./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor730081228 <...> Warning: Permanently added '10.128.0.108' (ED25519) to the list of known hosts. execve("./syz-executor730081228", ["./syz-executor730081228"], 0x7ffd8d45c4a0 /* 10 vars */) = 0 brk(NULL) = 0x555556476000 brk(0x555556476d40) = 0x555556476d40 arch_prctl(ARCH_SET_FS, 0x5555564763c0) = 0 set_tid_address(0x555556476690) = 5035 set_robust_list(0x5555564766a0, 24) = 0 rseq(0x555556476ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor730081228", 4096) = 27 getrandom("\x84\xa9\x24\x23\x67\x06\x4d\xbb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556476d40 brk(0x555556497d40) = 0x555556497d40 brk(0x555556498000) = 0x555556498000 mprotect(0x7f4c07add000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 [ 56.357735][ T5035] cgroup: Unknown subsys name 'net' mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "memory") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) [ 56.509822][ T5035] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb,memory") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 mkdir("./syzkaller.RXnG1b", 0700) = 0 chmod("./syzkaller.RXnG1b", 0777) = 0 chdir("./syzkaller.RXnG1b") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 5036 ./strace-static-x86_64: Process 5036 attached [pid 5036] set_robust_list(0x5555564766a0, 24) = 0 [pid 5036] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] setsid() = 1 [pid 5036] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5036] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5036] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5036] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5036] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5036] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5036] unshare(CLONE_NEWNS) = 0 [pid 5036] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5036] unshare(CLONE_NEWIPC) = 0 [pid 5036] unshare(CLONE_NEWCGROUP) = 0 [pid 5036] unshare(CLONE_NEWUTS) = 0 [pid 5036] unshare(CLONE_SYSVSEM) = 0 [pid 5036] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "16777216", 8) = 8 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "536870912", 9) = 9 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1024", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "8192", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1024", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1024", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5036] close(3) = 0 [pid 5036] getpid() = 1 [pid 5036] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5039] set_robust_list(0x5555564766a0, 24) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 2 [pid 5039] chdir("./0") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5039] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5039] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5039] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5040 attached => {parent_tid=[3]}, 88) = 3 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5040] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5040] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5040] memfd_create("syzkaller", 0) = 3 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5040] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5040] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.770765][ T5040] syz-executor730[5040]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5040] close(3) = 0 [pid 5040] mkdir("./file2", 0777) = 0 [pid 5040] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5040] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5040] chdir("./file2") = 0 [pid 5040] ioctl(4, LOOP_CLR_FD) = 0 [pid 5040] close(4) = 0 [pid 5040] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5040] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5039] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... openat resumed>) = 4 [pid 5040] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5040] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.815872][ T5040] loop0: detected capacity change from 0 to 4096 [pid 5040] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5040] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 0 [pid 5040] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5039] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5040] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5040] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... openat resumed>) = 5 [pid 5040] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5040] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5040] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] close(3 [pid 5040] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... close resumed>) = 0 [pid 5039] close(4) = 0 [pid 5039] close(5) = 0 [pid 5039] close(6) = -1 EBADF (Bad file descriptor) [pid 5039] close(7) = -1 EBADF (Bad file descriptor) [pid 5039] close(8) = -1 EBADF (Bad file descriptor) [pid 5039] close(9) = -1 EBADF (Bad file descriptor) [pid 5039] close(10) = -1 EBADF (Bad file descriptor) [pid 5039] close(11) = -1 EBADF (Bad file descriptor) [pid 5039] close(12) = -1 EBADF (Bad file descriptor) [pid 5039] close(13) = -1 EBADF (Bad file descriptor) [pid 5039] close(14) = -1 EBADF (Bad file descriptor) [pid 5039] close(15) = -1 EBADF (Bad file descriptor) [pid 5039] close(16) = -1 EBADF (Bad file descriptor) [pid 5039] close(17) = -1 EBADF (Bad file descriptor) [pid 5039] close(18) = -1 EBADF (Bad file descriptor) [pid 5039] close(19) = -1 EBADF (Bad file descriptor) [pid 5039] close(20) = -1 EBADF (Bad file descriptor) [pid 5039] close(21) = -1 EBADF (Bad file descriptor) [pid 5039] close(22) = -1 EBADF (Bad file descriptor) [pid 5039] close(23) = -1 EBADF (Bad file descriptor) [pid 5039] close(24) = -1 EBADF (Bad file descriptor) [pid 5039] close(25) = -1 EBADF (Bad file descriptor) [pid 5039] close(26) = -1 EBADF (Bad file descriptor) [pid 5039] close(27) = -1 EBADF (Bad file descriptor) [pid 5039] close(28) = -1 EBADF (Bad file descriptor) [pid 5039] close(29) = -1 EBADF (Bad file descriptor) [pid 5039] exit_group(0 [pid 5040] <... futex resumed>) = ? [pid 5039] <... exit_group resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./0/cgroup.cpu") = 0 [pid 5036] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./0/binderfs") = 0 [pid 5036] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./0/cgroup") = 0 [pid 5036] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./0/file2") = 0 [pid 5036] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./0/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./0") = 0 [pid 5036] mkdir("./1", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 4 ./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x5555564766a0, 24) = 0 [pid 5041] chdir("./1") = 0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5041] setpgid(0, 0) = 0 [pid 5041] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5041] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5041] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5041] write(3, "1000", 4) = 4 [pid 5041] close(3) = 0 [pid 5041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5041] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5041] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5042 attached [pid 5042] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5041] <... clone3 resumed> => {parent_tid=[5]}, 88) = 5 [pid 5042] <... rseq resumed>) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], [pid 5042] set_robust_list(0x7f4c079f79a0, 24 [pid 5041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] <... set_robust_list resumed>) = 0 [pid 5041] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5041] <... futex resumed>) = 0 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5041] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5042] memfd_create("syzkaller", 0) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5042] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5042] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5042] close(3) = 0 [pid 5042] mkdir("./file2", 0777) = 0 [pid 5042] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5042] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5042] chdir("./file2") = 0 [pid 5042] ioctl(4, LOOP_CLR_FD) = 0 [pid 5042] close(4) = 0 [pid 5042] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5042] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5042] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5042] <... futex resumed>) = 1 [pid 5041] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5041] <... futex resumed>) = 0 [ 57.072418][ T5042] loop0: detected capacity change from 0 to 4096 [pid 5041] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5041] futex(0x7f4c07ae36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079b6000 [pid 5041] mprotect(0x7f4c079b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079d6990, parent_tid=0x7f4c079d6990, exit_signal=0, stack=0x7f4c079b6000, stack_size=0x20300, tls=0x7f4c079d66c0} => {parent_tid=[6]}, 88) = 6 ./strace-static-x86_64: Process 5043 attached [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] rseq(0x7f4c079d6fe0, 0x20, 0, 0x53053053 [pid 5041] futex(0x7f4c07ae36d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... rseq resumed>) = 0 [pid 5041] <... futex resumed>) = 0 [pid 5043] set_robust_list(0x7f4c079d69a0, 24 [pid 5041] futex(0x7f4c07ae36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... set_robust_list resumed>) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5042] <... write resumed>) = 1036288 [pid 5042] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5043] futex(0x7f4c07ae36dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5043] <... futex resumed>) = 1 [pid 5043] futex(0x7f4c07ae36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5042] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5041] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... openat resumed>) = 5 [pid 5042] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... futex resumed>) = 1 [pid 5042] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5042] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... futex resumed>) = 1 [pid 5042] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5042] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5041] close(3) = 0 [pid 5041] close(4) = 0 [pid 5041] close(5 [pid 5042] <... futex resumed>) = 1 [pid 5041] <... close resumed>) = 0 [pid 5042] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] close(6) = -1 EBADF (Bad file descriptor) [pid 5041] close(7) = -1 EBADF (Bad file descriptor) [pid 5041] close(8) = -1 EBADF (Bad file descriptor) [pid 5041] close(9) = -1 EBADF (Bad file descriptor) [pid 5041] close(10) = -1 EBADF (Bad file descriptor) [pid 5041] close(11) = -1 EBADF (Bad file descriptor) [pid 5041] close(12) = -1 EBADF (Bad file descriptor) [pid 5041] close(13) = -1 EBADF (Bad file descriptor) [pid 5041] close(14) = -1 EBADF (Bad file descriptor) [pid 5041] close(15) = -1 EBADF (Bad file descriptor) [pid 5041] close(16) = -1 EBADF (Bad file descriptor) [pid 5041] close(17) = -1 EBADF (Bad file descriptor) [pid 5041] close(18) = -1 EBADF (Bad file descriptor) [pid 5041] close(19) = -1 EBADF (Bad file descriptor) [pid 5041] close(20) = -1 EBADF (Bad file descriptor) [pid 5041] close(21) = -1 EBADF (Bad file descriptor) [pid 5041] close(22) = -1 EBADF (Bad file descriptor) [pid 5041] close(23) = -1 EBADF (Bad file descriptor) [pid 5041] close(24) = -1 EBADF (Bad file descriptor) [pid 5041] close(25) = -1 EBADF (Bad file descriptor) [pid 5041] close(26) = -1 EBADF (Bad file descriptor) [pid 5041] close(27) = -1 EBADF (Bad file descriptor) [pid 5041] close(28) = -1 EBADF (Bad file descriptor) [pid 5041] close(29) = -1 EBADF (Bad file descriptor) [pid 5041] exit_group(0) = ? [pid 5043] <... futex resumed>) = ? [pid 5042] <... futex resumed>) = ? [pid 5043] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./1/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./1/cgroup.cpu") = 0 [pid 5036] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./1/binderfs") = 0 [pid 5036] umount2("./1/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./1/cgroup") = 0 [pid 5036] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./1/file2") = 0 [pid 5036] umount2("./1/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./1/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./1") = 0 [pid 5036] mkdir("./2", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 7 ./strace-static-x86_64: Process 5044 attached [pid 5044] set_robust_list(0x5555564766a0, 24) = 0 [pid 5044] chdir("./2") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5044] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5044] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5044] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5045 attached [pid 5045] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5044] <... clone3 resumed> => {parent_tid=[8]}, 88) = 8 [pid 5045] set_robust_list(0x7f4c079f79a0, 24 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], [pid 5045] <... set_robust_list resumed>) = 0 [pid 5044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] memfd_create("syzkaller", 0 [pid 5044] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5045] <... memfd_create resumed>) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5045] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5045] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5045] close(3) = 0 [pid 5045] mkdir("./file2", 0777) = 0 [pid 5045] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5045] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file2") = 0 [pid 5045] ioctl(4, LOOP_CLR_FD) = 0 [pid 5045] close(4) = 0 [pid 5045] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5045] <... futex resumed>) = 1 [pid 5044] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... openat resumed>) = 4 [pid 5045] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5044] <... futex resumed>) = 0 [pid 5045] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5044] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... write resumed>) = 1036288 [pid 5044] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5044] futex(0x7f4c07ae36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079b6000 [pid 5044] mprotect(0x7f4c079b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079d6990, parent_tid=0x7f4c079d6990, exit_signal=0, stack=0x7f4c079b6000, stack_size=0x20300, tls=0x7f4c079d66c0}./strace-static-x86_64: Process 5046 attached [pid 5046] rseq(0x7f4c079d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5046] set_robust_list(0x7f4c079d69a0, 24 [pid 5045] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... set_robust_list resumed>) = 0 [pid 5045] <... futex resumed>) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], [pid 5045] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5046] futex(0x7f4c07ae36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... clone3 resumed> => {parent_tid=[9]}, 88) = 9 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] futex(0x7f4c07ae36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] <... futex resumed>) = 0 [pid 5044] futex(0x7f4c07ae36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5046] futex(0x7f4c07ae36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5046] futex(0x7f4c07ae36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5045] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5044] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... openat resumed>) = 5 [pid 5045] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5045] <... futex resumed>) = 1 [pid 5045] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5044] <... futex resumed>) = 0 [pid 5045] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5044] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5045] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5045] <... futex resumed>) = 1 [pid 5044] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... mmap resumed>) = 0x20000000 [pid 5045] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] close(3) = 0 [pid 5044] close(4) = 0 [pid 5044] close(5) = 0 [pid 5044] close(6) = -1 EBADF (Bad file descriptor) [pid 5044] close(7) = -1 EBADF (Bad file descriptor) [pid 5044] close(8) = -1 EBADF (Bad file descriptor) [pid 5044] close(9) = -1 EBADF (Bad file descriptor) [pid 5044] close(10) = -1 EBADF (Bad file descriptor) [ 57.317238][ T5045] loop0: detected capacity change from 0 to 4096 [pid 5044] close(11) = -1 EBADF (Bad file descriptor) [pid 5044] close(12) = -1 EBADF (Bad file descriptor) [pid 5044] close(13) = -1 EBADF (Bad file descriptor) [pid 5044] close(14) = -1 EBADF (Bad file descriptor) [pid 5044] close(15) = -1 EBADF (Bad file descriptor) [pid 5044] close(16) = -1 EBADF (Bad file descriptor) [pid 5044] close(17) = -1 EBADF (Bad file descriptor) [pid 5044] close(18) = -1 EBADF (Bad file descriptor) [pid 5044] close(19) = -1 EBADF (Bad file descriptor) [pid 5044] close(20) = -1 EBADF (Bad file descriptor) [pid 5044] close(21) = -1 EBADF (Bad file descriptor) [pid 5044] close(22) = -1 EBADF (Bad file descriptor) [pid 5044] close(23) = -1 EBADF (Bad file descriptor) [pid 5044] close(24) = -1 EBADF (Bad file descriptor) [pid 5044] close(25) = -1 EBADF (Bad file descriptor) [pid 5044] close(26) = -1 EBADF (Bad file descriptor) [pid 5044] close(27) = -1 EBADF (Bad file descriptor) [pid 5044] close(28) = -1 EBADF (Bad file descriptor) [pid 5044] close(29) = -1 EBADF (Bad file descriptor) [pid 5044] exit_group(0) = ? [pid 5046] <... futex resumed>) = ? [pid 5045] <... futex resumed>) = ? [pid 5046] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5036] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./2/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./2/cgroup.cpu") = 0 [pid 5036] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./2/binderfs") = 0 [pid 5036] umount2("./2/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./2/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./2/cgroup") = 0 [pid 5036] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./2/file2") = 0 [pid 5036] umount2("./2/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./2/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./2") = 0 [pid 5036] mkdir("./3", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5047 attached , child_tidptr=0x555556476690) = 10 [pid 5047] set_robust_list(0x5555564766a0, 24) = 0 [pid 5047] chdir("./3") = 0 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5047] setpgid(0, 0) = 0 [pid 5047] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5047] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5047] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5047] write(3, "1000", 4) = 4 [pid 5047] close(3) = 0 [pid 5047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5047] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5047] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5047] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5048 attached [pid 5048] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5047] <... clone3 resumed> => {parent_tid=[11]}, 88) = 11 [pid 5048] <... rseq resumed>) = 0 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], [pid 5048] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] memfd_create("syzkaller", 0 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5048] <... memfd_create resumed>) = 3 [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5048] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5048] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5048] close(3) = 0 [pid 5048] mkdir("./file2", 0777) = 0 [pid 5048] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5048] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5048] chdir("./file2") = 0 [pid 5048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5048] close(4) = 0 [pid 5048] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... futex resumed>) = 1 [pid 5048] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5048] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5048] <... futex resumed>) = 1 [pid 5047] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5047] <... futex resumed>) = 0 [ 57.548960][ T5048] loop0: detected capacity change from 0 to 4096 [pid 5047] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... write resumed>) = 1036288 [pid 5048] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5048] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5048] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5048] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5048] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5047] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... openat resumed>) = 5 [pid 5048] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5048] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5048] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] <... futex resumed>) = 0 [pid 5048] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5047] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... mmap resumed>) = 0x20000000 [pid 5048] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5048] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] close(3) = 0 [pid 5047] close(4) = 0 [pid 5047] close(5) = 0 [pid 5047] close(6) = -1 EBADF (Bad file descriptor) [pid 5047] close(7) = -1 EBADF (Bad file descriptor) [pid 5047] close(8) = -1 EBADF (Bad file descriptor) [pid 5047] close(9) = -1 EBADF (Bad file descriptor) [pid 5047] close(10) = -1 EBADF (Bad file descriptor) [pid 5047] close(11) = -1 EBADF (Bad file descriptor) [pid 5047] close(12) = -1 EBADF (Bad file descriptor) [pid 5047] close(13) = -1 EBADF (Bad file descriptor) [pid 5047] close(14) = -1 EBADF (Bad file descriptor) [pid 5047] close(15) = -1 EBADF (Bad file descriptor) [pid 5047] close(16) = -1 EBADF (Bad file descriptor) [pid 5047] close(17) = -1 EBADF (Bad file descriptor) [pid 5047] close(18) = -1 EBADF (Bad file descriptor) [pid 5047] close(19) = -1 EBADF (Bad file descriptor) [pid 5047] close(20) = -1 EBADF (Bad file descriptor) [pid 5047] close(21) = -1 EBADF (Bad file descriptor) [pid 5047] close(22) = -1 EBADF (Bad file descriptor) [pid 5047] close(23) = -1 EBADF (Bad file descriptor) [pid 5047] close(24) = -1 EBADF (Bad file descriptor) [pid 5047] close(25) = -1 EBADF (Bad file descriptor) [pid 5047] close(26) = -1 EBADF (Bad file descriptor) [pid 5047] close(27) = -1 EBADF (Bad file descriptor) [pid 5047] close(28) = -1 EBADF (Bad file descriptor) [pid 5047] close(29) = -1 EBADF (Bad file descriptor) [pid 5047] exit_group(0) = ? [pid 5048] <... futex resumed>) = ? [pid 5048] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./3/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./3/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./3/cgroup.cpu") = 0 [pid 5036] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./3/binderfs") = 0 [pid 5036] umount2("./3/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./3/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./3/cgroup") = 0 [pid 5036] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./3/file2") = 0 [pid 5036] umount2("./3/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./3/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./3/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./3") = 0 [pid 5036] mkdir("./4", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5049 attached , child_tidptr=0x555556476690) = 12 [pid 5049] set_robust_list(0x5555564766a0, 24) = 0 [pid 5049] chdir("./4") = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5049] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5049] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5049] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5049] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5050 attached => {parent_tid=[13]}, 88) = 13 [pid 5050] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] <... rseq resumed>) = 0 [pid 5050] set_robust_list(0x7f4c079f79a0, 24 [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5050] <... set_robust_list resumed>) = 0 [pid 5049] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], [pid 5049] <... futex resumed>) = 0 [pid 5050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5049] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5050] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5050] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5050] close(3) = 0 [pid 5050] mkdir("./file2", 0777) = 0 [pid 5050] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5050] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5050] chdir("./file2") = 0 [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5050] close(4) = 0 [pid 5050] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5050] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [ 57.774610][ T5050] loop0: detected capacity change from 0 to 4096 [pid 5050] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5050] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5050] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5049] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5050] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5049] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5050] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5050] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] <... futex resumed>) = 0 [pid 5050] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5049] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... mmap resumed>) = 0x20000000 [pid 5050] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5049] close(3) = 0 [pid 5049] close(4 [pid 5050] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... close resumed>) = 0 [pid 5049] close(5) = 0 [pid 5049] close(6) = -1 EBADF (Bad file descriptor) [pid 5049] close(7) = -1 EBADF (Bad file descriptor) [pid 5049] close(8) = -1 EBADF (Bad file descriptor) [pid 5049] close(9) = -1 EBADF (Bad file descriptor) [pid 