f7be3aa77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7f7be3aa77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3732] close(3) = 0 [pid 3732] close(4) = 0 [pid 3732] close(5) = 0 [pid 3732] close(6) = -1 EBADF (Bad file descriptor) [pid 3732] close(7) = -1 EBADF (Bad file descriptor) [pid 3732] close(8) = -1 EBADF (Bad file descriptor) [pid 3732] close(9) = -1 EBADF (Bad file descriptor) [pid 3732] close(10) = -1 EBADF (Bad file descriptor) [pid 3732] close(11) = -1 EBADF (Bad file descriptor) [pid 3732] close(12) = -1 EBADF (Bad file descriptor) [pid 3732] close(13) = -1 EBADF (Bad file descriptor) [pid 3732] close(14) = -1 EBADF (Bad file descriptor) [pid 3732] close(15) = -1 EBADF (Bad file descriptor) [pid 3732] close(16) = -1 EBADF (Bad file descriptor) [pid 3732] close(17) = -1 EBADF (Bad file descriptor) [pid 3732] close(18) = -1 EBADF (Bad file descriptor) [pid 3732] close(19) = -1 EBADF (Bad file descriptor) [pid 3732] close(20) = -1 EBADF (Bad file descriptor) [pid 3732] close(21) = -1 EBADF (Bad file descriptor) [pid 3732] close(22) = -1 EBADF (Bad file descriptor) [pid 3732] close(23) = -1 EBADF (Bad file descriptor) [pid 3732] close(24) = -1 EBADF (Bad file descriptor) [pid 3732] close(25) = -1 EBADF (Bad file descriptor) [pid 3732] close(26) = -1 EBADF (Bad file descriptor) [pid 3732] close(27) = -1 EBADF (Bad file descriptor) [pid 3732] close(28) = -1 EBADF (Bad file descriptor) [pid 3732] close(29) = -1 EBADF (Bad file descriptor) [pid 3732] exit_group(0) = ? [pid 3734] <... futex resumed>) = ? [pid 3734] +++ exited with 0 +++ [pid 3733] <... futex resumed>) = ? [pid 3733] +++ exited with 0 +++ [pid 3732] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=101, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x5555570af620 /* 7 entries */, 32768) = 208 [pid 3631] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./33/binderfs") = 0 [pid 3631] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3631] unlink("./33/cgroup") = 0 [pid 3631] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3631] unlink("./33/cgroup.net") = 0 [ 71.833955][ T3733] loop0: detected capacity change from 0 to 64 [ 71.886795][ T11] ================================================================== [ 71.894861][ T11] BUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x117/0x190 [ 71.902051][ T11] Read of size 1 at addr ffff88807eb62c4e by task kworker/u4:1/11 [ 71.909829][ T11] [ 71.912135][ T11] CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0 [ 71.922088][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 71.932123][ T11] Workqueue: writeback wb_workfn (flush-7:0) [ 71.938101][ T11] Call Trace: [ 71.941370][ T11] [ 71.944289][ T11] dump_stack_lvl+0x1b1/0x28e [ 71.948972][ T11] ? nf_tcp_handle_invalid+0x62e/0x62e [ 71.954428][ T11] ? __wake_up_klogd+0xcd/0x100 [ 71.959273][ T11] ? panic+0x710/0x710 [ 71.963329][ T11] ? _printk+0xc0/0x100 [ 71.967473][ T11] ? _raw_spin_lock_irqsave+0x8e/0x100 [ 71.972931][ T11] print_address_description+0x74/0x340 [ 71.978465][ T11] print_report+0x107/0x1f0 [ 71.982956][ T11] ? __virt_addr_valid+0x21b/0x2d0 [ 71.988056][ T11] ? __phys_addr+0xb5/0x160 [ 71.992551][ T11] ? hfs_strcmp+0x117/0x190 [ 71.997042][ T11] kasan_report+0xcd/0x100 [ 72.001451][ T11] ? hfs_strcmp+0x117/0x190 [ 72.006030][ T11] hfs_strcmp+0x117/0x190 [ 72.010350][ T11] ? hfs_cat_build_record+0x7c0/0x7c0 [ 72.015708][ T11] __hfs_brec_find+0x213/0x5c0 [ 72.020467][ T11] ? hfs_find_exit+0xa0/0xa0 [ 72.025048][ T11] ? hfsplus_uni2asc+0xe68/0x1290 [ 72.030064][ T11] ? mutex_lock_io_nested+0x60/0x60 [ 72.035250][ T11] ? rcu_read_lock_sched_held+0x87/0x110 [ 72.040874][ T11] hfs_brec_find+0x276/0x520 [ 72.045459][ T11] ? __hfs_brec_find+0x5c0/0x5c0 [ 72.050388][ T11] ? mutex_lock_nested+0x17/0x20 [ 72.055315][ T11] ? hfs_write_inode+0x344/0xb40 [ 72.060241][ T11] hfs_write_inode+0x34c/0xb40 [ 72.064993][ T11] ? trace_lock_release+0x95/0x220 [ 72.070094][ T11] ? hfs_inode_write_fork+0x1b0/0x1b0 [ 72.075459][ T11] ? rcu_read_lock_sched_held+0x87/0x110 [ 72.081076][ T11] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 72.087044][ T11] ? do_raw_spin_unlock+0x134/0x8a0 [ 72.092232][ T11] __writeback_single_inode+0x4d6/0x670 [ 72.097774][ T11] writeback_sb_inodes+0xb3b/0x18f0 [ 72.102973][ T11] ? queue_io+0x400/0x400 [ 72.107300][ T11] ? queue_io+0x382/0x400 [ 72.111622][ T11] ? trace_writeback_queue_io+0xe8/0x2d0 [ 72.117244][ T11] wb_writeback+0x41f/0x7b0 [ 72.121743][ T11] ? trace_writeback_exec+0x2c0/0x2c0 [ 72.127105][ T11] ? rcu_read_lock_sched_held+0x87/0x110 [ 72.132729][ T11] ? do_raw_spin_unlock+0x134/0x8a0 [ 72.137920][ T11] wb_workfn+0x3cb/0xef0 [ 72.142165][ T11] ? inode_wait_for_writeback+0x2c0/0x2c0 [ 72.147878][ T11] ? rcu_read_lock_sched_held+0x87/0x110 [ 72.153497][ T11] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 72.159560][ T11] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 72.165460][ T11] ? do_raw_spin_unlock+0x134/0x8a0 [ 72.170659][ T11] process_one_work+0x877/0xdb0 [ 72.175514][ T11] ? worker_detach_from_pool+0x260/0x260 [ 72.181142][ T11] ? _raw_spin_lock_irq+0xba/0xf0 [ 72.186183][ T11] ? _raw_spin_lock_irqsave+0x100/0x100 [ 72.191737][ T11] worker_thread+0xb14/0x1330 [ 72.196427][ T11] kthread+0x266/0x300 [ 72.200493][ T11] ? rcu_lock_release+0x20/0x20 [ 72.205337][ T11] ? kthread_blkcg+0xd0/0xd0 [ 72.209929][ T11] ret_from_fork+0x1f/0x30 [ 72.214343][ T11] [ 72.217359][ T11] [ 72.219667][ T11] Allocated by task 11: [ 72.223805][ T11] kasan_set_track+0x3d/0x60 [ 72.228395][ T11] __kasan_kmalloc+0x97/0xb0 [ 72.232974][ T11] __kmalloc+0xaf/0x1a0 [ 72.237119][ T11] hfs_find_init+0x8b/0x1e0 [ 72.241615][ T11] hfs_write_inode+0x2e6/0xb40 [ 72.246369][ T11] __writeback_single_inode+0x4d6/0x670 [ 72.251901][ T11] writeback_sb_inodes+0xb3b/0x18f0 [ 72.257094][ T11] wb_writeback+0x41f/0x7b0 [ 72.261585][ T11] wb_workfn+0x3cb/0xef0 [ 72.265815][ T11] process_one_work+0x877/0xdb0 [ 72.270658][ T11] worker_thread+0xb14/0x1330 [ 72.275323][ T11] kthread+0x266/0x300 [ 72.279380][ T11] ret_from_fork+0x1f/0x30 [ 72.283785][ T11] [ 72.286093][ T11] The