5049] close(10) = -1 EBADF (Bad file descriptor) [pid 5049] close(11) = -1 EBADF (Bad file descriptor) [pid 5049] close(12) = -1 EBADF (Bad file descriptor) [pid 5049] close(13) = -1 EBADF (Bad file descriptor) [pid 5049] close(14) = -1 EBADF (Bad file descriptor) [pid 5049] close(15) = -1 EBADF (Bad file descriptor) [pid 5049] close(16) = -1 EBADF (Bad file descriptor) [pid 5049] close(17) = -1 EBADF (Bad file descriptor) [pid 5049] close(18) = -1 EBADF (Bad file descriptor) [pid 5049] close(19) = -1 EBADF (Bad file descriptor) [pid 5049] close(20) = -1 EBADF (Bad file descriptor) [pid 5049] close(21) = -1 EBADF (Bad file descriptor) [pid 5049] close(22) = -1 EBADF (Bad file descriptor) [pid 5049] close(23) = -1 EBADF (Bad file descriptor) [pid 5049] close(24) = -1 EBADF (Bad file descriptor) [pid 5049] close(25) = -1 EBADF (Bad file descriptor) [pid 5049] close(26) = -1 EBADF (Bad file descriptor) [pid 5049] close(27) = -1 EBADF (Bad file descriptor) [pid 5049] close(28) = -1 EBADF (Bad file descriptor) [pid 5049] close(29) = -1 EBADF (Bad file descriptor) [pid 5049] exit_group(0) = ? [pid 5050] <... futex resumed>) = ? [pid 5050] +++ exited with 0 +++ [pid 5049] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./4/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./4/cgroup.cpu") = 0 [pid 5036] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./4/binderfs") = 0 [pid 5036] umount2("./4/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./4/cgroup") = 0 [pid 5036] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./4/file2") = 0 [pid 5036] umount2("./4/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./4/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./4") = 0 [pid 5036] mkdir("./5", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5051 attached , child_tidptr=0x555556476690) = 14 [pid 5051] set_robust_list(0x5555564766a0, 24) = 0 [pid 5051] chdir("./5") = 0 [pid 5051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5051] setpgid(0, 0) = 0 [pid 5051] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5051] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5051] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5051] write(3, "1000", 4) = 4 [pid 5051] close(3) = 0 [pid 5051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5051] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5051] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5052 attached => {parent_tid=[15]}, 88) = 15 [pid 5052] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] <... rseq resumed>) = 0 [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5052] set_robust_list(0x7f4c079f79a0, 24 [pid 5051] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... set_robust_list resumed>) = 0 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], [pid 5051] <... futex resumed>) = 0 [pid 5052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5051] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5052] memfd_create("syzkaller", 0) = 3 [pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5052] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5052] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5052] close(3) = 0 [pid 5052] mkdir("./file2", 0777) = 0 [pid 5052] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5052] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5052] chdir("./file2") = 0 [pid 5052] ioctl(4, LOOP_CLR_FD) = 0 [pid 5052] close(4) = 0 [pid 5052] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5052] <... futex resumed>) = 1 [pid 5051] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5051] <... futex resumed>) = 0 [pid 5051] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... openat resumed>) = 4 [pid 5052] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5052] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5051] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.002563][ T5052] loop0: detected capacity change from 0 to 4096 [pid 5051] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... write resumed>) = 1036288 [pid 5052] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5052] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5051] <... futex resumed>) = 0 [pid 5052] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5051] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5052] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5051] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5052] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5051] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5052] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5052] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5051] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5051] <... futex resumed>) = 0 [pid 5052] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5051] close(3) = 0 [pid 5051] close(4) = 0 [pid 5051] close(5) = 0 [pid 5051] close(6) = -1 EBADF (Bad file descriptor) [pid 5051] close(7) = -1 EBADF (Bad file descriptor) [pid 5051] close(8) = -1 EBADF (Bad file descriptor) [pid 5051] close(9) = -1 EBADF (Bad file descriptor) [pid 5051] close(10) = -1 EBADF (Bad file descriptor) [pid 5051] close(11) = -1 EBADF (Bad file descriptor) [pid 5051] close(12) = -1 EBADF (Bad file descriptor) [pid 5051] close(13) = -1 EBADF (Bad file descriptor) [pid 5051] close(14) = -1 EBADF (Bad file descriptor) [pid 5051] close(15) = -1 EBADF (Bad file descriptor) [pid 5051] close(16) = -1 EBADF (Bad file descriptor) [pid 5051] close(17) = -1 EBADF (Bad file descriptor) [pid 5051] close(18) = -1 EBADF (Bad file descriptor) [pid 5051] close(19) = -1 EBADF (Bad file descriptor) [pid 5051] close(20) = -1 EBADF (Bad file descriptor) [pid 5051] close(21) = -1 EBADF (Bad file descriptor) [pid 5051] close(22) = -1 EBADF (Bad file descriptor) [pid 5051] close(23) = -1 EBADF (Bad file descriptor) [pid 5051] close(24) = -1 EBADF (Bad file descriptor) [pid 5051] close(25) = -1 EBADF (Bad file descriptor) [pid 5051] close(26) = -1 EBADF (Bad file descriptor) [pid 5051] close(27) = -1 EBADF (Bad file descriptor) [pid 5051] close(28) = -1 EBADF (Bad file descriptor) [pid 5051] close(29) = -1 EBADF (Bad file descriptor) [pid 5051] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5051] <... exit_group resumed>) = ? [pid 5051] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5036] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./5/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./5/cgroup.cpu") = 0 [pid 5036] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./5/binderfs") = 0 [pid 5036] umount2("./5/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./5/cgroup") = 0 [pid 5036] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./5/file2") = 0 [pid 5036] umount2("./5/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./5/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./5/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./5") = 0 [pid 5036] mkdir("./6", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 16 ./strace-static-x86_64: Process 5053 attached [pid 5053] set_robust_list(0x5555564766a0, 24) = 0 [pid 5053] chdir("./6") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5053] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5053] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5053] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[17]}, 88) = 17 ./strace-static-x86_64: Process 5054 attached [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5054] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5054] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] memfd_create("syzkaller", 0) = 3 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5054] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5054] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5054] close(3) = 0 [pid 5054] mkdir("./file2", 0777) = 0 [pid 5054] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5054] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5054] chdir("./file2") = 0 [pid 5054] ioctl(4, LOOP_CLR_FD) = 0 [pid 5054] close(4) = 0 [pid 5054] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] <... futex resumed>) = 0 [pid 5054] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5053] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... openat resumed>) = 4 [pid 5054] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] <... futex resumed>) = 0 [pid 5054] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 58.238910][ T5054] loop0: detected capacity change from 0 to 4096 [pid 5053] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... write resumed>) = 1036288 [pid 5054] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5054] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5053] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... openat resumed>) = 5 [pid 5054] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5053] <... futex resumed>) = 1 [pid 5054] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5053] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5054] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5053] <... futex resumed>) = 1 [pid 5054] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5053] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] close(3 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... close resumed>) = 0 [pid 5053] close(4) = 0 [pid 5053] close(5) = 0 [pid 5053] close(6) = -1 EBADF (Bad file descriptor) [pid 5053] close(7) = -1 EBADF (Bad file descriptor) [pid 5053] close(8) = -1 EBADF (Bad file descriptor) [pid 5053] close(9) = -1 EBADF (Bad file descriptor) [pid 5053] close(10) = -1 EBADF (Bad file descriptor) [pid 5053] close(11) = -1 EBADF (Bad file descriptor) [pid 5053] close(12) = -1 EBADF (Bad file descriptor) [pid 5053] close(13) = -1 EBADF (Bad file descriptor) [pid 5053] close(14) = -1 EBADF (Bad file descriptor) [pid 5053] close(15) = -1 EBADF (Bad file descriptor) [pid 5053] close(16) = -1 EBADF (Bad file descriptor) [pid 5053] close(17) = -1 EBADF (Bad file descriptor) [pid 5053] close(18) = -1 EBADF (Bad file descriptor) [pid 5053] close(19) = -1 EBADF (Bad file descriptor) [pid 5053] close(20) = -1 EBADF (Bad file descriptor) [pid 5053] close(21) = -1 EBADF (Bad file descriptor) [pid 5053] close(22) = -1 EBADF (Bad file descriptor) [pid 5053] close(23) = -1 EBADF (Bad file descriptor) [pid 5053] close(24) = -1 EBADF (Bad file descriptor) [pid 5053] close(25) = -1 EBADF (Bad file descriptor) [pid 5053] close(26) = -1 EBADF (Bad file descriptor) [pid 5053] close(27) = -1 EBADF (Bad file descriptor) [pid 5053] close(28) = -1 EBADF (Bad file descriptor) [pid 5053] close(29) = -1 EBADF (Bad file descriptor) [pid 5053] exit_group(0 [pid 5054] <... futex resumed>) = ? [pid 5053] <... exit_group resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./6/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./6/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./6/cgroup.cpu") = 0 [pid 5036] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./6/binderfs") = 0 [pid 5036] umount2("./6/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./6/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./6/cgroup") = 0 [pid 5036] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./6/file2") = 0 [pid 5036] umount2("./6/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./6/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./6/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./6") = 0 [pid 5036] mkdir("./7", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5055 attached [pid 5055] set_robust_list(0x5555564766a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 18 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5055] chdir("./7") = 0 [pid 5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5055] setpgid(0, 0) = 0 [pid 5055] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5055] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5055] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5055] write(3, "1000", 4) = 4 [pid 5055] close(3) = 0 [pid 5055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5055] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5055] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5056 attached [pid 5056] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5055] <... clone3 resumed> => {parent_tid=[19]}, 88) = 19 [pid 5056] <... rseq resumed>) = 0 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], [pid 5056] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5055] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] memfd_create("syzkaller", 0 [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5056] <... memfd_create resumed>) = 3 [pid 5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5056] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5056] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5056] close(3) = 0 [pid 5056] mkdir("./file2", 0777) = 0 [pid 5056] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5056] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5056] chdir("./file2") = 0 [pid 5056] ioctl(4, LOOP_CLR_FD) = 0 [pid 5056] close(4) = 0 [pid 5056] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5055] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... openat resumed>) = 4 [pid 5056] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... futex resumed>) = 1 [ 58.467264][ T5056] loop0: detected capacity change from 0 to 4096 [pid 5056] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5055] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5055] futex(0x7f4c07ae36dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079b6000 [pid 5055] mprotect(0x7f4c079b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079d6990, parent_tid=0x7f4c079d6990, exit_signal=0, stack=0x7f4c079b6000, stack_size=0x20300, tls=0x7f4c079d66c0}./strace-static-x86_64: Process 5057 attached => {parent_tid=[20]}, 88) = 20 [pid 5057] rseq(0x7f4c079d6fe0, 0x20, 0, 0x53053053 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5055] futex(0x7f4c07ae36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7f4c07ae36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... rseq resumed>) = 0 [pid 5057] set_robust_list(0x7f4c079d69a0, 24) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5057] futex(0x7f4c07ae36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5057] futex(0x7f4c07ae36d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] futex(0x7f4c07ae36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7f4c07ae36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5057] futex(0x7f4c07ae36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7f4c07ae36d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7f4c07ae36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 20480 [pid 5056] <... write resumed>) = 1011712 [pid 5057] futex(0x7f4c07ae36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] futex(0x7f4c07ae36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7f4c07ae36d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5055] futex(0x7f4c07ae36dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5056] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.586763][ T5057] [ 58.589123][ T5057] ====================================================== [ 58.596133][ T5057] WARNING: possible circular locking dependency detected [ 58.603126][ T5057] 6.6.0-rc5-syzkaller-00267-g9a3dad63edbe #0 Not tainted [ 58.610119][ T5057] ------------------------------------------------------ [ 58.617112][ T5057] syz-executor730/5057 is trying to acquire lock: [ 58.623511][ T5057] ffff888077e56190 (&ni->file.run_lock#3){++++}-{3:3}, at: attr_data_get_block+0x2e7/0x2da0 [ 58.633596][ T5057] [ 58.633596][ T5057] but task is already holding lock: [ 58.640940][ T5057] ffff88807c7e4420 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17b/0x410 [ 58.649888][ T5057] [ 58.649888][ T5057] which lock already depends on the new lock. [ 58.649888][ T5057] [ 58.660285][ T5057] [ 58.660285][ T5057] the existing dependency chain (in reverse order) is: [ 58.669292][ T5057] [ 58.669292][ T5057] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 58.676830][ T5057] __might_fault+0xc1/0x120 [ 58.681842][ T5057] _copy_to_user+0x2a/0xa0 [ 58.686789][ T5057] fiemap_fill_next_extent+0x235/0x410 [ 58.692759][ T5057] ni_fiemap+0xa5e/0x1230 [ 58.697609][ T5057] ntfs_fiemap+0x132/0x180 [ 58.702522][ T5057] do_vfs_ioctl+0x19ea/0x2b40 [ 58.707704][ T5057] __se_sys_ioctl+0x81/0x170 [ 58.712797][ T5057] do_syscall_64+0x41/0xc0 [ 58.717730][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.724131][ T5057] [ 58.724131][ T5057] -> #0 (&ni->file.run_lock#3){++++}-{3:3}: [ 58.732222][ T5057] __lock_acquire+0x39ff/0x7f70 [ 58.737585][ T5057] lock_acquire+0x1e3/0x520 [ 58.742591][ T5057] down_read+0xb1/0xa40 [ 58.747250][ T5057] attr_data_get_block+0x2e7/0x2da0 [ 58.752970][ T5057] ntfs_file_mmap+0x453/0x7a0 [ 58.758162][ T5057] mmap_region+0xfd0/0x2280 [ 58.763166][ T5057] do_mmap+0x8d3/0xfa0 [ 58.767737][ T5057] vm_mmap_pgoff+0x1dc/0x410 [ 58.772836][ T5057] ksys_mmap_pgoff+0x4ff/0x6d0 [ 58.778109][ T5057] do_syscall_64+0x41/0xc0 [ 58.783039][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.789450][ T5057] [ 58.789450][ T5057] other info that might help us debug this: [ 58.789450][ T5057] [ 58.799657][ T5057] Possible unsafe locking scenario: [ 58.799657][ T5057] [ 58.807088][ T5057] CPU0 CPU1 [ 58.812430][ T5057] ---- ---- [ 58.817776][ T5057] lock(&mm->mmap_lock); [ 58.822089][ T5057] lock(&ni->file.run_lock#3); [ 58.829452][ T5057] lock(&mm->mmap_lock); [ 58.836288][ T5057] rlock(&ni->file.run_lock#3); [ 58.841211][ T5057] [ 58.841211][ T5057] *** DEADLOCK *** [ 58.841211][ T5057] [ 58.849339][ T5057] 1 lock held by syz-executor730/5057: [ 58.854786][ T5057] #0: ffff88807c7e4420 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17b/0x410 [ 58.864159][ T5057] [ 58.864159][ T5057] stack backtrace: [ 58.870024][ T5057] CPU: 1 PID: 5057 Comm: syz-executor730 Not tainted 6.6.0-rc5-syzkaller-00267-g9a3dad63edbe #0 [ 58.880409][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 58.890449][ T5057] Call Trace: [ 58.893716][ T5057] [ 58.896629][ T5057] dump_stack_lvl+0x1e7/0x2d0 [ 58.901290][ T5057] ? nf_tcp_handle_invalid+0x650/0x650 [ 58.906761][ T5057] ? print_circular_bug+0x12b/0x1a0 [ 58.911953][ T5057] check_noncircular+0x375/0x4a0 [ 58.916889][ T5057] ? print_deadlock_bug+0x600/0x600 [ 58.922090][ T5057] ? lockdep_lock+0x123/0x2b0 [ 58.926765][ T5057] ? __lock_acquire+0x1267/0x7f70 [ 58.931774][ T5057] ? mark_lock+0x9a/0x340 [ 58.936085][ T5057] ? _find_first_zero_bit+0xd4/0x100 [ 58.941356][ T5057] __lock_acquire+0x39ff/0x7f70 [ 58.946192][ T5057] ? is_bpf_text_address+0x28d/0x2a0 [ 58.951457][ T5057] ? stack_trace_save+0x1c0/0x1c0 [ 58.956462][ T5057] ? verify_lock_unused+0x140/0x140 [ 58.961640][ T5057] ? __kernel_text_address+0xd/0x40 [ 58.966841][ T5057] ? unwind_get_return_address+0x91/0xc0 [ 58.972460][ T5057] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.978516][ T5057] ? arch_stack_walk+0x162/0x1a0 [ 58.983458][ T5057] ? mark_lock+0x9a/0x340 [ 58.987787][ T5057] lock_acquire+0x1e3/0x520 [ 58.992282][ T5057] ? attr_data_get_block+0x2e7/0x2da0 [ 58.997655][ T5057] ? read_lock_is_recursive+0x20/0x20 [ 59.003009][ T5057] ? __might_sleep+0xc0/0xc0 [ 59.007583][ T5057] ? mark_lock+0x9a/0x340 [ 59.011893][ T5057] down_read+0xb1/0xa40 [ 59.016044][ T5057] ? attr_data_get_block+0x2e7/0x2da0 [ 59.021417][ T5057] ? __down_common+0x7a0/0x7a0 [ 59.026174][ T5057] ? stack_trace_save+0x117/0x1c0 [ 59.031196][ T5057] ? verify_lock_unused+0x140/0x140 [ 59.036384][ T5057] attr_data_get_block+0x2e7/0x2da0 [ 59.041569][ T5057] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 59.047533][ T5057] ? print_irqtrace_events+0x220/0x220 [ 59.052973][ T5057] ? get_pre_allocated+0x130/0x130 [ 59.058073][ T5057] ? __asan_memset+0x23/0x40 [ 59.062647][ T5057] ? lockdep_init_map_type+0xa1/0x910 [ 59.068001][ T5057] ntfs_file_mmap+0x453/0x7a0 [ 59.072660][ T5057] ? lockdep_softirqs_off+0x420/0x420 [ 59.078014][ T5057] ? ntfs_compat_ioctl+0x30/0x30 [ 59.082933][ T5057] ? vma_iter_config+0xe7/0x280 [ 59.087778][ T5057] mmap_region+0xfd0/0x2280 [ 59.092281][ T5057] ? verify_lock_unused+0x140/0x140 [ 59.097465][ T5057] ? file_mmap_ok+0x150/0x150 [ 59.102127][ T5057] ? cap_mmap_addr+0x162/0x2c0 [ 59.106875][ T5057] do_mmap+0x8d3/0xfa0 [ 59.110927][ T5057] ? mlock_future_ok+0x100/0x100 [ 59.115844][ T5057] ? ima_file_free+0x4b0/0x4b0 [ 59.120592][ T5057] vm_mmap_pgoff+0x1dc/0x410 [ 59.125169][ T5057] ? account_locked_vm+0x220/0x220 [ 59.130276][ T5057] ? __fget_files+0x435/0x4a0 [ 59.134972][ T5057] ? __fget_files+0x28/0x4a0 [ 59.139553][ T5057] ksys_mmap_pgoff+0x4ff/0x6d0 [ 59.144298][ T5057] do_syscall_64+0x41/0xc0 [ 59.148707][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.154586][ T5057] RIP: 0033:0x7f4c07a3b4c9 [ 59.158983][ T5057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 59.178575][ T5057] RSP: 002b:00007f4c079d6208 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [pid 5056] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] <... mmap resumed>) = 0x20000000 [pid 5057] futex(0x7f4c07ae36dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] futex(0x7f4c07ae36d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... futex resumed>) = 0 [pid 5055] close(3) = 0 [pid 5055] close(4) = 0 [pid 5055] close(5) = 0 [pid 5055] close(6) = -1 EBADF (Bad file descriptor) [pid 5055] close(7) = -1 EBADF (Bad file descriptor) [pid 5055] close(8) = -1 EBADF (Bad file descriptor) [pid 5055] close(9) = -1 EBADF (Bad file descriptor) [pid 5055] close(10) = -1 EBADF (Bad file descriptor) [pid 5055] close(11) = -1 EBADF (Bad file descriptor) [pid 5055] close(12) = -1 EBADF (Bad file descriptor) [pid 5055] close(13) = -1 EBADF (Bad file descriptor) [pid 5055] close(14) = -1 EBADF (Bad file descriptor) [pid 5055] close(15) = -1 EBADF (Bad file descriptor) [pid 5055] close(16) = -1 EBADF (Bad file descriptor) [pid 5055] close(17) = -1 EBADF (Bad file descriptor) [pid 5055] close(18) = -1 EBADF (Bad file descriptor) [pid 5055] close(19) = -1 EBADF (Bad file descriptor) [pid 5055] close(20) = -1 EBADF (Bad file descriptor) [pid 5055] close(21) = -1 EBADF (Bad file descriptor) [pid 5055] close(22) = -1 EBADF (Bad file descriptor) [pid 5055] close(23) = -1 EBADF (Bad file descriptor) [pid 5055] close(24) = -1 EBADF (Bad file descriptor) [pid 5055] close(25) = -1 EBADF (Bad file descriptor) [pid 5055] close(26) = -1 EBADF (Bad file descriptor) [pid 5055] close(27) = -1 EBADF (Bad file descriptor) [pid 5055] close(28) = -1 EBADF (Bad file descriptor) [pid 5055] close(29) = -1 EBADF (Bad file descriptor) [pid 5055] exit_group(0) = ? [pid 5057] <... futex resumed>) = ? [pid 5056] <... futex resumed>) = ? [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ [pid 5055] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5036] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./7/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./7/cgroup.cpu") = 0 [pid 5036] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./7/binderfs") = 0 [pid 5036] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./7/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./7/cgroup") = 0 [ 59.186981][ T5057] RAX: ffffffffffffffda RBX: 00007f4c07ae36d8 RCX: 00007f4c07a3b4c9 [ 59.194955][ T5057] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 59.202943][ T5057] RBP: 00007f4c07ae36d0 R08: 0000000000000005 R09: 0000000000000000 [ 59.210907][ T5057] R10: 0000000000028011 R11: 0000000000000246 R12: 00007f4c07aafc38 [ 59.218883][ T5057] R13: 00007f4c07a90052 R14: bcaefabb4aa2fce3 R15: 0032656c69662f2e [ 59.226843][ T5057] [pid 5036] umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./7/file2") = 0 [pid 5036] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./7/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./7") = 0 [pid 5036] mkdir("./8", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 21 ./strace-static-x86_64: Process 5058 attached [pid 5058] set_robust_list(0x5555564766a0, 24) = 0 [pid 5058] chdir("./8") = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5058] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5058] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5058] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5058] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5059 attached [pid 5059] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5059] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... clone3 resumed> => {parent_tid=[22]}, 88) = 22 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5058] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5059] memfd_create("syzkaller", 0) = 3 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5059] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5059] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5059] close(3) = 0 [pid 5059] mkdir("./file2", 0777) = 0 [pid 5059] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5059] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5059] chdir("./file2") = 0 [pid 5059] ioctl(4, LOOP_CLR_FD) = 0 [pid 5059] close(4) = 0 [pid 5059] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5059] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5058] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... openat resumed>) = 4 [pid 5059] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 59.357385][ T5059] loop0: detected capacity change from 0 to 4096 [pid 5058] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... write resumed>) = 1036288 [pid 5059] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5059] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5058] <... futex resumed>) = 1 [pid 5059] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5058] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... openat resumed>) = 5 [pid 5059] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5059] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5058] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5058] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5058] <... futex resumed>) = 0 [pid 5059] <... mmap resumed>) = 0x20000000 [pid 5058] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5058] close(3) = 0 [pid 5058] close(4) = 0 [pid 5058] close(5) = 0 [pid 5058] close(6) = -1 EBADF (Bad file descriptor) [pid 5058] close(7) = -1 EBADF (Bad file descriptor) [pid 5058] close(8) = -1 EBADF (Bad file descriptor) [pid 5058] close(9) = -1 EBADF (Bad file descriptor) [pid 5058] close(10) = -1 EBADF (Bad file descriptor) [pid 5058] close(11) = -1 EBADF (Bad file descriptor) [pid 5058] close(12 [pid 5059] <... futex resumed>) = 1 [pid 5058] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5058] close(13 [pid 5059] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5058] close(14) = -1 EBADF (Bad file descriptor) [pid 5058] close(15) = -1 EBADF (Bad file descriptor) [pid 5058] close(16) = -1 EBADF (Bad file descriptor) [pid 5058] close(17) = -1 EBADF (Bad file descriptor) [pid 5058] close(18) = -1 EBADF (Bad file descriptor) [pid 5058] close(19) = -1 EBADF (Bad file descriptor) [pid 5058] close(20) = -1 EBADF (Bad file descriptor) [pid 5058] close(21) = -1 EBADF (Bad file descriptor) [pid 5058] close(22) = -1 EBADF (Bad file descriptor) [pid 5058] close(23) = -1 EBADF (Bad file descriptor) [pid 5058] close(24) = -1 EBADF (Bad file descriptor) [pid 5058] close(25) = -1 EBADF (Bad file descriptor) [pid 5058] close(26) = -1 EBADF (Bad file descriptor) [pid 5058] close(27) = -1 EBADF (Bad file descriptor) [pid 5058] close(28) = -1 EBADF (Bad file descriptor) [pid 5058] close(29) = -1 EBADF (Bad file descriptor) [pid 5058] exit_group(0 [pid 5059] <... futex resumed>) = ? [pid 5058] <... exit_group resumed>) = ? [pid 5059] +++ exited with 0 +++ [pid 5058] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./8/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./8/cgroup.cpu") = 0 [pid 5036] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./8/binderfs") = 0 [pid 5036] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./8/cgroup") = 0 [pid 5036] umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./8/file2") = 0 [pid 5036] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./8/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./8") = 0 [pid 5036] mkdir("./9", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached , child_tidptr=0x555556476690) = 23 [pid 5060] set_robust_list(0x5555564766a0, 24) = 0 [pid 5060] chdir("./9") = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [pid 5060] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5060] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5060] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5060] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5060] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5061 attached [pid 5061] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5060] <... clone3 resumed> => {parent_tid=[24]}, 88) = 24 [pid 5061] <... rseq resumed>) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5061] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] memfd_create("syzkaller", 0 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5061] <... memfd_create resumed>) = 3 [pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5061] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5061] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5061] close(3) = 0 [pid 5061] mkdir("./file2", 0777) = 0 [pid 5061] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5061] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5061] chdir("./file2") = 0 [pid 5061] ioctl(4, LOOP_CLR_FD) = 0 [pid 5061] close(4) = 0 [pid 5061] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... futex resumed>) = 1 [pid 5061] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5061] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... futex resumed>) = 1 [ 59.520142][ T5061] loop0: detected capacity change from 0 to 4096 [pid 5061] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5061] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... futex resumed>) = 1 [pid 5061] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5061] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... futex resumed>) = 1 [pid 5061] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5061] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... futex resumed>) = 1 [pid 5061] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5061] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... futex resumed>) = 1 [pid 5061] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5061] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] close(3) = 0 [pid 5060] close(4) = 0 [pid 5061] <... futex resumed>) = 1 [pid 5060] close(5 [pid 5061] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] <... close resumed>) = 0 [pid 5060] close(6) = -1 EBADF (Bad file descriptor) [pid 5060] close(7) = -1 EBADF (Bad file descriptor) [pid 5060] close(8) = -1 EBADF (Bad file descriptor) [pid 5060] close(9) = -1 EBADF (Bad file descriptor) [pid 5060] close(10) = -1 EBADF (Bad file descriptor) [pid 5060] close(11) = -1 EBADF (Bad file descriptor) [pid 5060] close(12) = -1 EBADF (Bad file descriptor) [pid 5060] close(13) = -1 EBADF (Bad file descriptor) [pid 5060] close(14) = -1 EBADF (Bad file descriptor) [pid 5060] close(15) = -1 EBADF (Bad file descriptor) [pid 5060] close(16) = -1 EBADF (Bad file descriptor) [pid 5060] close(17) = -1 EBADF (Bad file descriptor) [pid 5060] close(18) = -1 EBADF (Bad file descriptor) [pid 5060] close(19) = -1 EBADF (Bad file descriptor) [pid 5060] close(20) = -1 EBADF (Bad file descriptor) [pid 5060] close(21) = -1 EBADF (Bad file descriptor) [pid 5060] close(22) = -1 EBADF (Bad file descriptor) [pid 5060] close(23) = -1 EBADF (Bad file descriptor) [pid 5060] close(24) = -1 EBADF (Bad file descriptor) [pid 5060] close(25) = -1 EBADF (Bad file descriptor) [pid 5060] close(26) = -1 EBADF (Bad file descriptor) [pid 5060] close(27) = -1 EBADF (Bad file descriptor) [pid 5060] close(28) = -1 EBADF (Bad file descriptor) [pid 5060] close(29) = -1 EBADF (Bad file descriptor) [pid 5060] exit_group(0 [pid 5061] <... futex resumed>) = ? [pid 5060] <... exit_group resumed>) = ? [pid 5061] +++ exited with 0 +++ [pid 5060] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./9/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./9/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./9/cgroup.cpu") = 0 [pid 5036] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./9/binderfs") = 0 [pid 5036] umount2("./9/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./9/cgroup") = 0 [pid 5036] umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./9/file2") = 0 [pid 5036] umount2("./9/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./9/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./9") = 0 [pid 5036] mkdir("./10", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 25 ./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x5555564766a0, 24) = 0 [pid 5062] chdir("./10") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5062] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5062] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5062] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5063 attached [pid 5063] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5062] <... clone3 resumed> => {parent_tid=[26]}, 88) = 26 [pid 5063] <... rseq resumed>) = 0 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5063] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5063] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./file2", 0777) = 0 [pid 5063] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5063] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] chdir("./file2") = 0 [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5063] close(4) = 0 [pid 5063] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 0 [pid 5063] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5063] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5062] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 59.707337][ T5063] loop0: detected capacity change from 0 to 4096 [pid 5063] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5063] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5062] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5063] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5063] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5062] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... openat resumed>) = 5 [pid 5063] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5063] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5062] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5063] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... mmap resumed>) = 0x20000000 [pid 5063] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] close(3) = 0 [pid 5062] close(4) = 0 [pid 5062] close(5) = 0 [pid 5062] close(6) = -1 EBADF (Bad file descriptor) [pid 5062] close(7) = -1 EBADF (Bad file descriptor) [pid 5062] close(8) = -1 EBADF (Bad file descriptor) [pid 5062] close(9) = -1 EBADF (Bad file descriptor) [pid 5062] close(10) = -1 EBADF (Bad file descriptor) [pid 5062] close(11) = -1 EBADF (Bad file descriptor) [pid 5062] close(12) = -1 EBADF (Bad file descriptor) [pid 5062] close(13) = -1 EBADF (Bad file descriptor) [pid 5062] close(14) = -1 EBADF (Bad file descriptor) [pid 5062] close(15) = -1 EBADF (Bad file descriptor) [pid 5062] close(16) = -1 EBADF (Bad file descriptor) [pid 5062] close(17) = -1 EBADF (Bad file descriptor) [pid 5062] close(18) = -1 EBADF (Bad file descriptor) [pid 5062] close(19) = -1 EBADF (Bad file descriptor) [pid 5062] close(20) = -1 EBADF (Bad file descriptor) [pid 5062] close(21) = -1 EBADF (Bad file descriptor) [pid 5062] close(22) = -1 EBADF (Bad file descriptor) [pid 5062] close(23) = -1 EBADF (Bad file descriptor) [pid 5062] close(24) = -1 EBADF (Bad file descriptor) [pid 5062] close(25) = -1 EBADF (Bad file descriptor) [pid 5062] close(26) = -1 EBADF (Bad file descriptor) [pid 5062] close(27) = -1 EBADF (Bad file descriptor) [pid 5062] close(28) = -1 EBADF (Bad file descriptor) [pid 5062] close(29) = -1 EBADF (Bad file descriptor) [pid 5062] exit_group(0) = ? [pid 5063] <... futex resumed>) = ? [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./10/cgroup.cpu") = 0 [pid 5036] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./10/binderfs") = 0 [pid 5036] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./10/cgroup") = 0 [pid 5036] umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./10/file2") = 0 [pid 5036] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./10/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./10") = 0 [pid 5036] mkdir("./11", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x5555564766a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 27 [pid 5064] <... set_robust_list resumed>) = 0 [pid 5064] chdir("./11") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5064] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5064] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5064] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[28]}, 88) = 28 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5065 attached NULL, 8) = 0 [pid 5065] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5064] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... futex resumed>) = 0 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] memfd_create("syzkaller", 0 [pid 5064] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... memfd_create resumed>) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5065] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5065] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file2", 0777) = 0 [pid 5065] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5065] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file2") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5064] <... futex resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [ 59.884928][ T5065] loop0: detected capacity change from 0 to 4096 [pid 5065] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5065] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5064] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... openat resumed>) = 5 [pid 5065] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5065] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5064] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5065] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = 1 [pid 5065] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5065] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... futex resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] close(4) = 0 [pid 5064] close(5) = 0 [pid 5064] close(6) = -1 EBADF (Bad file descriptor) [pid 5064] close(7) = -1 EBADF (Bad file descriptor) [pid 5064] close(8) = -1 EBADF (Bad file descriptor) [pid 5064] close(9) = -1 EBADF (Bad file descriptor) [pid 5064] close(10) = -1 EBADF (Bad file descriptor) [pid 5064] close(11) = -1 EBADF (Bad file descriptor) [pid 5064] close(12) = -1 EBADF (Bad file descriptor) [pid 5064] close(13) = -1 EBADF (Bad file descriptor) [pid 5064] close(14) = -1 EBADF (Bad file descriptor) [pid 5064] close(15) = -1 EBADF (Bad file descriptor) [pid 5064] close(16) = -1 EBADF (Bad file descriptor) [pid 5064] close(17) = -1 EBADF (Bad file descriptor) [pid 5064] close(18) = -1 EBADF (Bad file descriptor) [pid 5064] close(19) = -1 EBADF (Bad file descriptor) [pid 5064] close(20) = -1 EBADF (Bad file descriptor) [pid 5064] close(21) = -1 EBADF (Bad file descriptor) [pid 5064] close(22) = -1 EBADF (Bad file descriptor) [pid 5064] close(23) = -1 EBADF (Bad file descriptor) [pid 5064] close(24) = -1 EBADF (Bad file descriptor) [pid 5064] close(25) = -1 EBADF (Bad file descriptor) [pid 5064] close(26) = -1 EBADF (Bad file descriptor) [pid 5064] close(27) = -1 EBADF (Bad file descriptor) [pid 5064] close(28) = -1 EBADF (Bad file descriptor) [pid 5064] close(29) = -1 EBADF (Bad file descriptor) [pid 5064] exit_group(0) = ? [pid 5065] <... futex resumed>) = ? [pid 5065] +++ exited with 0 +++ [pid 5064] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./11/cgroup.cpu") = 0 [pid 5036] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./11/binderfs") = 0 [pid 5036] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./11/cgroup") = 0 [pid 5036] umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./11/file2") = 0 [pid 5036] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./11/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./11") = 0 [pid 5036] mkdir("./12", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 29 ./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x5555564766a0, 24) = 0 [pid 5066] chdir("./12") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5066] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5066] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5066] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5067 attached => {parent_tid=[30]}, 88) = 30 [pid 5067] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] <... rseq resumed>) = 0 [pid 5066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] set_robust_list(0x7f4c079f79a0, 24 [pid 5066] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5066] <... futex resumed>) = 0 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5067] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5067] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] mkdir("./file2", 0777) = 0 [pid 5067] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5067] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] chdir("./file2") = 0 [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] close(4) = 0 [pid 5067] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... openat resumed>) = 4 [pid 5067] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5067] <... futex resumed>) = 1 [pid 5066] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5066] <... futex resumed>) = 0 [ 60.046366][ T5067] loop0: detected capacity change from 0 to 4096 [pid 5066] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... write resumed>) = 1036288 [pid 5067] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5066] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5067] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5066] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... openat resumed>) = 5 [pid 5067] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5067] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... mmap resumed>) = 0x20000000 [pid 5067] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] close(3) = 0 [pid 5067] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] close(4) = 0 [pid 5066] close(5) = 0 [pid 5066] close(6) = -1 EBADF (Bad file descriptor) [pid 5066] close(7) = -1 EBADF (Bad file descriptor) [pid 5066] close(8) = -1 EBADF (Bad file descriptor) [pid 5066] close(9) = -1 EBADF (Bad file descriptor) [pid 5066] close(10) = -1 EBADF (Bad file descriptor) [pid 5066] close(11) = -1 EBADF (Bad file descriptor) [pid 5066] close(12) = -1 EBADF (Bad file descriptor) [pid 5066] close(13) = -1 EBADF (Bad file descriptor) [pid 5066] close(14) = -1 EBADF (Bad file descriptor) [pid 5066] close(15) = -1 EBADF (Bad file descriptor) [pid 5066] close(16) = -1 EBADF (Bad file descriptor) [pid 5066] close(17) = -1 EBADF (Bad file descriptor) [pid 5066] close(18) = -1 EBADF (Bad file descriptor) [pid 5066] close(19) = -1 EBADF (Bad file descriptor) [pid 5066] close(20) = -1 EBADF (Bad file descriptor) [pid 5066] close(21) = -1 EBADF (Bad file descriptor) [pid 5066] close(22) = -1 EBADF (Bad file descriptor) [pid 5066] close(23) = -1 EBADF (Bad file descriptor) [pid 5066] close(24) = -1 EBADF (Bad file descriptor) [pid 5066] close(25) = -1 EBADF (Bad file descriptor) [pid 5066] close(26) = -1 EBADF (Bad file descriptor) [pid 5066] close(27) = -1 EBADF (Bad file descriptor) [pid 5066] close(28) = -1 EBADF (Bad file descriptor) [pid 5066] close(29) = -1 EBADF (Bad file descriptor) [pid 5066] exit_group(0 [pid 5067] <... futex resumed>) = ? [pid 5066] <... exit_group resumed>) = ? [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./12/cgroup.cpu") = 0 [pid 5036] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./12/binderfs") = 0 [pid 5036] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./12/cgroup") = 0 [pid 5036] umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./12/file2") = 0 [pid 5036] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./12/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./12") = 0 [pid 5036] mkdir("./13", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x5555564766a0, 24) = 0 [pid 5068] chdir("./13") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5068] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5068] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5068] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5069 attached => {parent_tid=[32]}, 88) = 32 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 31 [pid 5069] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] <... rseq resumed>) = 0 [pid 5068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5068] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] <... futex resumed>) = 0 [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5068] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5069] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5069] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file2", 0777) = 0 [pid 5069] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5069] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file2") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 1 [pid 5069] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5069] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5068] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 60.232305][ T5069] loop0: detected capacity change from 0 to 4096 [pid 5069] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5069] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5069] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5068] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5069] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5068] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5069] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... mmap resumed>) = 0x20000000 [pid 5069] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] close(3) = 0 [pid 5068] close(4) = 0 [pid 5068] close(5) = 0 [pid 5068] close(6) = -1 EBADF (Bad file descriptor) [pid 5068] close(7) = -1 EBADF (Bad file descriptor) [pid 5068] close(8) = -1 EBADF (Bad file descriptor) [pid 5068] close(9) = -1 EBADF (Bad file descriptor) [pid 5068] close(10) = -1 EBADF (Bad file descriptor) [pid 5068] close(11) = -1 EBADF (Bad file descriptor) [pid 5068] close(12) = -1 EBADF (Bad file descriptor) [pid 5068] close(13) = -1 EBADF (Bad file descriptor) [pid 5068] close(14) = -1 EBADF (Bad file descriptor) [pid 5068] close(15) = -1 EBADF (Bad file descriptor) [pid 5068] close(16) = -1 EBADF (Bad file descriptor) [pid 5068] close(17) = -1 EBADF (Bad file descriptor) [pid 5068] close(18) = -1 EBADF (Bad file descriptor) [pid 5068] close(19) = -1 EBADF (Bad file descriptor) [pid 5068] close(20) = -1 EBADF (Bad file descriptor) [pid 5068] close(21) = -1 EBADF (Bad file descriptor) [pid 5068] close(22) = -1 EBADF (Bad file descriptor) [pid 5068] close(23) = -1 EBADF (Bad file descriptor) [pid 5068] close(24) = -1 EBADF (Bad file descriptor) [pid 5068] close(25) = -1 EBADF (Bad file descriptor) [pid 5068] close(26) = -1 EBADF (Bad file descriptor) [pid 5068] close(27) = -1 EBADF (Bad file descriptor) [pid 5068] close(28) = -1 EBADF (Bad file descriptor) [pid 5068] close(29) = -1 EBADF (Bad file descriptor) [pid 5068] exit_group(0 [pid 5069] <... futex resumed>) = 1 [pid 5069] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5068] <... exit_group resumed>) = ? [pid 5069] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./13/cgroup.cpu") = 0 [pid 5036] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./13/binderfs") = 0 [pid 5036] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./13/cgroup") = 0 [pid 5036] umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./13/file2") = 0 [pid 5036] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./13/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./13") = 0 [pid 5036] mkdir("./14", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached , child_tidptr=0x555556476690) = 33 [pid 5070] set_robust_list(0x5555564766a0, 24) = 0 [pid 5070] chdir("./14") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5070] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5070] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5070] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5071 attached [pid 5071] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5070] <... clone3 resumed> => {parent_tid=[34]}, 88) = 34 [pid 5071] <... rseq resumed>) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] set_robust_list(0x7f4c079f79a0, 24 [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5070] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5070] <... futex resumed>) = 0 [pid 5071] memfd_create("syzkaller", 0 [pid 5070] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5071] <... memfd_create resumed>) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5071] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5071] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file2", 0777) = 0 [pid 5071] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5071] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file2") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [pid 5071] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5070] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... openat resumed>) = 4 [pid 5071] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5071] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 60.388390][ T5071] loop0: detected capacity change from 0 to 4096 [pid 5071] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5071] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5071] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5070] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5071] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5071] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5070] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... openat resumed>) = 5 [pid 5071] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5070] <... futex resumed>) = 0 [pid 5071] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5070] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5071] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] close(3) = 0 [pid 5070] close(4) = 0 [pid 5070] close(5) = 0 [pid 5070] close(6) = -1 EBADF (Bad file descriptor) [pid 5070] close(7) = -1 EBADF (Bad file descriptor) [pid 5070] close(8 [pid 5071] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] close(9) = -1 EBADF (Bad file descriptor) [pid 5070] close(10) = -1 EBADF (Bad file descriptor) [pid 5070] close(11) = -1 EBADF (Bad file descriptor) [pid 5070] close(12) = -1 EBADF (Bad file descriptor) [pid 5070] close(13) = -1 EBADF (Bad file descriptor) [pid 5070] close(14) = -1 EBADF (Bad file descriptor) [pid 5070] close(15) = -1 EBADF (Bad file descriptor) [pid 5070] close(16) = -1 EBADF (Bad file descriptor) [pid 5070] close(17) = -1 EBADF (Bad file descriptor) [pid 5070] close(18) = -1 EBADF (Bad file descriptor) [pid 5070] close(19) = -1 EBADF (Bad file descriptor) [pid 5070] close(20) = -1 EBADF (Bad file descriptor) [pid 5070] close(21) = -1 EBADF (Bad file descriptor) [pid 5070] close(22) = -1 EBADF (Bad file descriptor) [pid 5070] close(23) = -1 EBADF (Bad file descriptor) [pid 5070] close(24) = -1 EBADF (Bad file descriptor) [pid 5070] close(25) = -1 EBADF (Bad file descriptor) [pid 5070] close(26) = -1 EBADF (Bad file descriptor) [pid 5070] close(27) = -1 EBADF (Bad file descriptor) [pid 