buggy address belongs to the object at ffff88807eb62c00 [ 72.286093][ T11] which belongs to the cache kmalloc-96 of size 96 [ 72.299955][ T11] The buggy address is located 78 bytes inside of [ 72.299955][ T11] 96-byte region [ffff88807eb62c00, ffff88807eb62c60) [ 72.313039][ T11] [ 72.315354][ T11] The buggy address belongs to the physical page: [ 72.321748][ T11] page:ffffea0001fad880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7eb62 [ 72.331884][ T11] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 72.339419][ T11] raw: 00fff00000000200 ffffea0000620500 dead000000000004 ffff888012841780 [ 72.347992][ T11] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 72.356558][ T11] page dumped because: kasan: bad access detected [ 72.362953][ T11] page_owner tracks the page as allocated [ 72.368649][ T11] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2973, tgid 2973 (init), ts 13043103035, free_ts 13014326159 [ 72.386095][ T11] get_page_from_freelist+0x742/0x7c0 [ 72.391469][ T11] __alloc_pages+0x259/0x560 [ 72.396050][ T11] alloc_slab_page+0x70/0xf0 [ 72.400627][ T11] allocate_slab+0x5e/0x4b0 [ 72.405118][ T11] ___slab_alloc+0x782/0xe20 [ 72.409696][ T11] __kmem_cache_alloc_node+0x252/0x310 [ 72.415140][ T11] __kmalloc+0x9e/0x1a0 [ 72.419284][ T11] tomoyo_get_name+0x225/0x550 [ 72.424038][ T11] tomoyo_assign_domain+0x369/0x7d0 [ 72.429225][ T11] tomoyo_find_next_domain+0xdfc/0x1d80 [ 72.434763][ T11] tomoyo_bprm_check_security+0xe3/0x130 [ 72.440379][ T11] security_bprm_check+0x50/0xb0 [ 72.445304][ T11] bprm_execve+0x817/0x1590 [ 72.449800][ T11] do_execveat_common+0x598/0x750 [ 72.454818][ T11] __x64_sys_execve+0x8e/0xa0 [ 72.459488][ T11] do_syscall_64+0x3d/0xb0 [ 72.463888][ T11] page last free stack trace: [ 72.468541][ T11] free_pcp_prepare+0x80c/0x8f0 [ 72.473396][ T11] free_unref_page_list+0xb4/0x7b0 [ 72.478495][ T11] release_pages+0x232a/0x25c0 [ 72.483247][ T11] tlb_flush_mmu+0x850/0xa70 [ 72.487827][ T11] tlb_finish_mmu+0xcb/0x200 [ 72.492412][ T11] exit_mmap+0x275/0x630 [ 72.496644][ T11] __mmput+0x114/0x3b0 [ 72.500699][ T11] exit_mm+0x1f5/0x2d0 [ 72.504756][ T11] do_exit+0x5e7/0x2070 [ 72.508901][ T11] do_group_exit+0x1fd/0x2b0 [ 72.513479][ T11] __x64_sys_exit_group+0x3b/0x40 [ 72.518492][ T11] do_syscall_64+0x3d/0xb0 [ 72.522891][ T11] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.528770][ T11] [ 72.531077][ T11] Memory state around the buggy address: [ 72.536687][ T11] ffff88807eb62b00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 72.544731][ T11] ffff88807eb62b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 72.552772][ T11] >ffff88807eb62c00: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 72.560811][ T11] ^ [ 72.567205][ T11] ffff88807eb62c80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 72.575250][ T11] ffff88807eb62d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 72.583289][ T11] ================================================================== [ 72.591974][ T11] Kernel panic - not syncing: panic_on_warn set ... [ 72.598559][ T11] CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0 [ 72.608529][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 72.618572][ T11] Workqueue: writeback wb_workfn (flush-7:0) [ 72.624626][ T11] Call Trace: [ 72.627898][ T11] [ 72.630818][ T11] dump_stack_lvl+0x1b1/0x28e [ 72.635484][ T11] ? nf_tcp_handle_invalid+0x62e/0x62e [ 72.640922][ T11] ? panic+0x710/0x710 [ 72.644975][ T11] ? preempt_schedule_common+0xb7/0xe0 [ 72.650416][ T11] ? vscnprintf+0x59/0x80 [ 72.654727][ T11] panic+0x2d6/0x710 [ 72.658604][ T11] ? memcpy_page_flushcache+0xfc/0xfc [ 72.663959][ T11] ? _raw_spin_unlock_irqrestore+0x110/0x120 [ 72.669929][ T11] ? print_report+0x1b4/0x1f0 [ 72.674589][ T11] ? hfs_strcmp+0x117/0x190 [ 72.679074][ T11] end_report+0x91/0xa0 [ 72.683211][ T11] kasan_report+0xda/0x100 [ 72.687612][ T11] ? hfs_strcmp+0x117/0x190 [ 72.692109][ T11] hfs_strcmp+0x117/0x190 [ 72.696420][ T11] ? hfs_cat_build_record+0x7c0/0x7c0 [ 72.701770][ T11] __hfs_brec_find+0x213/0x5c0 [ 72.706521][ T11] ? hfs_find_exit+0xa0/0xa0 [ 72.711091][ T11] ? hfsplus_uni2asc+0xe68/0x1290 [ 72.716096][ T11] ? mutex_lock_io_nested+0x60/0x60 [ 72.721272][ T11] ? rcu_read_lock_sched_held+0x87/0x110 [ 72.726884][ T11] hfs_brec_find+0x276/0x520 [ 72.731458][ T11] ? __hfs_brec_find+0x5c0/0x5c0 [ 72.736405][ T11] ? mutex_lock_nested+0x17/0x20 [ 72.741340][ T11] ? hfs_write_inode+0x344/0xb40 [ 72.746289][ T11] hfs_write_inode+0x34c/0xb40 [ 72.751055][ T11] ? trace_lock_release+0x95/0x220 [ 72.756163][ T11] ? hfs_inode_write_fork+0x1b0/0x1b0 [ 72.761531][ T11] ? rcu_read_lock_sched_held+0x87/0x110 [ 72.767153][ T11] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 72.773216][ T11] ? do_raw_spin_unlock+0x134/0x8a0 [ 72.778410][ T11] __writeback_single_inode+0x4d6/0x670 [ 72.783956][ T11] writeback_sb_inodes+0xb3b/0x18f0 [ 72.789161][ T11] ? queue_io+0x400/0x400 [ 72.793495][ T11] ? queue_io+0x382/0x400 [ 72.797904][ T11] ? trace_writeback_queue_io+0xe8/0x2d0 [ 72.803532][ T11] wb_writeback+0x41f/0x7b0 [ 72.808033][ T11] ? trace_writeback_exec+0x2c0/0x2c0 [ 72.813412][ T11] ? rcu_read_lock_sched_held+0x87/0x110 [ 72.819043][ T11] ? do_raw_spin_unlock+0x134/0x8a0 [ 72.824247][ T11] wb_workfn+0x3cb/0xef0 [ 72.828500][ T11] ? inode_wait_for_writeback+0x2c0/0x2c0 [ 72.834218][ T11] ? rcu_read_lock_sched_held+0x87/0x110 [ 72.839855][ T11] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 72.845831][ T11] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 72.851721][ T11] ? do_raw_spin_unlock+0x134/0x8a0 [ 72.856926][ T11] process_one_work+0x877/0xdb0 [ 72.861787][ T11] ? worker_detach_from_pool+0x260/0x260 [ 72.867417][ T11] ? _raw_spin_lock_irq+0xba/0xf0 [ 72.872435][ T11] ? _raw_spin_lock_irqsave+0x100/0x100 [ 72.877980][ T11] worker_thread+0xb14/0x1330 [ 72.882666][ T11] kthread+0x266/0x300 [ 72.886728][ T11] ? rcu_lock_release+0x20/0x20 [ 72.891570][ T11] ? kthread_blkcg+0xd0/0xd0 [ 72.896152][ T11] ret_from_fork+0x1f/0x30 [ 72.900569][ T11] [ 72.903729][ T11] Kernel Offset: disabled [ 72.908050][ T11] Rebooting in 86400 seconds..