5070] close(28) = -1 EBADF (Bad file descriptor) [pid 5070] close(29) = -1 EBADF (Bad file descriptor) [pid 5070] exit_group(0) = ? [pid 5071] <... futex resumed>) = ? [pid 5071] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5036] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./14/cgroup.cpu") = 0 [pid 5036] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./14/binderfs") = 0 [pid 5036] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./14/cgroup") = 0 [pid 5036] umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./14/file2") = 0 [pid 5036] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./14/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./14") = 0 [pid 5036] mkdir("./15", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached , child_tidptr=0x555556476690) = 35 [pid 5072] set_robust_list(0x5555564766a0, 24) = 0 [pid 5072] chdir("./15") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5072] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5072] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5072] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5073 attached [pid 5073] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5072] <... clone3 resumed> => {parent_tid=[36]}, 88) = 36 [pid 5073] set_robust_list(0x7f4c079f79a0, 24 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] <... set_robust_list resumed>) = 0 [pid 5072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5072] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] memfd_create("syzkaller", 0 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] <... memfd_create resumed>) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5073] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5073] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file2", 0777) = 0 [pid 5073] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5073] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file2") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5072] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... openat resumed>) = 4 [pid 5073] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5072] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5072] <... futex resumed>) = 0 [ 60.550904][ T5073] loop0: detected capacity change from 0 to 4096 [pid 5072] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... write resumed>) = 1036288 [pid 5073] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5072] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5073] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5072] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... openat resumed>) = 5 [pid 5073] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... futex resumed>) = 0 [pid 5073] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5072] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5073] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5072] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... mmap resumed>) = 0x20000000 [pid 5073] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] close(3 [pid 5073] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... close resumed>) = 0 [pid 5072] close(4) = 0 [pid 5072] close(5) = 0 [pid 5072] close(6) = -1 EBADF (Bad file descriptor) [pid 5072] close(7) = -1 EBADF (Bad file descriptor) [pid 5072] close(8) = -1 EBADF (Bad file descriptor) [pid 5072] close(9) = -1 EBADF (Bad file descriptor) [pid 5072] close(10) = -1 EBADF (Bad file descriptor) [pid 5072] close(11) = -1 EBADF (Bad file descriptor) [pid 5072] close(12) = -1 EBADF (Bad file descriptor) [pid 5072] close(13) = -1 EBADF (Bad file descriptor) [pid 5072] close(14) = -1 EBADF (Bad file descriptor) [pid 5072] close(15) = -1 EBADF (Bad file descriptor) [pid 5072] close(16) = -1 EBADF (Bad file descriptor) [pid 5072] close(17) = -1 EBADF (Bad file descriptor) [pid 5072] close(18) = -1 EBADF (Bad file descriptor) [pid 5072] close(19) = -1 EBADF (Bad file descriptor) [pid 5072] close(20) = -1 EBADF (Bad file descriptor) [pid 5072] close(21) = -1 EBADF (Bad file descriptor) [pid 5072] close(22) = -1 EBADF (Bad file descriptor) [pid 5072] close(23) = -1 EBADF (Bad file descriptor) [pid 5072] close(24) = -1 EBADF (Bad file descriptor) [pid 5072] close(25) = -1 EBADF (Bad file descriptor) [pid 5072] close(26) = -1 EBADF (Bad file descriptor) [pid 5072] close(27) = -1 EBADF (Bad file descriptor) [pid 5072] close(28) = -1 EBADF (Bad file descriptor) [pid 5072] close(29) = -1 EBADF (Bad file descriptor) [pid 5072] exit_group(0 [pid 5073] <... futex resumed>) = ? [pid 5072] <... exit_group resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./15/cgroup.cpu") = 0 [pid 5036] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./15/binderfs") = 0 [pid 5036] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./15/cgroup") = 0 [pid 5036] umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./15/file2") = 0 [pid 5036] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./15/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./15") = 0 [pid 5036] mkdir("./16", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 37 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x5555564766a0, 24) = 0 [pid 5074] chdir("./16") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5074] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5074] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5074] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[38]}, 88) = 38 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5075 attached NULL, 8) = 0 [pid 5074] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5074] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] <... rseq resumed>) = 0 [pid 5075] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5075] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5075] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file2", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5075] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file2") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] <... futex resumed>) = 0 [pid 5075] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5074] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... openat resumed>) = 4 [pid 5075] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5074] <... futex resumed>) = 0 [ 60.732541][ T5075] loop0: detected capacity change from 0 to 4096 [pid 5074] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... write resumed>) = 1036288 [pid 5075] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5074] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5075] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5074] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... openat resumed>) = 5 [pid 5075] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5075] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5074] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5075] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5075] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] close(3) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5075] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] close(4) = 0 [pid 5074] close(5) = 0 [pid 5074] close(6) = -1 EBADF (Bad file descriptor) [pid 5074] close(7) = -1 EBADF (Bad file descriptor) [pid 5074] close(8) = -1 EBADF (Bad file descriptor) [pid 5074] close(9) = -1 EBADF (Bad file descriptor) [pid 5074] close(10) = -1 EBADF (Bad file descriptor) [pid 5074] close(11) = -1 EBADF (Bad file descriptor) [pid 5074] close(12) = -1 EBADF (Bad file descriptor) [pid 5074] close(13) = -1 EBADF (Bad file descriptor) [pid 5074] close(14) = -1 EBADF (Bad file descriptor) [pid 5074] close(15) = -1 EBADF (Bad file descriptor) [pid 5074] close(16) = -1 EBADF (Bad file descriptor) [pid 5074] close(17) = -1 EBADF (Bad file descriptor) [pid 5074] close(18) = -1 EBADF (Bad file descriptor) [pid 5074] close(19) = -1 EBADF (Bad file descriptor) [pid 5074] close(20) = -1 EBADF (Bad file descriptor) [pid 5074] close(21) = -1 EBADF (Bad file descriptor) [pid 5074] close(22) = -1 EBADF (Bad file descriptor) [pid 5074] close(23) = -1 EBADF (Bad file descriptor) [pid 5074] close(24) = -1 EBADF (Bad file descriptor) [pid 5074] close(25) = -1 EBADF (Bad file descriptor) [pid 5074] close(26) = -1 EBADF (Bad file descriptor) [pid 5074] close(27) = -1 EBADF (Bad file descriptor) [pid 5074] close(28) = -1 EBADF (Bad file descriptor) [pid 5074] close(29) = -1 EBADF (Bad file descriptor) [pid 5074] exit_group(0) = ? [pid 5075] <... futex resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./16/cgroup.cpu") = 0 [pid 5036] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./16/binderfs") = 0 [pid 5036] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./16/cgroup") = 0 [pid 5036] umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./16/file2") = 0 [pid 5036] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./16/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./16") = 0 [pid 5036] mkdir("./17", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 39 ./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x5555564766a0, 24) = 0 [pid 5076] chdir("./17") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5076] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5076] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5076] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[40]}, 88) = 40 ./strace-static-x86_64: Process 5077 attached [pid 5076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5076] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5077] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5077] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5077] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5077] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] mkdir("./file2", 0777) = 0 [pid 5077] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5077] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] chdir("./file2") = 0 [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [pid 5077] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5077] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5076] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... openat resumed>) = 4 [pid 5077] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5076] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... write resumed>) = 1036288 [pid 5077] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5076] <... futex resumed>) = 0 [ 60.925254][ T5077] loop0: detected capacity change from 0 to 4096 [pid 5076] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5077] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5076] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... openat resumed>) = 5 [pid 5077] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... futex resumed>) = 0 [pid 5077] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5077] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5077] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5076] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... mmap resumed>) = 0x20000000 [pid 5077] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5076] close(3) = 0 [pid 5076] close(4) = 0 [pid 5076] close(5) = 0 [pid 5076] close(6) = -1 EBADF (Bad file descriptor) [pid 5076] close(7) = -1 EBADF (Bad file descriptor) [pid 5076] close(8) = -1 EBADF (Bad file descriptor) [pid 5076] close(9) = -1 EBADF (Bad file descriptor) [pid 5076] close(10) = -1 EBADF (Bad file descriptor) [pid 5077] <... futex resumed>) = 1 [pid 5076] close(11) = -1 EBADF (Bad file descriptor) [pid 5077] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] close(12) = -1 EBADF (Bad file descriptor) [pid 5076] close(13) = -1 EBADF (Bad file descriptor) [pid 5076] close(14) = -1 EBADF (Bad file descriptor) [pid 5076] close(15) = -1 EBADF (Bad file descriptor) [pid 5076] close(16) = -1 EBADF (Bad file descriptor) [pid 5076] close(17) = -1 EBADF (Bad file descriptor) [pid 5076] close(18) = -1 EBADF (Bad file descriptor) [pid 5076] close(19) = -1 EBADF (Bad file descriptor) [pid 5076] close(20) = -1 EBADF (Bad file descriptor) [pid 5076] close(21) = -1 EBADF (Bad file descriptor) [pid 5076] close(22) = -1 EBADF (Bad file descriptor) [pid 5076] close(23) = -1 EBADF (Bad file descriptor) [pid 5076] close(24) = -1 EBADF (Bad file descriptor) [pid 5076] close(25) = -1 EBADF (Bad file descriptor) [pid 5076] close(26) = -1 EBADF (Bad file descriptor) [pid 5076] close(27) = -1 EBADF (Bad file descriptor) [pid 5076] close(28) = -1 EBADF (Bad file descriptor) [pid 5076] close(29) = -1 EBADF (Bad file descriptor) [pid 5076] exit_group(0) = ? [pid 5077] <... futex resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5076] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./17/cgroup.cpu") = 0 [pid 5036] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./17/binderfs") = 0 [pid 5036] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./17/cgroup") = 0 [pid 5036] umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./17/file2") = 0 [pid 5036] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./17/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./17") = 0 [pid 5036] mkdir("./18", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached , child_tidptr=0x555556476690) = 41 [pid 5078] set_robust_list(0x5555564766a0, 24) = 0 [pid 5078] chdir("./18") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5078] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5078] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5078] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5079 attached [pid 5079] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5079] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] <... clone3 resumed> => {parent_tid=[42]}, 88) = 42 [pid 5079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5078] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5079] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5079] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file2", 0777) = 0 [pid 5079] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5079] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file2") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5079] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5079] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 61.082353][ T5079] loop0: detected capacity change from 0 to 4096 [pid 5078] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... write resumed>) = 1036288 [pid 5079] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5079] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5078] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5079] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5078] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... openat resumed>) = 5 [pid 5079] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5078] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5079] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5078] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] close(3) = 0 [pid 5078] close(4) = 0 [pid 5078] close(5) = 0 [pid 5078] close(6) = -1 EBADF (Bad file descriptor) [pid 5078] close(7) = -1 EBADF (Bad file descriptor) [pid 5078] close(8) = -1 EBADF (Bad file descriptor) [pid 5078] close(9) = -1 EBADF (Bad file descriptor) [pid 5078] close(10) = -1 EBADF (Bad file descriptor) [pid 5078] close(11) = -1 EBADF (Bad file descriptor) [pid 5078] close(12) = -1 EBADF (Bad file descriptor) [pid 5078] close(13) = -1 EBADF (Bad file descriptor) [pid 5078] close(14) = -1 EBADF (Bad file descriptor) [pid 5078] close(15) = -1 EBADF (Bad file descriptor) [pid 5078] close(16) = -1 EBADF (Bad file descriptor) [pid 5078] close(17) = -1 EBADF (Bad file descriptor) [pid 5078] close(18) = -1 EBADF (Bad file descriptor) [pid 5078] close(19) = -1 EBADF (Bad file descriptor) [pid 5078] close(20) = -1 EBADF (Bad file descriptor) [pid 5078] close(21) = -1 EBADF (Bad file descriptor) [pid 5078] close(22) = -1 EBADF (Bad file descriptor) [pid 5078] close(23) = -1 EBADF (Bad file descriptor) [pid 5078] close(24) = -1 EBADF (Bad file descriptor) [pid 5078] close(25) = -1 EBADF (Bad file descriptor) [pid 5078] close(26) = -1 EBADF (Bad file descriptor) [pid 5078] close(27) = -1 EBADF (Bad file descriptor) [pid 5078] close(28) = -1 EBADF (Bad file descriptor) [pid 5078] close(29) = -1 EBADF (Bad file descriptor) [pid 5078] exit_group(0) = ? [pid 5079] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./18/cgroup.cpu") = 0 [pid 5036] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./18/binderfs") = 0 [pid 5036] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./18/cgroup") = 0 [pid 5036] umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./18/file2") = 0 [pid 5036] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./18/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./18") = 0 [pid 5036] mkdir("./19", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x5555564766a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 43 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5080] chdir("./19") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5080] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5080] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5080] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5080] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5081 attached => {parent_tid=[44]}, 88) = 44 [pid 5081] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5081] <... rseq resumed>) = 0 [pid 5080] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] set_robust_list(0x7f4c079f79a0, 24 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] <... set_robust_list resumed>) = 0 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5081] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5081] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file2", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5081] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file2") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5081] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5080] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5081] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5081] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [ 61.257281][ T5081] loop0: detected capacity change from 0 to 4096 [pid 5080] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5081] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5081] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5081] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5081] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] close(3) = 0 [pid 5080] close(4) = 0 [pid 5080] close(5 [pid 5081] <... futex resumed>) = 1 [pid 5081] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... close resumed>) = 0 [pid 5080] close(6) = -1 EBADF (Bad file descriptor) [pid 5080] close(7) = -1 EBADF (Bad file descriptor) [pid 5080] close(8) = -1 EBADF (Bad file descriptor) [pid 5080] close(9) = -1 EBADF (Bad file descriptor) [pid 5080] close(10) = -1 EBADF (Bad file descriptor) [pid 5080] close(11) = -1 EBADF (Bad file descriptor) [pid 5080] close(12) = -1 EBADF (Bad file descriptor) [pid 5080] close(13) = -1 EBADF (Bad file descriptor) [pid 5080] close(14) = -1 EBADF (Bad file descriptor) [pid 5080] close(15) = -1 EBADF (Bad file descriptor) [pid 5080] close(16) = -1 EBADF (Bad file descriptor) [pid 5080] close(17) = -1 EBADF (Bad file descriptor) [pid 5080] close(18) = -1 EBADF (Bad file descriptor) [pid 5080] close(19) = -1 EBADF (Bad file descriptor) [pid 5080] close(20) = -1 EBADF (Bad file descriptor) [pid 5080] close(21) = -1 EBADF (Bad file descriptor) [pid 5080] close(22) = -1 EBADF (Bad file descriptor) [pid 5080] close(23) = -1 EBADF (Bad file descriptor) [pid 5080] close(24) = -1 EBADF (Bad file descriptor) [pid 5080] close(25) = -1 EBADF (Bad file descriptor) [pid 5080] close(26) = -1 EBADF (Bad file descriptor) [pid 5080] close(27) = -1 EBADF (Bad file descriptor) [pid 5080] close(28) = -1 EBADF (Bad file descriptor) [pid 5080] close(29) = -1 EBADF (Bad file descriptor) [pid 5080] exit_group(0 [pid 5081] <... futex resumed>) = ? [pid 5080] <... exit_group resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./19/cgroup.cpu") = 0 [pid 5036] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./19/binderfs") = 0 [pid 5036] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./19/cgroup") = 0 [pid 5036] umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./19/file2") = 0 [pid 5036] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./19/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./19") = 0 [pid 5036] mkdir("./20", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x555556476690) = 45 [pid 5082] set_robust_list(0x5555564766a0, 24) = 0 [pid 5082] chdir("./20") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5082] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5082] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5082] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5083 attached [pid 5083] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5082] <... clone3 resumed> => {parent_tid=[46]}, 88) = 46 [pid 5083] <... rseq resumed>) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] set_robust_list(0x7f4c079f79a0, 24 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5082] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5083] memfd_create("syzkaller", 0 [pid 5082] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... memfd_create resumed>) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5083] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5083] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file2", 0777) = 0 [pid 5083] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5083] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file2") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5083] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5082] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... openat resumed>) = 4 [pid 5083] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5083] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5082] <... futex resumed>) = 0 [ 61.408354][ T5083] loop0: detected capacity change from 0 to 4096 [pid 5082] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... write resumed>) = 1036288 [pid 5083] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5083] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5083] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5083] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5083] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] close(3) = 0 [pid 5082] close(4 [pid 5083] <... futex resumed>) = 1 [pid 5082] <... close resumed>) = 0 [pid 5083] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] close(5) = 0 [pid 5082] close(6) = -1 EBADF (Bad file descriptor) [pid 5082] close(7) = -1 EBADF (Bad file descriptor) [pid 5082] close(8) = -1 EBADF (Bad file descriptor) [pid 5082] close(9) = -1 EBADF (Bad file descriptor) [pid 5082] close(10) = -1 EBADF (Bad file descriptor) [pid 5082] close(11) = -1 EBADF (Bad file descriptor) [pid 5082] close(12) = -1 EBADF (Bad file descriptor) [pid 5082] close(13) = -1 EBADF (Bad file descriptor) [pid 5082] close(14) = -1 EBADF (Bad file descriptor) [pid 5082] close(15) = -1 EBADF (Bad file descriptor) [pid 5082] close(16) = -1 EBADF (Bad file descriptor) [pid 5082] close(17) = -1 EBADF (Bad file descriptor) [pid 5082] close(18) = -1 EBADF (Bad file descriptor) [pid 5082] close(19) = -1 EBADF (Bad file descriptor) [pid 5082] close(20) = -1 EBADF (Bad file descriptor) [pid 5082] close(21) = -1 EBADF (Bad file descriptor) [pid 5082] close(22) = -1 EBADF (Bad file descriptor) [pid 5082] close(23) = -1 EBADF (Bad file descriptor) [pid 5082] close(24) = -1 EBADF (Bad file descriptor) [pid 5082] close(25) = -1 EBADF (Bad file descriptor) [pid 5082] close(26) = -1 EBADF (Bad file descriptor) [pid 5082] close(27) = -1 EBADF (Bad file descriptor) [pid 5082] close(28) = -1 EBADF (Bad file descriptor) [pid 5082] close(29) = -1 EBADF (Bad file descriptor) [pid 5082] exit_group(0 [pid 5083] <... futex resumed>) = ? [pid 5082] <... exit_group resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./20/cgroup.cpu") = 0 [pid 5036] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./20/binderfs") = 0 [pid 5036] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./20/cgroup") = 0 [pid 5036] umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./20/file2") = 0 [pid 5036] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./20/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./20") = 0 [pid 5036] mkdir("./21", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x5555564766a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 47 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5084] chdir("./21") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5084] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5084] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5084] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5085 attached [pid 5085] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5085] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] <... clone3 resumed> => {parent_tid=[48]}, 88) = 48 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5084] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5085] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5085] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file2", 0777) = 0 [pid 5085] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5085] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file2") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5085] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5084] <... futex resumed>) = 0 [ 61.591346][ T5085] loop0: detected capacity change from 0 to 4096 [pid 5084] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... write resumed>) = 1036288 [pid 5085] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5085] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5085] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5085] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5085] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] close(3) = 0 [pid 5084] close(4) = 0 [pid 5084] close(5) = 0 [pid 5084] close(6) = -1 EBADF (Bad file descriptor) [pid 5084] close(7) = -1 EBADF (Bad file descriptor) [pid 5084] close(8) = -1 EBADF (Bad file descriptor) [pid 5084] close(9) = -1 EBADF (Bad file descriptor) [pid 5085] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] close(10) = -1 EBADF (Bad file descriptor) [pid 5084] close(11) = -1 EBADF (Bad file descriptor) [pid 5084] close(12) = -1 EBADF (Bad file descriptor) [pid 5084] close(13) = -1 EBADF (Bad file descriptor) [pid 5084] close(14) = -1 EBADF (Bad file descriptor) [pid 5084] close(15) = -1 EBADF (Bad file descriptor) [pid 5084] close(16) = -1 EBADF (Bad file descriptor) [pid 5084] close(17) = -1 EBADF (Bad file descriptor) [pid 5084] close(18) = -1 EBADF (Bad file descriptor) [pid 5084] close(19) = -1 EBADF (Bad file descriptor) [pid 5084] close(20) = -1 EBADF (Bad file descriptor) [pid 5084] close(21) = -1 EBADF (Bad file descriptor) [pid 5084] close(22) = -1 EBADF (Bad file descriptor) [pid 5084] close(23) = -1 EBADF (Bad file descriptor) [pid 5084] close(24) = -1 EBADF (Bad file descriptor) [pid 5084] close(25) = -1 EBADF (Bad file descriptor) [pid 5084] close(26) = -1 EBADF (Bad file descriptor) [pid 5084] close(27) = -1 EBADF (Bad file descriptor) [pid 5084] close(28) = -1 EBADF (Bad file descriptor) [pid 5084] close(29) = -1 EBADF (Bad file descriptor) [pid 5084] exit_group(0 [pid 5085] <... futex resumed>) = ? [pid 5084] <... exit_group resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./21/cgroup.cpu") = 0 [pid 5036] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./21/binderfs") = 0 [pid 5036] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./21/cgroup") = 0 [pid 5036] umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./21/file2") = 0 [pid 5036] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./21/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./21") = 0 [pid 5036] mkdir("./22", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x5555564766a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 49 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5086] chdir("./22") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5086] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5086] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5086] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5087 attached [pid 5087] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5086] <... clone3 resumed> => {parent_tid=[50]}, 88) = 50 [pid 5087] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5087] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5087] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file2", 0777) = 0 [pid 5087] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5087] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file2") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5086] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... openat resumed>) = 4 [pid 5087] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 1 [pid 5087] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 61.766809][ T5087] loop0: detected capacity change from 0 to 4096 [pid 5086] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... write resumed>) = 1036288 [pid 5087] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5086] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5087] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5086] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... openat resumed>) = 5 [pid 5087] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5087] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5087] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] close(3) = 0 [pid 5086] close(4 [pid 5087] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... close resumed>) = 0 [pid 5086] close(5) = 0 [pid 5086] close(6) = -1 EBADF (Bad file descriptor) [pid 5086] close(7) = -1 EBADF (Bad file descriptor) [pid 5086] close(8) = -1 EBADF (Bad file descriptor) [pid 5086] close(9) = -1 EBADF (Bad file descriptor) [pid 5086] close(10) = -1 EBADF (Bad file descriptor) [pid 5086] close(11) = -1 EBADF (Bad file descriptor) [pid 5086] close(12) = -1 EBADF (Bad file descriptor) [pid 5086] close(13) = -1 EBADF (Bad file descriptor) [pid 5086] close(14) = -1 EBADF (Bad file descriptor) [pid 5086] close(15) = -1 EBADF (Bad file descriptor) [pid 5086] close(16) = -1 EBADF (Bad file descriptor) [pid 5086] close(17) = -1 EBADF (Bad file descriptor) [pid 5086] close(18) = -1 EBADF (Bad file descriptor) [pid 5086] close(19) = -1 EBADF (Bad file descriptor) [pid 5086] close(20) = -1 EBADF (Bad file descriptor) [pid 5086] close(21) = -1 EBADF (Bad file descriptor) [pid 5086] close(22) = -1 EBADF (Bad file descriptor) [pid 5086] close(23) = -1 EBADF (Bad file descriptor) [pid 5086] close(24) = -1 EBADF (Bad file descriptor) [pid 5086] close(25) = -1 EBADF (Bad file descriptor) [pid 5086] close(26) = -1 EBADF (Bad file descriptor) [pid 5086] close(27) = -1 EBADF (Bad file descriptor) [pid 5086] close(28) = -1 EBADF (Bad file descriptor) [pid 5086] close(29) = -1 EBADF (Bad file descriptor) [pid 5086] exit_group(0) = ? [pid 5087] <... futex resumed>) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./22/cgroup.cpu") = 0 [pid 5036] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./22/binderfs") = 0 [pid 5036] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./22/cgroup") = 0 [pid 5036] umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./22/file2") = 0 [pid 5036] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./22/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./22") = 0 [pid 5036] mkdir("./23", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x5555564766a0, 24) = 0 [pid 5088] chdir("./23") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5088] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5088] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5088] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5089 attached [pid 5089] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5088] <... clone3 resumed> => {parent_tid=[52]}, 88) = 52 [pid 5089] set_robust_list(0x7f4c079f79a0, 24 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] <... set_robust_list resumed>) = 0 [pid 5088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5089] memfd_create("syzkaller", 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 51 [pid 5088] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] <... memfd_create resumed>) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5089] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5089] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] mkdir("./file2", 0777) = 0 [pid 5089] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5089] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file2") = 0 [pid 5089] ioctl(4, LOOP_CLR_FD) = 0 [pid 5089] close(4) = 0 [pid 5089] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5088] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5088] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... openat resumed>) = 4 [pid 5089] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5088] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.937577][ T5089] loop0: detected capacity change from 0 to 4096 [pid 5089] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5089] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] <... futex resumed>) = 0 [pid 5089] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5088] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5089] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... openat resumed>) = 5 [pid 5089] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] <... futex resumed>) = 0 [pid 5089] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5088] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] <... futex resumed>) = 0 [pid 5088] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] close(3) = 0 [pid 5088] close(4) = 0 [pid 5088] close(5) = 0 [pid 5088] close(6) = -1 EBADF (Bad file descriptor) [pid 5088] close(7) = -1 EBADF (Bad file descriptor) [pid 5088] close(8) = -1 EBADF (Bad file descriptor) [pid 5088] close(9) = -1 EBADF (Bad file descriptor) [pid 5088] close(10) = -1 EBADF (Bad file descriptor) [pid 5088] close(11) = -1 EBADF (Bad file descriptor) [pid 5088] close(12) = -1 EBADF (Bad file descriptor) [pid 5088] close(13) = -1 EBADF (Bad file descriptor) [pid 5088] close(14) = -1 EBADF (Bad file descriptor) [pid 5088] close(15) = -1 EBADF (Bad file descriptor) [pid 5088] close(16) = -1 EBADF (Bad file descriptor) [pid 5088] close(17) = -1 EBADF (Bad file descriptor) [pid 5088] close(18) = -1 EBADF (Bad file descriptor) [pid 5088] close(19) = -1 EBADF (Bad file descriptor) [pid 5088] close(20) = -1 EBADF (Bad file descriptor) [pid 5088] close(21) = -1 EBADF (Bad file descriptor) [pid 5088] close(22) = -1 EBADF (Bad file descriptor) [pid 5088] close(23) = -1 EBADF (Bad file descriptor) [pid 5088] close(24) = -1 EBADF (Bad file descriptor) [pid 5088] close(25) = -1 EBADF (Bad file descriptor) [pid 5088] close(26) = -1 EBADF (Bad file descriptor) [pid 5088] close(27) = -1 EBADF (Bad file descriptor) [pid 5088] close(28) = -1 EBADF (Bad file descriptor) [pid 5088] close(29) = -1 EBADF (Bad file descriptor) [pid 5088] exit_group(0 [pid 5089] <... futex resumed>) = ? [pid 5088] <... exit_group resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./23/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./23/cgroup.cpu") = 0 [pid 5036] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./23/binderfs") = 0 [pid 5036] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./23/cgroup") = 0 [pid 5036] umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./23/file2") = 0 [pid 5036] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./23/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./23") = 0 [pid 5036] mkdir("./24", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 53 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x5555564766a0, 24) = 0 [pid 5090] chdir("./24") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5090] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5090] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5090] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[54]}, 88) = 54 ./strace-static-x86_64: Process 5091 attached [pid 5091] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] <... rseq resumed>) = 0 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5090] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5091] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5091] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file2", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5091] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file2") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5091] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5090] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... openat resumed>) = 4 [pid 5091] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = 0 [pid 5091] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 62.099308][ T5091] loop0: detected capacity change from 0 to 4096 [pid 5090] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... write resumed>) = 1036288 [pid 5091] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5091] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = 0 [pid 5091] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5090] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... openat resumed>) = 5 [pid 5091] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = 0 [pid 5091] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5090] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5091] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... mmap resumed>) = 0x20000000 [pid 5091] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] close(3 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... close resumed>) = 0 [pid 5091] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] close(4) = 0 [pid 5090] close(5) = 0 [pid 5090] close(6) = -1 EBADF (Bad file descriptor) [pid 5090] close(7) = -1 EBADF (Bad file descriptor) [pid 5090] close(8) = -1 EBADF (Bad file descriptor) [pid 5090] close(9) = -1 EBADF (Bad file descriptor) [pid 5090] close(10) = -1 EBADF (Bad file descriptor) [pid 5090] close(11) = -1 EBADF (Bad file descriptor) [pid 5090] close(12) = -1 EBADF (Bad file descriptor) [pid 5090] close(13) = -1 EBADF (Bad file descriptor) [pid 5090] close(14) = -1 EBADF (Bad file descriptor) [pid 5090] close(15) = -1 EBADF (Bad file descriptor) [pid 5090] close(16) = -1 EBADF (Bad file descriptor) [pid 5090] close(17) = -1 EBADF (Bad file descriptor) [pid 5090] close(18) = -1 EBADF (Bad file descriptor) [pid 5090] close(19) = -1 EBADF (Bad file descriptor) [pid 5090] close(20) = -1 EBADF (Bad file descriptor) [pid 5090] close(21) = -1 EBADF (Bad file descriptor) [pid 5090] close(22) = -1 EBADF (Bad file descriptor) [pid 5090] close(23) = -1 EBADF (Bad file descriptor) [pid 5090] close(24) = -1 EBADF (Bad file descriptor) [pid 5090] close(25) = -1 EBADF (Bad file descriptor) [pid 5090] close(26) = -1 EBADF (Bad file descriptor) [pid 5090] close(27) = -1 EBADF (Bad file descriptor) [pid 5090] close(28) = -1 EBADF (Bad file descriptor) [pid 5090] close(29) = -1 EBADF (Bad file descriptor) [pid 5090] exit_group(0) = ? [pid 5091] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./24/cgroup.cpu") = 0 [pid 5036] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./24/binderfs") = 0 [pid 5036] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./24/cgroup") = 0 [pid 5036] umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./24/file2") = 0 [pid 5036] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./24/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./24") = 0 [pid 5036] mkdir("./25", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x5555564766a0, 24) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 55 [pid 5092] chdir("./25") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5092] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5092] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5092] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5093 attached [pid 5093] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5093] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... clone3 resumed> => {parent_tid=[56]}, 88) = 56 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5092] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5093] memfd_create("syzkaller", 0 [pid 5092] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5093] <... memfd_create resumed>) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5093] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5093] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file2", 0777) = 0 [pid 5093] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5093] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file2") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... openat resumed>) = 4 [pid 5093] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5093] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 62.287321][ T5093] loop0: detected capacity change from 0 to 4096 [pid 5092] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... write resumed>) = 1036288 [pid 5093] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5092] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5093] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5093] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5093] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5092] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5092] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] close(3) = 0 [pid 5092] close(4) = 0 [pid 5092] close(5) = 0 [pid 5092] close(6) = -1 EBADF (Bad file descriptor) [pid 5092] close(7) = -1 EBADF (Bad file descriptor) [pid 5092] close(8) = -1 EBADF (Bad file descriptor) [pid 5092] close(9) = -1 EBADF (Bad file descriptor) [pid 5092] close(10) = -1 EBADF (Bad file descriptor) [pid 5092] close(11) = -1 EBADF (Bad file descriptor) [pid 5092] close(12) = -1 EBADF (Bad file descriptor) [pid 5092] close(13) = -1 EBADF (Bad file descriptor) [pid 5092] close(14) = -1 EBADF (Bad file descriptor) [pid 5092] close(15) = -1 EBADF (Bad file descriptor) [pid 5092] close(16) = -1 EBADF (Bad file descriptor) [pid 5092] close(17) = -1 EBADF (Bad file descriptor) [pid 5092] close(18) = -1 EBADF (Bad file descriptor) [pid 5092] close(19) = -1 EBADF (Bad file descriptor) [pid 5092] close(20) = -1 EBADF (Bad file descriptor) [pid 5092] close(21) = -1 EBADF (Bad file descriptor) [pid 5092] close(22) = -1 EBADF (Bad file descriptor) [pid 5092] close(23) = -1 EBADF (Bad file descriptor) [pid 5092] close(24) = -1 EBADF (Bad file descriptor) [pid 5092] close(25) = -1 EBADF (Bad file descriptor) [pid 5092] close(26) = -1 EBADF (Bad file descriptor) [pid 5092] close(27) = -1 EBADF (Bad file descriptor) [pid 5092] close(28) = -1 EBADF (Bad file descriptor) [pid 5092] close(29) = -1 EBADF (Bad file descriptor) [pid 5092] exit_group(0) = ? [pid 5093] <... futex resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./25/cgroup.cpu") = 0 [pid 5036] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./25/binderfs") = 0 [pid 5036] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./25/cgroup") = 0 [pid 5036] umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./25/file2") = 0 [pid 5036] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./25/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./25") = 0 [pid 5036] mkdir("./26", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x5555564766a0, 24) = 0 [pid 5094] chdir("./26" [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 57 [pid 5094] <... chdir resumed>) = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5094] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5094] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5094] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5095 attached => {parent_tid=[58]}, 88) = 58 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5094] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5095] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5095] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5095] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5095] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] mkdir("./file2", 0777) = 0 [pid 5095] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5095] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5095] chdir("./file2") = 0 [pid 5095] ioctl(4, LOOP_CLR_FD) = 0 [pid 5095] close(4) = 0 [pid 5095] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5095] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5095] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5095] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = 0 [pid 5095] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 62.462657][ T5095] loop0: detected capacity change from 0 to 4096 [pid 5094] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... write resumed>) = 1036288 [pid 5095] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5095] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5095] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = 0 [pid 5095] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5094] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... openat resumed>) = 5 [pid 5095] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5095] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5095] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] close(3) = 0 [pid 5094] close(4) = 0 [pid 5094] close(5) = 0 [pid 5094] close(6) = -1 EBADF (Bad file descriptor) [pid 5094] close(7) = -1 EBADF (Bad file descriptor) [pid 5094] close(8) = -1 EBADF (Bad file descriptor) [pid 5094] close(9) = -1 EBADF (Bad file descriptor) [pid 5094] close(10 [pid 5095] <... futex resumed>) = 1 [pid 5094] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5095] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] close(11) = -1 EBADF (Bad file descriptor) [pid 5094] close(12) = -1 EBADF (Bad file descriptor) [pid 5094] close(13) = -1 EBADF (Bad file descriptor) [pid 5094] close(14) = -1 EBADF (Bad file descriptor) [pid 5094] close(15) = -1 EBADF (Bad file descriptor) [pid 5094] close(16) = -1 EBADF (Bad file descriptor) [pid 5094] close(17) = -1 EBADF (Bad file descriptor) [pid 5094] close(18) = -1 EBADF (Bad file descriptor) [pid 5094] close(19) = -1 EBADF (Bad file descriptor) [pid 5094] close(20) = -1 EBADF (Bad file descriptor) [pid 5094] close(21) = -1 EBADF (Bad file descriptor) [pid 5094] close(22) = -1 EBADF (Bad file descriptor) [pid 5094] close(23) = -1 EBADF (Bad file descriptor) [pid 5094] close(24) = -1 EBADF (Bad file descriptor) [pid 5094] close(25) = -1 EBADF (Bad file descriptor) [pid 5094] close(26) = -1 EBADF (Bad file descriptor) [pid 5094] close(27) = -1 EBADF (Bad file descriptor) [pid 5094] close(28) = -1 EBADF (Bad file descriptor) [pid 5094] close(29) = -1 EBADF (Bad file descriptor) [pid 5094] exit_group(0 [pid 5095] <... futex resumed>) = ? [pid 5094] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./26/cgroup.cpu") = 0 [pid 5036] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./26/binderfs") = 0 [pid 5036] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./26/cgroup") = 0 [pid 5036] umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./26/file2") = 0 [pid 5036] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./26/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./26") = 0 [pid 5036] mkdir("./27", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 59 ./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x5555564766a0, 24) = 0 [pid 5096] chdir("./27") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5096] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5096] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5096] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[60]}, 88) = 60 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5097 attached NULL, 8) = 0 [pid 5097] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5096] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... rseq resumed>) = 0 [pid 5096] <... futex resumed>) = 0 [pid 5097] set_robust_list(0x7f4c079f79a0, 24 [pid 5096] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5097] <... set_robust_list resumed>) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5097] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5097] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./file2", 0777) = 0 [pid 5097] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5097] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file2") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... openat resumed>) = 4 [pid 5097] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5097] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 62.639427][ T5097] loop0: detected capacity change from 0 to 4096 [pid 5096] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... write resumed>) = 1036288 [pid 5097] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] <... futex resumed>) = 1 [pid 5096] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5097] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5097] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5097] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5097] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5096] close(3) = 0 [pid 5097] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] close(4) = 0 [pid 5096] close(5) = 0 [pid 5096] close(6) = -1 EBADF (Bad file descriptor) [pid 5096] close(7) = -1 EBADF (Bad file descriptor) [pid 5096] close(8) = -1 EBADF (Bad file descriptor) [pid 5096] close(9) = -1 EBADF (Bad file descriptor) [pid 5096] close(10) = -1 EBADF (Bad file descriptor) [pid 5096] close(11) = -1 EBADF (Bad file descriptor) [pid 5096] close(12) = -1 EBADF (Bad file descriptor) [pid 5096] close(13) = -1 EBADF (Bad file descriptor) [pid 5096] close(14) = -1 EBADF (Bad file descriptor) [pid 5096] close(15) = -1 EBADF (Bad file descriptor) [pid 5096] close(16) = -1 EBADF (Bad file descriptor) [pid 5096] close(17) = -1 EBADF (Bad file descriptor) [pid 5096] close(18) = -1 EBADF (Bad file descriptor) [pid 5096] close(19) = -1 EBADF (Bad file descriptor) [pid 5096] close(20) = -1 EBADF (Bad file descriptor) [pid 5096] close(21) = -1 EBADF (Bad file descriptor) [pid 5096] close(22) = -1 EBADF (Bad file descriptor) [pid 5096] close(23) = -1 EBADF (Bad file descriptor) [pid 5096] close(24) = -1 EBADF (Bad file descriptor) [pid 5096] close(25) = -1 EBADF (Bad file descriptor) [pid 5096] close(26) = -1 EBADF (Bad file descriptor) [pid 5096] close(27) = -1 EBADF (Bad file descriptor) [pid 5096] close(28) = -1 EBADF (Bad file descriptor) [pid 5096] close(29) = -1 EBADF (Bad file descriptor) [pid 5096] exit_group(0) = ? [pid 5097] <... futex resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./27/cgroup.cpu") = 0 [pid 5036] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./27/binderfs") = 0 [pid 5036] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./27/cgroup") = 0 [pid 5036] umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./27/file2") = 0 [pid 5036] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./27/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./27") = 0 [pid 5036] mkdir("./28", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x555556476690) = 61 [pid 5098] set_robust_list(0x5555564766a0, 24) = 0 [pid 5098] chdir("./28") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5098] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5098] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5098] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5099 attached => {parent_tid=[62]}, 88) = 62 [pid 5099] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] <... rseq resumed>) = 0 [pid 5099] set_robust_list(0x7f4c079f79a0, 24 [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5099] <... set_robust_list resumed>) = 0 [pid 5098] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5099] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5099] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file2", 0777) = 0 [pid 5099] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5099] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file2") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... openat resumed>) = 4 [pid 5099] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5098] <... futex resumed>) = 0 [ 62.818315][ T5099] loop0: detected capacity change from 0 to 4096 [pid 5098] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... write resumed>) = 1036288 [pid 5099] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 1 [pid 5099] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5099] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5099] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5098] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... openat resumed>) = 5 [pid 5099] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5098] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5099] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5098] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... mmap resumed>) = 0x20000000 [pid 5099] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] close(3) = 0 [pid 5098] close(4) = 0 [pid 5098] close(5) = 0 [pid 5098] close(6) = -1 EBADF (Bad file descriptor) [pid 5098] close(7) = -1 EBADF (Bad file descriptor) [pid 5098] close(8) = -1 EBADF (Bad file descriptor) [pid 5098] close(9) = -1 EBADF (Bad file descriptor) [pid 5098] close(10) = -1 EBADF (Bad file descriptor) [pid 5098] close(11) = -1 EBADF (Bad file descriptor) [pid 5098] close(12) = -1 EBADF (Bad file descriptor) [pid 5098] close(13) = -1 EBADF (Bad file descriptor) [pid 5098] close(14) = -1 EBADF (Bad file descriptor) [pid 5098] close(15) = -1 EBADF (Bad file descriptor) [pid 5098] close(16) = -1 EBADF (Bad file descriptor) [pid 5098] close(17) = -1 EBADF (Bad file descriptor) [pid 5098] close(18) = -1 EBADF (Bad file descriptor) [pid 5098] close(19) = -1 EBADF (Bad file descriptor) [pid 5098] close(20) = -1 EBADF (Bad file descriptor) [pid 5098] close(21) = -1 EBADF (Bad file descriptor) [pid 5098] close(22) = -1 EBADF (Bad file descriptor) [pid 5098] close(23) = -1 EBADF (Bad file descriptor) [pid 5098] close(24) = -1 EBADF (Bad file descriptor) [pid 5098] close(25) = -1 EBADF (Bad file descriptor) [pid 5098] close(26) = -1 EBADF (Bad file descriptor) [pid 5098] close(27) = -1 EBADF (Bad file descriptor) [pid 5098] close(28) = -1 EBADF (Bad file descriptor) [pid 5098] close(29) = -1 EBADF (Bad file descriptor) [pid 5098] exit_group(0 [pid 5099] <... futex resumed>) = ? [pid 5098] <... exit_group resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./28/cgroup.cpu") = 0 [pid 5036] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./28/binderfs") = 0 [pid 5036] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./28/cgroup") = 0 [pid 5036] umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./28/file2") = 0 [pid 5036] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./28/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./28") = 0 [pid 5036] mkdir("./29", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 63 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x5555564766a0, 24) = 0 [pid 5100] chdir("./29") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5100] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5100] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5100] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5101 attached => {parent_tid=[64]}, 88) = 64 [pid 5101] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] set_robust_list(0x7f4c079f79a0, 24 [pid 5100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5100] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] memfd_create("syzkaller", 0 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... memfd_create resumed>) = 3 [pid 5100] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5101] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5101] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file2", 0777) = 0 [pid 5101] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5101] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file2") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5100] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... openat resumed>) = 4 [pid 5101] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5100] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5100] <... futex resumed>) = 0 [ 63.032555][ T5101] loop0: detected capacity change from 0 to 4096 [pid 5100] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... write resumed>) = 1036288 [pid 5101] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5101] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5100] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5101] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5101] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5100] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... openat resumed>) = 5 [pid 5101] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5101] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5100] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5101] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5101] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5100] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... mmap resumed>) = 0x20000000 [pid 5101] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5100] close(3 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... close resumed>) = 0 [pid 5100] close(4) = 0 [pid 5100] close(5) = 0 [pid 5100] close(6) = -1 EBADF (Bad file descriptor) [pid 5100] close(7) = -1 EBADF (Bad file descriptor) [pid 5100] close(8) = -1 EBADF (Bad file descriptor) [pid 5100] close(9) = -1 EBADF (Bad file descriptor) [pid 5100] close(10) = -1 EBADF (Bad file descriptor) [pid 5100] close(11) = -1 EBADF (Bad file descriptor) [pid 5100] close(12) = -1 EBADF (Bad file descriptor) [pid 5100] close(13) = -1 EBADF (Bad file descriptor) [pid 5100] close(14) = -1 EBADF (Bad file descriptor) [pid 5100] close(15) = -1 EBADF (Bad file descriptor) [pid 5100] close(16) = -1 EBADF (Bad file descriptor) [pid 5100] close(17) = -1 EBADF (Bad file descriptor) [pid 5100] close(18) = -1 EBADF (Bad file descriptor) [pid 5100] close(19) = -1 EBADF (Bad file descriptor) [pid 5100] close(20) = -1 EBADF (Bad file descriptor) [pid 5100] close(21) = -1 EBADF (Bad file descriptor) [pid 5100] close(22) = -1 EBADF (Bad file descriptor) [pid 5100] close(23) = -1 EBADF (Bad file descriptor) [pid 5100] close(24) = -1 EBADF (Bad file descriptor) [pid 5100] close(25) = -1 EBADF (Bad file descriptor) [pid 5100] close(26) = -1 EBADF (Bad file descriptor) [pid 5100] close(27) = -1 EBADF (Bad file descriptor) [pid 5100] close(28) = -1 EBADF (Bad file descriptor) [pid 5100] close(29) = -1 EBADF (Bad file descriptor) [pid 5100] exit_group(0) = ? [pid 5101] <... futex resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./29/cgroup.cpu") = 0 [pid 5036] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./29/binderfs") = 0 [pid 5036] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./29/cgroup") = 0 [pid 5036] umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./29/file2") = 0 [pid 5036] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./29/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./29") = 0 [pid 5036] mkdir("./30", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 65 ./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x5555564766a0, 24) = 0 [pid 5102] chdir("./30") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5102] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5102] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5102] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[66]}, 88) = 66 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5103 attached [pid 5103] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5103] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5103] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5103] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./file2", 0777) = 0 [pid 5103] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5103] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file2") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 0 [pid 5103] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5103] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5102] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... write resumed>) = 1036288 [ 63.201360][ T5103] loop0: detected capacity change from 0 to 4096 [pid 5103] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] <... futex resumed>) = 0 [pid 5103] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5102] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5103] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5102] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5103] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] <... futex resumed>) = 0 [pid 5103] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5102] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5102] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5103] <... mmap resumed>) = 0x20000000 [pid 5103] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] close(3) = 0 [pid 5102] close(4) = 0 [pid 5102] close(5) = 0 [pid 5102] close(6) = -1 EBADF (Bad file descriptor) [pid 5102] close(7) = -1 EBADF (Bad file descriptor) [pid 5102] close(8) = -1 EBADF (Bad file descriptor) [pid 5102] close(9) = -1 EBADF (Bad file descriptor) [pid 5102] close(10) = -1 EBADF (Bad file descriptor) [pid 5102] close(11) = -1 EBADF (Bad file descriptor) [pid 5102] close(12) = -1 EBADF (Bad file descriptor) [pid 5102] close(13) = -1 EBADF (Bad file descriptor) [pid 5102] close(14) = -1 EBADF (Bad file descriptor) [pid 5102] close(15) = -1 EBADF (Bad file descriptor) [pid 5102] close(16) = -1 EBADF (Bad file descriptor) [pid 5102] close(17) = -1 EBADF (Bad file descriptor) [pid 5102] close(18) = -1 EBADF (Bad file descriptor) [pid 5102] close(19) = -1 EBADF (Bad file descriptor) [pid 5102] close(20) = -1 EBADF (Bad file descriptor) [pid 5102] close(21) = -1 EBADF (Bad file descriptor) [pid 5102] close(22) = -1 EBADF (Bad file descriptor) [pid 5102] close(23) = -1 EBADF (Bad file descriptor) [pid 5102] close(24) = -1 EBADF (Bad file descriptor) [pid 5102] close(25) = -1 EBADF (Bad file descriptor) [pid 5102] close(26) = -1 EBADF (Bad file descriptor) [pid 5102] close(27) = -1 EBADF (Bad file descriptor) [pid 5102] close(28) = -1 EBADF (Bad file descriptor) [pid 5102] close(29) = -1 EBADF (Bad file descriptor) [pid 5102] exit_group(0 [pid 5103] <... futex resumed>) = ? [pid 5102] <... exit_group resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./30/cgroup.cpu") = 0 [pid 5036] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./30/binderfs") = 0 [pid 5036] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./30/cgroup") = 0 [pid 5036] umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./30/file2") = 0 [pid 5036] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./30/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./30") = 0 [pid 5036] mkdir("./31", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x5555564766a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 67 [pid 5104] <... set_robust_list resumed>) = 0 [pid 5104] chdir("./31") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5104] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5104] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5104] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5105 attached [pid 5105] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5104] <... clone3 resumed> => {parent_tid=[68]}, 88) = 68 [pid 5105] <... rseq resumed>) = 0 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] set_robust_list(0x7f4c079f79a0, 24 [pid 5104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] <... set_robust_list resumed>) = 0 [pid 5104] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] <... futex resumed>) = 0 [pid 5105] memfd_create("syzkaller", 0 [pid 5104] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5105] <... memfd_create resumed>) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5105] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5105] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file2", 0777) = 0 [pid 5105] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5105] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file2") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5105] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5104] <... futex resumed>) = 1 [ 63.364070][ T5105] loop0: detected capacity change from 0 to 4096 [pid 5104] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... write resumed>) = 1036288 [pid 5105] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5104] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5105] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5105] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5105] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5105] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 0 [pid 5104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5104] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... mmap resumed>) = 0x20000000 [pid 5105] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] close(3) = 0 [pid 5104] close(4) = 0 [pid 5104] close(5) = 0 [pid 5104] close(6) = -1 EBADF (Bad file descriptor) [pid 5104] close(7) = -1 EBADF (Bad file descriptor) [pid 5104] close(8) = -1 EBADF (Bad file descriptor) [pid 5104] close(9) = -1 EBADF (Bad file descriptor) [pid 5104] close(10) = -1 EBADF (Bad file descriptor) [pid 5104] close(11) = -1 EBADF (Bad file descriptor) [pid 5104] close(12) = -1 EBADF (Bad file descriptor) [pid 5104] close(13) = -1 EBADF (Bad file descriptor) [pid 5104] close(14) = -1 EBADF (Bad file descriptor) [pid 5104] close(15) = -1 EBADF (Bad file descriptor) [pid 5104] close(16) = -1 EBADF (Bad file descriptor) [pid 5104] close(17) = -1 EBADF (Bad file descriptor) [pid 5104] close(18) = -1 EBADF (Bad file descriptor) [pid 5104] close(19) = -1 EBADF (Bad file descriptor) [pid 5104] close(20) = -1 EBADF (Bad file descriptor) [pid 5104] close(21) = -1 EBADF (Bad file descriptor) [pid 5104] close(22) = -1 EBADF (Bad file descriptor) [pid 5104] close(23) = -1 EBADF (Bad file descriptor) [pid 5104] close(24) = -1 EBADF (Bad file descriptor) [pid 5104] close(25) = -1 EBADF (Bad file descriptor) [pid 5104] close(26) = -1 EBADF (Bad file descriptor) [pid 5104] close(27) = -1 EBADF (Bad file descriptor) [pid 5104] close(28) = -1 EBADF (Bad file descriptor) [pid 5104] close(29) = -1 EBADF (Bad file descriptor) [pid 5104] exit_group(0 [pid 5105] <... futex resumed>) = ? [pid 5104] <... exit_group resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./31/cgroup.cpu") = 0 [pid 5036] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./31/binderfs") = 0 [pid 5036] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./31/cgroup") = 0 [pid 5036] umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./31/file2") = 0 [pid 5036] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./31/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./31") = 0 [pid 5036] mkdir("./32", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached , child_tidptr=0x555556476690) = 69 [pid 5106] set_robust_list(0x5555564766a0, 24) = 0 [pid 5106] chdir("./32") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5106] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5106] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5106] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[70]}, 88) = 70 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5106] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5107 attached [pid 5107] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5107] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5107] memfd_create("syzkaller", 0) = 3 [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5107] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5107] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5107] close(3) = 0 [pid 5107] mkdir("./file2", 0777) = 0 [pid 5107] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5107] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5107] chdir("./file2") = 0 [pid 5107] ioctl(4, LOOP_CLR_FD) = 0 [pid 5107] close(4) = 0 [pid 5107] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5106] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... openat resumed>) = 4 [pid 5107] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.552127][ T5107] loop0: detected capacity change from 0 to 4096 [pid 5107] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5107] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5107] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] <... futex resumed>) = 1 [pid 5106] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5107] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5106] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5106] <... futex resumed>) = 0 [pid 5107] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... futex resumed>) = 0 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5106] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... mmap resumed>) = 0x20000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] close(3) = 0 [pid 5106] close(4) = 0 [pid 5106] close(5) = 0 [pid 5106] close(6) = -1 EBADF (Bad file descriptor) [pid 5106] close(7) = -1 EBADF (Bad file descriptor) [pid 5106] close(8) = -1 EBADF (Bad file descriptor) [pid 5106] close(9) = -1 EBADF (Bad file descriptor) [pid 5106] close(10) = -1 EBADF (Bad file descriptor) [pid 5106] close(11) = -1 EBADF (Bad file descriptor) [pid 5106] close(12) = -1 EBADF (Bad file descriptor) [pid 5106] close(13) = -1 EBADF (Bad file descriptor) [pid 5106] close(14) = -1 EBADF (Bad file descriptor) [pid 5106] close(15) = -1 EBADF (Bad file descriptor) [pid 5106] close(16) = -1 EBADF (Bad file descriptor) [pid 5106] close(17) = -1 EBADF (Bad file descriptor) [pid 5106] close(18) = -1 EBADF (Bad file descriptor) [pid 5106] close(19) = -1 EBADF (Bad file descriptor) [pid 5106] close(20) = -1 EBADF (Bad file descriptor) [pid 5106] close(21) = -1 EBADF (Bad file descriptor) [pid 5106] close(22) = -1 EBADF (Bad file descriptor) [pid 5106] close(23) = -1 EBADF (Bad file descriptor) [pid 5107] <... futex resumed>) = 1 [pid 5106] close(24) = -1 EBADF (Bad file descriptor) [pid 5106] close(25 [pid 5107] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5106] close(26) = -1 EBADF (Bad file descriptor) [pid 5106] close(27) = -1 EBADF (Bad file descriptor) [pid 5106] close(28) = -1 EBADF (Bad file descriptor) [pid 5106] close(29) = -1 EBADF (Bad file descriptor) [pid 5106] exit_group(0 [pid 5107] <... futex resumed>) = ? [pid 5106] <... exit_group resumed>) = ? [pid 5107] +++ exited with 0 +++ [pid 5106] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=69, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./32/cgroup.cpu") = 0 [pid 5036] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./32/binderfs") = 0 [pid 5036] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./32/cgroup") = 0 [pid 5036] umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./32/file2") = 0 [pid 5036] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./32/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./32") = 0 [pid 5036] mkdir("./33", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x5555564766a0, 24) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 71 [pid 5108] chdir("./33") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5108] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5108] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5108] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5109 attached => {parent_tid=[72]}, 88) = 72 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5108] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5109] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5109] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5109] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5109] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./file2", 0777) = 0 [pid 5109] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5109] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./file2") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... futex resumed>) = 0 [pid 5109] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5108] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... openat resumed>) = 4 [pid 5109] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... futex resumed>) = 0 [pid 5109] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 63.714754][ T5109] loop0: detected capacity change from 0 to 4096 [pid 5108] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... write resumed>) = 1036288 [pid 5109] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... futex resumed>) = 1 [pid 5109] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5109] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... futex resumed>) = 1 [pid 5109] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5109] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5109] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5108] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5109] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] close(3) = 0 [pid 5108] close(4) = 0 [pid 5108] close(5) = 0 [pid 5108] close(6) = -1 EBADF (Bad file descriptor) [pid 5108] close(7) = -1 EBADF (Bad file descriptor) [pid 5108] close(8) = -1 EBADF (Bad file descriptor) [pid 5108] close(9) = -1 EBADF (Bad file descriptor) [pid 5108] close(10) = -1 EBADF (Bad file descriptor) [pid 5108] close(11) = -1 EBADF (Bad file descriptor) [pid 5108] close(12) = -1 EBADF (Bad file descriptor) [pid 5108] close(13) = -1 EBADF (Bad file descriptor) [pid 5108] close(14) = -1 EBADF (Bad file descriptor) [pid 5108] close(15) = -1 EBADF (Bad file descriptor) [pid 5108] close(16) = -1 EBADF (Bad file descriptor) [pid 5108] close(17) = -1 EBADF (Bad file descriptor) [pid 5108] close(18) = -1 EBADF (Bad file descriptor) [pid 5108] close(19) = -1 EBADF (Bad file descriptor) [pid 5108] close(20) = -1 EBADF (Bad file descriptor) [pid 5108] close(21) = -1 EBADF (Bad file descriptor) [pid 5108] close(22) = -1 EBADF (Bad file descriptor) [pid 5108] close(23) = -1 EBADF (Bad file descriptor) [pid 5108] close(24) = -1 EBADF (Bad file descriptor) [pid 5108] close(25) = -1 EBADF (Bad file descriptor) [pid 5108] close(26) = -1 EBADF (Bad file descriptor) [pid 5108] close(27) = -1 EBADF (Bad file descriptor) [pid 5108] close(28) = -1 EBADF (Bad file descriptor) [pid 5108] close(29) = -1 EBADF (Bad file descriptor) [pid 5108] exit_group(0 [pid 5109] <... futex resumed>) = ? [pid 5108] <... exit_group resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=71, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./33/cgroup.cpu") = 0 [pid 5036] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./33/binderfs") = 0 [pid 5036] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./33/cgroup") = 0 [pid 5036] umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./33/file2") = 0 [pid 5036] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./33/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./33") = 0 [pid 5036] mkdir("./34", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x555556476690) = 73 [pid 5110] set_robust_list(0x5555564766a0, 24) = 0 [pid 5110] chdir("./34") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5110] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5110] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5110] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5111 attached => {parent_tid=[74]}, 88) = 74 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5111] <... rseq resumed>) = 0 [pid 5110] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] set_robust_list(0x7f4c079f79a0, 24 [pid 5110] <... futex resumed>) = 0 [pid 5111] <... set_robust_list resumed>) = 0 [pid 5110] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5111] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5111] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file2", 0777) = 0 [pid 5111] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5111] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file2") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5110] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... openat resumed>) = 4 [pid 5111] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5110] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5110] <... futex resumed>) = 0 [ 63.873839][ T5111] loop0: detected capacity change from 0 to 4096 [pid 5110] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... write resumed>) = 1036288 [pid 5111] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5111] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5111] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5111] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5110] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5111] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5110] close(3 [pid 5111] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... close resumed>) = 0 [pid 5110] close(4) = 0 [pid 5110] close(5) = 0 [pid 5110] close(6) = -1 EBADF (Bad file descriptor) [pid 5110] close(7) = -1 EBADF (Bad file descriptor) [pid 5110] close(8) = -1 EBADF (Bad file descriptor) [pid 5110] close(9) = -1 EBADF (Bad file descriptor) [pid 5110] close(10) = -1 EBADF (Bad file descriptor) [pid 5110] close(11) = -1 EBADF (Bad file descriptor) [pid 5110] close(12) = -1 EBADF (Bad file descriptor) [pid 5110] close(13) = -1 EBADF (Bad file descriptor) [pid 5110] close(14) = -1 EBADF (Bad file descriptor) [pid 5110] close(15) = -1 EBADF (Bad file descriptor) [pid 5110] close(16) = -1 EBADF (Bad file descriptor) [pid 5110] close(17) = -1 EBADF (Bad file descriptor) [pid 5110] close(18) = -1 EBADF (Bad file descriptor) [pid 5110] close(19) = -1 EBADF (Bad file descriptor) [pid 5110] close(20) = -1 EBADF (Bad file descriptor) [pid 5110] close(21) = -1 EBADF (Bad file descriptor) [pid 5110] close(22) = -1 EBADF (Bad file descriptor) [pid 5110] close(23) = -1 EBADF (Bad file descriptor) [pid 5110] close(24) = -1 EBADF (Bad file descriptor) [pid 5110] close(25) = -1 EBADF (Bad file descriptor) [pid 5110] close(26) = -1 EBADF (Bad file descriptor) [pid 5110] close(27) = -1 EBADF (Bad file descriptor) [pid 5110] close(28) = -1 EBADF (Bad file descriptor) [pid 5110] close(29) = -1 EBADF (Bad file descriptor) [pid 5110] exit_group(0 [pid 5111] <... futex resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5110] <... exit_group resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=73, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./34/cgroup.cpu") = 0 [pid 5036] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./34/binderfs") = 0 [pid 5036] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./34/cgroup") = 0 [pid 5036] umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./34/file2") = 0 [pid 5036] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./34/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./34") = 0 [pid 5036] mkdir("./35", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 75 ./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x5555564766a0, 24) = 0 [pid 5112] chdir("./35") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5112] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5112] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5112] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5113 attached [pid 5113] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5113] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5112] <... clone3 resumed> => {parent_tid=[76]}, 88) = 76 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5112] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5112] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5113] memfd_create("syzkaller", 0) = 3 [pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5113] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5113] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5113] close(3) = 0 [pid 5113] mkdir("./file2", 0777) = 0 [pid 5113] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5113] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5113] chdir("./file2") = 0 [pid 5113] ioctl(4, LOOP_CLR_FD) = 0 [pid 5113] close(4) = 0 [pid 5113] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... futex resumed>) = 0 [pid 5113] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5113] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 64.042938][ T5113] loop0: detected capacity change from 0 to 4096 [pid 5112] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... write resumed>) = 1036288 [pid 5113] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5113] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5113] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5113] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] <... futex resumed>) = 0 [pid 5113] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5112] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... openat resumed>) = 5 [pid 5113] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5113] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] <... futex resumed>) = 0 [pid 5113] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5112] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5113] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5112] <... futex resumed>) = 0 [pid 5113] <... mmap resumed>) = 0x20000000 [pid 5113] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] close(3) = 0 [pid 5112] close(4 [pid 5113] <... futex resumed>) = 0 [pid 5112] <... close resumed>) = 0 [pid 5113] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] close(5) = 0 [pid 5112] close(6) = -1 EBADF (Bad file descriptor) [pid 5112] close(7) = -1 EBADF (Bad file descriptor) [pid 5112] close(8) = -1 EBADF (Bad file descriptor) [pid 5112] close(9) = -1 EBADF (Bad file descriptor) [pid 5112] close(10) = -1 EBADF (Bad file descriptor) [pid 5112] close(11) = -1 EBADF (Bad file descriptor) [pid 5112] close(12) = -1 EBADF (Bad file descriptor) [pid 5112] close(13) = -1 EBADF (Bad file descriptor) [pid 5112] close(14) = -1 EBADF (Bad file descriptor) [pid 5112] close(15) = -1 EBADF (Bad file descriptor) [pid 5112] close(16) = -1 EBADF (Bad file descriptor) [pid 5112] close(17) = -1 EBADF (Bad file descriptor) [pid 5112] close(18) = -1 EBADF (Bad file descriptor) [pid 5112] close(19) = -1 EBADF (Bad file descriptor) [pid 5112] close(20) = -1 EBADF (Bad file descriptor) [pid 5112] close(21) = -1 EBADF (Bad file descriptor) [pid 5112] close(22) = -1 EBADF (Bad file descriptor) [pid 5112] close(23) = -1 EBADF (Bad file descriptor) [pid 5112] close(24) = -1 EBADF (Bad file descriptor) [pid 5112] close(25) = -1 EBADF (Bad file descriptor) [pid 5112] close(26) = -1 EBADF (Bad file descriptor) [pid 5112] close(27) = -1 EBADF (Bad file descriptor) [pid 5112] close(28) = -1 EBADF (Bad file descriptor) [pid 5112] close(29) = -1 EBADF (Bad file descriptor) [pid 5112] exit_group(0 [pid 5113] <... futex resumed>) = ? [pid 5112] <... exit_group resumed>) = ? [pid 5113] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=75, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./35/cgroup.cpu") = 0 [pid 5036] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./35/binderfs") = 0 [pid 5036] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./35/cgroup") = 0 [pid 5036] umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./35/file2") = 0 [pid 5036] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./35/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./35") = 0 [pid 5036] mkdir("./36", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached , child_tidptr=0x555556476690) = 77 [pid 5114] set_robust_list(0x5555564766a0, 24) = 0 [pid 5114] chdir("./36") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5114] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5114] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5114] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5115 attached => {parent_tid=[78]}, 88) = 78 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5114] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5115] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5115] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5115] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5115] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./file2", 0777) = 0 [pid 5115] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5115] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./file2") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5115] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5114] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... openat resumed>) = 4 [pid 5115] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 0 [ 64.198498][ T5115] loop0: detected capacity change from 0 to 4096 [pid 5115] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5115] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5115] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5115] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5115] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5114] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... openat resumed>) = 5 [pid 5115] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5115] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5115] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] close(3) = 0 [pid 5115] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] close(4) = 0 [pid 5114] close(5) = 0 [pid 5114] close(6) = -1 EBADF (Bad file descriptor) [pid 5114] close(7) = -1 EBADF (Bad file descriptor) [pid 5114] close(8) = -1 EBADF (Bad file descriptor) [pid 5114] close(9) = -1 EBADF (Bad file descriptor) [pid 5114] close(10) = -1 EBADF (Bad file descriptor) [pid 5114] close(11) = -1 EBADF (Bad file descriptor) [pid 5114] close(12) = -1 EBADF (Bad file descriptor) [pid 5114] close(13) = -1 EBADF (Bad file descriptor) [pid 5114] close(14) = -1 EBADF (Bad file descriptor) [pid 5114] close(15) = -1 EBADF (Bad file descriptor) [pid 5114] close(16) = -1 EBADF (Bad file descriptor) [pid 5114] close(17) = -1 EBADF (Bad file descriptor) [pid 5114] close(18) = -1 EBADF (Bad file descriptor) [pid 5114] close(19) = -1 EBADF (Bad file descriptor) [pid 5114] close(20) = -1 EBADF (Bad file descriptor) [pid 5114] close(21) = -1 EBADF (Bad file descriptor) [pid 5114] close(22) = -1 EBADF (Bad file descriptor) [pid 5114] close(23) = -1 EBADF (Bad file descriptor) [pid 5114] close(24) = -1 EBADF (Bad file descriptor) [pid 5114] close(25) = -1 EBADF (Bad file descriptor) [pid 5114] close(26) = -1 EBADF (Bad file descriptor) [pid 5114] close(27) = -1 EBADF (Bad file descriptor) [pid 5114] close(28) = -1 EBADF (Bad file descriptor) [pid 5114] close(29) = -1 EBADF (Bad file descriptor) [pid 5114] exit_group(0 [pid 5115] <... futex resumed>) = ? [pid 5114] <... exit_group resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5114] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=77, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5036] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./36/cgroup.cpu") = 0 [pid 5036] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./36/binderfs") = 0 [pid 5036] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./36/cgroup") = 0 [pid 5036] umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./36/file2") = 0 [pid 5036] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./36/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./36") = 0 [pid 5036] mkdir("./37", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x5555564766a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 79 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5116] chdir("./37") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5116] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5116] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5116] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5117 attached => {parent_tid=[80]}, 88) = 80 [pid 5117] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5117] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5117] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5117] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file2", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5117] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file2") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5117] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5117] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 64.355679][ T5117] loop0: detected capacity change from 0 to 4096 [pid 5116] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... write resumed>) = 1036288 [pid 5117] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5116] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5117] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5116] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5117] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5116] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5116] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] close(3) = 0 [pid 5116] close(4) = 0 [pid 5116] close(5) = 0 [pid 5116] close(6) = -1 EBADF (Bad file descriptor) [pid 5116] close(7) = -1 EBADF (Bad file descriptor) [pid 5116] close(8) = -1 EBADF (Bad file descriptor) [pid 5116] close(9) = -1 EBADF (Bad file descriptor) [pid 5116] close(10) = -1 EBADF (Bad file descriptor) [pid 5116] close(11) = -1 EBADF (Bad file descriptor) [pid 5116] close(12) = -1 EBADF (Bad file descriptor) [pid 5116] close(13) = -1 EBADF (Bad file descriptor) [pid 5116] close(14) = -1 EBADF (Bad file descriptor) [pid 5116] close(15) = -1 EBADF (Bad file descriptor) [pid 5116] close(16) = -1 EBADF (Bad file descriptor) [pid 5116] close(17) = -1 EBADF (Bad file descriptor) [pid 5116] close(18) = -1 EBADF (Bad file descriptor) [pid 5116] close(19) = -1 EBADF (Bad file descriptor) [pid 5116] close(20) = -1 EBADF (Bad file descriptor) [pid 5116] close(21) = -1 EBADF (Bad file descriptor) [pid 5116] close(22) = -1 EBADF (Bad file descriptor) [pid 5116] close(23) = -1 EBADF (Bad file descriptor) [pid 5116] close(24) = -1 EBADF (Bad file descriptor) [pid 5116] close(25) = -1 EBADF (Bad file descriptor) [pid 5116] close(26) = -1 EBADF (Bad file descriptor) [pid 5116] close(27) = -1 EBADF (Bad file descriptor) [pid 5116] close(28) = -1 EBADF (Bad file descriptor) [pid 5116] close(29) = -1 EBADF (Bad file descriptor) [pid 5116] exit_group(0 [pid 5117] <... futex resumed>) = ? [pid 5116] <... exit_group resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=79, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./37/cgroup.cpu") = 0 [pid 5036] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./37/binderfs") = 0 [pid 5036] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./37/cgroup") = 0 [pid 5036] umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./37/file2") = 0 [pid 5036] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./37/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./37") = 0 [pid 5036] mkdir("./38", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5118 attached , child_tidptr=0x555556476690) = 81 [pid 5118] set_robust_list(0x5555564766a0, 24) = 0 [pid 5118] chdir("./38") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5118] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5118] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5118] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5119 attached => {parent_tid=[82]}, 88) = 82 [pid 5119] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], [pid 5119] <... rseq resumed>) = 0 [pid 5119] set_robust_list(0x7f4c079f79a0, 24 [pid 5118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5119] <... set_robust_list resumed>) = 0 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5118] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] memfd_create("syzkaller", 0 [pid 5118] <... futex resumed>) = 0 [pid 5119] <... memfd_create resumed>) = 3 [pid 5118] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5119] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5119] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5119] close(3) = 0 [pid 5119] mkdir("./file2", 0777) = 0 [pid 5119] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5119] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5119] chdir("./file2") = 0 [pid 5119] ioctl(4, LOOP_CLR_FD) = 0 [pid 5119] close(4) = 0 [pid 5119] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5119] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5118] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... openat resumed>) = 4 [pid 5119] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5118] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 64.506623][ T5119] loop0: detected capacity change from 0 to 4096 [pid 5119] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5119] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5119] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] <... futex resumed>) = 0 [pid 5119] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5118] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5119] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5119] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] <... futex resumed>) = 0 [pid 5119] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5118] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... openat resumed>) = 5 [pid 5119] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5119] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5118] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5118] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5118] <... futex resumed>) = 0 [pid 5119] <... mmap resumed>) = 0x20000000 [pid 5118] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] close(3) = 0 [pid 5118] close(4) = 0 [pid 5118] close(5) = 0 [pid 5118] close(6) = -1 EBADF (Bad file descriptor) [pid 5118] close(7) = -1 EBADF (Bad file descriptor) [pid 5118] close(8) = -1 EBADF (Bad file descriptor) [pid 5118] close(9) = -1 EBADF (Bad file descriptor) [pid 5118] close(10) = -1 EBADF (Bad file descriptor) [pid 5118] close(11) = -1 EBADF (Bad file descriptor) [pid 5118] close(12) = -1 EBADF (Bad file descriptor) [pid 5118] close(13) = -1 EBADF (Bad file descriptor) [pid 5118] close(14) = -1 EBADF (Bad file descriptor) [pid 5118] close(15) = -1 EBADF (Bad file descriptor) [pid 5118] close(16) = -1 EBADF (Bad file descriptor) [pid 5118] close(17) = -1 EBADF (Bad file descriptor) [pid 5118] close(18) = -1 EBADF (Bad file descriptor) [pid 5118] close(19) = -1 EBADF (Bad file descriptor) [pid 5118] close(20) = -1 EBADF (Bad file descriptor) [pid 5118] close(21) = -1 EBADF (Bad file descriptor) [pid 5118] close(22) = -1 EBADF (Bad file descriptor) [pid 5118] close(23) = -1 EBADF (Bad file descriptor) [pid 5118] close(24) = -1 EBADF (Bad file descriptor) [pid 5118] close(25) = -1 EBADF (Bad file descriptor) [pid 5118] close(26) = -1 EBADF (Bad file descriptor) [pid 5118] close(27) = -1 EBADF (Bad file descriptor) [pid 5118] close(28) = -1 EBADF (Bad file descriptor) [pid 5118] close(29) = -1 EBADF (Bad file descriptor) [pid 5118] exit_group(0) = ? [pid 5119] <... futex resumed>) = ? [pid 5119] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=81, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5036] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./38/cgroup.cpu") = 0 [pid 5036] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./38/binderfs") = 0 [pid 5036] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./38/cgroup") = 0 [pid 5036] umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./38/file2") = 0 [pid 5036] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./38/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./38") = 0 [pid 5036] mkdir("./39", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 83 ./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x5555564766a0, 24) = 0 [pid 5120] chdir("./39") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5120] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5120] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5120] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5121 attached [pid 5121] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5121] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] <... clone3 resumed> => {parent_tid=[84]}, 88) = 84 [pid 5121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5121] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 1 [pid 5120] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5121] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5121] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] mkdir("./file2", 0777) = 0 [pid 5121] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5121] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] chdir("./file2") = 0 [pid 5121] ioctl(4, LOOP_CLR_FD) = 0 [pid 5121] close(4) = 0 [pid 5121] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... openat resumed>) = 4 [pid 5121] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 64.675703][ T5121] loop0: detected capacity change from 0 to 4096 [pid 5121] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5121] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5121] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 1 [pid 5121] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5120] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... openat resumed>) = 5 [pid 5121] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5121] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5121] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... futex resumed>) = 0 [pid 5120] close(3) = 0 [pid 5120] close(4) = 0 [pid 5120] close(5) = 0 [pid 5120] close(6) = -1 EBADF (Bad file descriptor) [pid 5120] close(7) = -1 EBADF (Bad file descriptor) [pid 5120] close(8) = -1 EBADF (Bad file descriptor) [pid 5120] close(9) = -1 EBADF (Bad file descriptor) [pid 5120] close(10) = -1 EBADF (Bad file descriptor) [pid 5120] close(11) = -1 EBADF (Bad file descriptor) [pid 5120] close(12) = -1 EBADF (Bad file descriptor) [pid 5120] close(13) = -1 EBADF (Bad file descriptor) [pid 5120] close(14) = -1 EBADF (Bad file descriptor) [pid 5120] close(15) = -1 EBADF (Bad file descriptor) [pid 5120] close(16) = -1 EBADF (Bad file descriptor) [pid 5120] close(17) = -1 EBADF (Bad file descriptor) [pid 5120] close(18) = -1 EBADF (Bad file descriptor) [pid 5120] close(19) = -1 EBADF (Bad file descriptor) [pid 5120] close(20) = -1 EBADF (Bad file descriptor) [pid 5120] close(21) = -1 EBADF (Bad file descriptor) [pid 5120] close(22) = -1 EBADF (Bad file descriptor) [pid 5120] close(23) = -1 EBADF (Bad file descriptor) [pid 5120] close(24) = -1 EBADF (Bad file descriptor) [pid 5120] close(25) = -1 EBADF (Bad file descriptor) [pid 5120] close(26) = -1 EBADF (Bad file descriptor) [pid 5120] close(27) = -1 EBADF (Bad file descriptor) [pid 5120] close(28) = -1 EBADF (Bad file descriptor) [pid 5120] close(29) = -1 EBADF (Bad file descriptor) [pid 5120] exit_group(0) = ? [pid 5121] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=83, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./39/cgroup.cpu") = 0 [pid 5036] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./39/binderfs") = 0 [pid 5036] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./39/cgroup") = 0 [pid 5036] umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./39/file2") = 0 [pid 5036] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./39/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./39") = 0 [pid 5036] mkdir("./40", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 85 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x5555564766a0, 24) = 0 [pid 5122] chdir("./40") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5122] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5122] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5122] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5123 attached [pid 5123] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5123] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5123] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... clone3 resumed> => {parent_tid=[86]}, 88) = 86 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5122] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5123] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5123] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file2", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5123] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file2") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5122] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... openat resumed>) = 4 [pid 5123] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 64.851677][ T5123] loop0: detected capacity change from 0 to 4096 [pid 5122] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... write resumed>) = 1036288 [pid 5123] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5122] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5123] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5122] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... openat resumed>) = 5 [pid 5123] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5122] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5123] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5123] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5122] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5122] close(3 [pid 5123] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... close resumed>) = 0 [pid 5122] close(4) = 0 [pid 5122] close(5) = 0 [pid 5122] close(6) = -1 EBADF (Bad file descriptor) [pid 5122] close(7) = -1 EBADF (Bad file descriptor) [pid 5122] close(8) = -1 EBADF (Bad file descriptor) [pid 5122] close(9) = -1 EBADF (Bad file descriptor) [pid 5122] close(10) = -1 EBADF (Bad file descriptor) [pid 5122] close(11) = -1 EBADF (Bad file descriptor) [pid 5122] close(12) = -1 EBADF (Bad file descriptor) [pid 5122] close(13) = -1 EBADF (Bad file descriptor) [pid 5122] close(14) = -1 EBADF (Bad file descriptor) [pid 5122] close(15) = -1 EBADF (Bad file descriptor) [pid 5122] close(16) = -1 EBADF (Bad file descriptor) [pid 5122] close(17) = -1 EBADF (Bad file descriptor) [pid 5122] close(18) = -1 EBADF (Bad file descriptor) [pid 5122] close(19) = -1 EBADF (Bad file descriptor) [pid 5122] close(20) = -1 EBADF (Bad file descriptor) [pid 5122] close(21) = -1 EBADF (Bad file descriptor) [pid 5122] close(22) = -1 EBADF (Bad file descriptor) [pid 5122] close(23) = -1 EBADF (Bad file descriptor) [pid 5122] close(24) = -1 EBADF (Bad file descriptor) [pid 5122] close(25) = -1 EBADF (Bad file descriptor) [pid 5122] close(26) = -1 EBADF (Bad file descriptor) [pid 5122] close(27) = -1 EBADF (Bad file descriptor) [pid 5122] close(28) = -1 EBADF (Bad file descriptor) [pid 5122] close(29) = -1 EBADF (Bad file descriptor) [pid 5122] exit_group(0 [pid 5123] <... futex resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5122] <... exit_group resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=85, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./40/cgroup.cpu") = 0 [pid 5036] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./40/binderfs") = 0 [pid 5036] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./40/cgroup") = 0 [pid 5036] umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./40/file2") = 0 [pid 5036] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./40/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./40") = 0 [pid 5036] mkdir("./41", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 87 ./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x5555564766a0, 24) = 0 [pid 5124] chdir("./41") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5124] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5124] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5124] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5125 attached => {parent_tid=[88]}, 88) = 88 [pid 5125] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], [pid 5125] <... rseq resumed>) = 0 [pid 5124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] set_robust_list(0x7f4c079f79a0, 24 [pid 5124] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... set_robust_list resumed>) = 0 [pid 5124] <... futex resumed>) = 0 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5124] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] memfd_create("syzkaller", 0) = 3 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5125] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5125] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5125] close(3) = 0 [pid 5125] mkdir("./file2", 0777) = 0 [pid 5125] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5125] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5125] chdir("./file2") = 0 [pid 5125] ioctl(4, LOOP_CLR_FD) = 0 [pid 5125] close(4) = 0 [pid 5125] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5125] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5125] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5124] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... openat resumed>) = 4 [pid 5125] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 65.016265][ T5125] loop0: detected capacity change from 0 to 4096 [pid 5124] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... write resumed>) = 1036288 [pid 5125] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5125] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5125] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5124] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5125] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5124] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5125] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5125] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5125] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5124] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5125] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5125] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5124] close(3) = 0 [pid 5125] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] close(4) = 0 [pid 5124] close(5) = 0 [pid 5124] close(6) = -1 EBADF (Bad file descriptor) [pid 5124] close(7) = -1 EBADF (Bad file descriptor) [pid 5124] close(8) = -1 EBADF (Bad file descriptor) [pid 5124] close(9) = -1 EBADF (Bad file descriptor) [pid 5124] close(10) = -1 EBADF (Bad file descriptor) [pid 5124] close(11) = -1 EBADF (Bad file descriptor) [pid 5124] close(12) = -1 EBADF (Bad file descriptor) [pid 5124] close(13) = -1 EBADF (Bad file descriptor) [pid 5124] close(14) = -1 EBADF (Bad file descriptor) [pid 5124] close(15) = -1 EBADF (Bad file descriptor) [pid 5124] close(16) = -1 EBADF (Bad file descriptor) [pid 5124] close(17) = -1 EBADF (Bad file descriptor) [pid 5124] close(18) = -1 EBADF (Bad file descriptor) [pid 5124] close(19) = -1 EBADF (Bad file descriptor) [pid 5124] close(20) = -1 EBADF (Bad file descriptor) [pid 5124] close(21) = -1 EBADF (Bad file descriptor) [pid 5124] close(22) = -1 EBADF (Bad file descriptor) [pid 5124] close(23) = -1 EBADF (Bad file descriptor) [pid 5124] close(24) = -1 EBADF (Bad file descriptor) [pid 5124] close(25) = -1 EBADF (Bad file descriptor) [pid 5124] close(26) = -1 EBADF (Bad file descriptor) [pid 5124] close(27) = -1 EBADF (Bad file descriptor) [pid 5124] close(28) = -1 EBADF (Bad file descriptor) [pid 5124] close(29) = -1 EBADF (Bad file descriptor) [pid 5124] exit_group(0 [pid 5125] <... futex resumed>) = ? [pid 5124] <... exit_group resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=87, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./41/cgroup.cpu") = 0 [pid 5036] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./41/binderfs") = 0 [pid 5036] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./41/cgroup") = 0 [pid 5036] umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./41/file2") = 0 [pid 5036] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./41/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./41") = 0 [pid 5036] mkdir("./42", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x5555564766a0, 24) = 0 [pid 5126] chdir("./42" [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 89 [pid 5126] <... chdir resumed>) = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5126] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5126] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5126] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5127 attached => {parent_tid=[90]}, 88) = 90 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], [pid 5127] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5127] <... rseq resumed>) = 0 [pid 5126] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] set_robust_list(0x7f4c079f79a0, 24 [pid 5126] <... futex resumed>) = 0 [pid 5127] <... set_robust_list resumed>) = 0 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], [pid 5126] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5127] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5127] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] mkdir("./file2", 0777) = 0 [pid 5127] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5127] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./file2") = 0 [pid 5127] ioctl(4, LOOP_CLR_FD) = 0 [pid 5127] close(4) = 0 [pid 5127] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5127] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5126] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... openat resumed>) = 4 [pid 5127] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5127] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 65.205964][ T5127] loop0: detected capacity change from 0 to 4096 [pid 5126] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... write resumed>) = 1036288 [pid 5127] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5127] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5126] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5127] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = 1 [pid 5126] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... openat resumed>) = 5 [pid 5127] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5127] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5126] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5127] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5127] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5126] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... mmap resumed>) = 0x20000000 [pid 5127] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] close(3) = 0 [pid 5126] close(4) = 0 [pid 5126] close(5) = 0 [pid 5126] close(6) = -1 EBADF (Bad file descriptor) [pid 5126] close(7) = -1 EBADF (Bad file descriptor) [pid 5126] close(8) = -1 EBADF (Bad file descriptor) [pid 5126] close(9) = -1 EBADF (Bad file descriptor) [pid 5126] close(10) = -1 EBADF (Bad file descriptor) [pid 5126] close(11) = -1 EBADF (Bad file descriptor) [pid 5126] close(12) = -1 EBADF (Bad file descriptor) [pid 5126] close(13) = -1 EBADF (Bad file descriptor) [pid 5126] close(14) = -1 EBADF (Bad file descriptor) [pid 5126] close(15) = -1 EBADF (Bad file descriptor) [pid 5126] close(16) = -1 EBADF (Bad file descriptor) [pid 5126] close(17) = -1 EBADF (Bad file descriptor) [pid 5126] close(18) = -1 EBADF (Bad file descriptor) [pid 5126] close(19) = -1 EBADF (Bad file descriptor) [pid 5126] close(20) = -1 EBADF (Bad file descriptor) [pid 5126] close(21) = -1 EBADF (Bad file descriptor) [pid 5126] close(22) = -1 EBADF (Bad file descriptor) [pid 5126] close(23) = -1 EBADF (Bad file descriptor) [pid 5126] close(24) = -1 EBADF (Bad file descriptor) [pid 5126] close(25) = -1 EBADF (Bad file descriptor) [pid 5126] close(26) = -1 EBADF (Bad file descriptor) [pid 5126] close(27) = -1 EBADF (Bad file descriptor) [pid 5126] close(28) = -1 EBADF (Bad file descriptor) [pid 5126] close(29) = -1 EBADF (Bad file descriptor) [pid 5126] exit_group(0) = ? [pid 5127] <... futex resumed>) = ? [pid 5127] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=89, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./42/cgroup.cpu") = 0 [pid 5036] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./42/binderfs") = 0 [pid 5036] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./42/cgroup") = 0 [pid 5036] umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./42/file2") = 0 [pid 5036] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./42/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./42") = 0 [pid 5036] mkdir("./43", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 91 ./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x5555564766a0, 24) = 0 [pid 5128] chdir("./43") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5128] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5128] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5128] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5129 attached [pid 5129] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5129] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... clone3 resumed> => {parent_tid=[92]}, 88) = 92 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] memfd_create("syzkaller", 0 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] <... memfd_create resumed>) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5129] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5129] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file2", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5129] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file2") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5128] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... openat resumed>) = 4 [pid 5129] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = 0 [ 65.385526][ T5129] loop0: detected capacity change from 0 to 4096 [pid 5129] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5129] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5129] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5129] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5129] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5128] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5129] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... mmap resumed>) = 0x20000000 [pid 5129] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] close(3) = 0 [pid 5128] close(4) = 0 [pid 5128] close(5) = 0 [pid 5128] close(6) = -1 EBADF (Bad file descriptor) [pid 5128] close(7) = -1 EBADF (Bad file descriptor) [pid 5128] close(8) = -1 EBADF (Bad file descriptor) [pid 5128] close(9) = -1 EBADF (Bad file descriptor) [pid 5128] close(10) = -1 EBADF (Bad file descriptor) [pid 5128] close(11) = -1 EBADF (Bad file descriptor) [pid 5128] close(12) = -1 EBADF (Bad file descriptor) [pid 5128] close(13) = -1 EBADF (Bad file descriptor) [pid 5128] close(14) = -1 EBADF (Bad file descriptor) [pid 5128] close(15) = -1 EBADF (Bad file descriptor) [pid 5128] close(16) = -1 EBADF (Bad file descriptor) [pid 5128] close(17) = -1 EBADF (Bad file descriptor) [pid 5128] close(18) = -1 EBADF (Bad file descriptor) [pid 5128] close(19) = -1 EBADF (Bad file descriptor) [pid 5128] close(20) = -1 EBADF (Bad file descriptor) [pid 5128] close(21) = -1 EBADF (Bad file descriptor) [pid 5128] close(22) = -1 EBADF (Bad file descriptor) [pid 5128] close(23) = -1 EBADF (Bad file descriptor) [pid 5128] close(24) = -1 EBADF (Bad file descriptor) [pid 5128] close(25) = -1 EBADF (Bad file descriptor) [pid 5128] close(26) = -1 EBADF (Bad file descriptor) [pid 5128] close(27) = -1 EBADF (Bad file descriptor) [pid 5128] close(28) = -1 EBADF (Bad file descriptor) [pid 5128] close(29) = -1 EBADF (Bad file descriptor) [pid 5128] exit_group(0) = ? [pid 5129] <... futex resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=91, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./43/cgroup.cpu") = 0 [pid 5036] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./43/binderfs") = 0 [pid 5036] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./43/cgroup") = 0 [pid 5036] umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./43/file2") = 0 [pid 5036] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./43/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./43") = 0 [pid 5036] mkdir("./44", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5130 attached , child_tidptr=0x555556476690) = 93 [pid 5130] set_robust_list(0x5555564766a0, 24) = 0 [pid 5130] chdir("./44") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5130] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5130] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5130] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5130] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5130] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5131 attached [pid 5131] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5130] <... clone3 resumed> => {parent_tid=[94]}, 88) = 94 [pid 5131] <... rseq resumed>) = 0 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5131] set_robust_list(0x7f4c079f79a0, 24 [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5131] <... set_robust_list resumed>) = 0 [pid 5130] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5130] <... futex resumed>) = 0 [pid 5131] memfd_create("syzkaller", 0 [pid 5130] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5131] <... memfd_create resumed>) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5131] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5131] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] mkdir("./file2", 0777) = 0 [pid 5131] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5131] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5131] chdir("./file2") = 0 [pid 5131] ioctl(4, LOOP_CLR_FD) = 0 [pid 5131] close(4) = 0 [pid 5131] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5131] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] <... futex resumed>) = 0 [pid 5131] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5130] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... openat resumed>) = 4 [pid 5131] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5131] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 65.567681][ T5131] loop0: detected capacity change from 0 to 4096 [pid 5130] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... write resumed>) = 1036288 [pid 5131] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... futex resumed>) = 1 [pid 5131] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5131] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5130] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5131] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5131] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5130] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5131] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5131] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] <... futex resumed>) = 0 [pid 5131] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5130] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... mmap resumed>) = 0x20000000 [pid 5131] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] close(3) = 0 [pid 5130] close(4) = 0 [pid 5130] close(5) = 0 [pid 5130] close(6) = -1 EBADF (Bad file descriptor) [pid 5130] close(7) = -1 EBADF (Bad file descriptor) [pid 5130] close(8) = -1 EBADF (Bad file descriptor) [pid 5130] close(9) = -1 EBADF (Bad file descriptor) [pid 5130] close(10) = -1 EBADF (Bad file descriptor) [pid 5130] close(11) = -1 EBADF (Bad file descriptor) [pid 5130] close(12 [pid 5131] <... futex resumed>) = 1 [pid 5130] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5130] close(13 [pid 5131] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5130] close(14) = -1 EBADF (Bad file descriptor) [pid 5130] close(15) = -1 EBADF (Bad file descriptor) [pid 5130] close(16) = -1 EBADF (Bad file descriptor) [pid 5130] close(17) = -1 EBADF (Bad file descriptor) [pid 5130] close(18) = -1 EBADF (Bad file descriptor) [pid 5130] close(19) = -1 EBADF (Bad file descriptor) [pid 5130] close(20) = -1 EBADF (Bad file descriptor) [pid 5130] close(21) = -1 EBADF (Bad file descriptor) [pid 5130] close(22) = -1 EBADF (Bad file descriptor) [pid 5130] close(23) = -1 EBADF (Bad file descriptor) [pid 5130] close(24) = -1 EBADF (Bad file descriptor) [pid 5130] close(25) = -1 EBADF (Bad file descriptor) [pid 5130] close(26) = -1 EBADF (Bad file descriptor) [pid 5130] close(27) = -1 EBADF (Bad file descriptor) [pid 5130] close(28) = -1 EBADF (Bad file descriptor) [pid 5130] close(29) = -1 EBADF (Bad file descriptor) [pid 5130] exit_group(0) = ? [pid 5131] <... futex resumed>) = ? [pid 5131] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=93, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5036] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./44/cgroup.cpu") = 0 [pid 5036] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./44/binderfs") = 0 [pid 5036] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./44/cgroup") = 0 [pid 5036] umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./44/file2") = 0 [pid 5036] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./44/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./44") = 0 [pid 5036] mkdir("./45", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5132 attached , child_tidptr=0x555556476690) = 95 [pid 5132] set_robust_list(0x5555564766a0, 24) = 0 [pid 5132] chdir("./45") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5132] setpgid(0, 0) = 0 [pid 5132] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5132] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5132] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5132] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5132] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5133 attached => {parent_tid=[96]}, 88) = 96 [pid 5133] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5132] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] <... rseq resumed>) = 0 [pid 5133] set_robust_list(0x7f4c079f79a0, 24 [pid 5132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] <... set_robust_list resumed>) = 0 [pid 5132] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5132] <... futex resumed>) = 0 [pid 5133] memfd_create("syzkaller", 0 [pid 5132] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5133] <... memfd_create resumed>) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5133] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5133] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] mkdir("./file2", 0777) = 0 [pid 5133] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5133] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./file2") = 0 [pid 5133] ioctl(4, LOOP_CLR_FD) = 0 [pid 5133] close(4) = 0 [pid 5133] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5133] <... futex resumed>) = 1 [pid 5133] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5133] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 65.715432][ T5133] loop0: detected capacity change from 0 to 4096 [pid 5133] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5133] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5133] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] <... futex resumed>) = 0 [pid 5133] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5132] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... openat resumed>) = 5 [pid 5133] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5133] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5133] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] close(3) = 0 [pid 5133] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] close(4) = 0 [pid 5132] close(5) = 0 [pid 5132] close(6) = -1 EBADF (Bad file descriptor) [pid 5132] close(7) = -1 EBADF (Bad file descriptor) [pid 5132] close(8) = -1 EBADF (Bad file descriptor) [pid 5132] close(9) = -1 EBADF (Bad file descriptor) [pid 5132] close(10) = -1 EBADF (Bad file descriptor) [pid 5132] close(11) = -1 EBADF (Bad file descriptor) [pid 5132] close(12) = -1 EBADF (Bad file descriptor) [pid 5132] close(13) = -1 EBADF (Bad file descriptor) [pid 5132] close(14) = -1 EBADF (Bad file descriptor) [pid 5132] close(15) = -1 EBADF (Bad file descriptor) [pid 5132] close(16) = -1 EBADF (Bad file descriptor) [pid 5132] close(17) = -1 EBADF (Bad file descriptor) [pid 5132] close(18) = -1 EBADF (Bad file descriptor) [pid 5132] close(19) = -1 EBADF (Bad file descriptor) [pid 5132] close(20) = -1 EBADF (Bad file descriptor) [pid 5132] close(21) = -1 EBADF (Bad file descriptor) [pid 5132] close(22) = -1 EBADF (Bad file descriptor) [pid 5132] close(23) = -1 EBADF (Bad file descriptor) [pid 5132] close(24) = -1 EBADF (Bad file descriptor) [pid 5132] close(25) = -1 EBADF (Bad file descriptor) [pid 5132] close(26) = -1 EBADF (Bad file descriptor) [pid 5132] close(27) = -1 EBADF (Bad file descriptor) [pid 5132] close(28) = -1 EBADF (Bad file descriptor) [pid 5132] close(29) = -1 EBADF (Bad file descriptor) [pid 5132] exit_group(0 [pid 5133] <... futex resumed>) = ? [pid 5132] <... exit_group resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5132] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=95, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./45/cgroup.cpu") = 0 [pid 5036] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./45/binderfs") = 0 [pid 5036] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./45/cgroup") = 0 [pid 5036] umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./45/file2") = 0 [pid 5036] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./45/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./45") = 0 [pid 5036] mkdir("./46", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x5555564766a0, 24) = 0 [pid 5134] chdir("./46") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5134] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5134] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 97 [pid 5134] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5134] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[98]}, 88) = 98 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5135 attached ) = 0 [pid 5135] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5134] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] <... rseq resumed>) = 0 [pid 5135] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5135] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5135] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file2", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5135] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file2") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5135] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5134] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... openat resumed>) = 4 [pid 5135] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 1 [ 65.894168][ T5135] loop0: detected capacity change from 0 to 4096 [pid 5135] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5135] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5135] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5134] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5135] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5135] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5134] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... openat resumed>) = 5 [pid 5135] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5134] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5135] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5134] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5135] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 0 [pid 5134] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] close(3) = 0 [pid 5134] close(4) = 0 [pid 5134] close(5) = 0 [pid 5134] close(6 [pid 5135] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5134] close(7) = -1 EBADF (Bad file descriptor) [pid 5134] close(8) = -1 EBADF (Bad file descriptor) [pid 5134] close(9) = -1 EBADF (Bad file descriptor) [pid 5134] close(10) = -1 EBADF (Bad file descriptor) [pid 5134] close(11) = -1 EBADF (Bad file descriptor) [pid 5134] close(12) = -1 EBADF (Bad file descriptor) [pid 5134] close(13) = -1 EBADF (Bad file descriptor) [pid 5134] close(14) = -1 EBADF (Bad file descriptor) [pid 5134] close(15) = -1 EBADF (Bad file descriptor) [pid 5134] close(16) = -1 EBADF (Bad file descriptor) [pid 5134] close(17) = -1 EBADF (Bad file descriptor) [pid 5134] close(18) = -1 EBADF (Bad file descriptor) [pid 5134] close(19) = -1 EBADF (Bad file descriptor) [pid 5134] close(20) = -1 EBADF (Bad file descriptor) [pid 5134] close(21) = -1 EBADF (Bad file descriptor) [pid 5134] close(22) = -1 EBADF (Bad file descriptor) [pid 5134] close(23) = -1 EBADF (Bad file descriptor) [pid 5134] close(24) = -1 EBADF (Bad file descriptor) [pid 5134] close(25) = -1 EBADF (Bad file descriptor) [pid 5134] close(26) = -1 EBADF (Bad file descriptor) [pid 5134] close(27) = -1 EBADF (Bad file descriptor) [pid 5134] close(28) = -1 EBADF (Bad file descriptor) [pid 5134] close(29) = -1 EBADF (Bad file descriptor) [pid 5134] exit_group(0) = ? [pid 5135] <... futex resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=97, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./46/cgroup.cpu") = 0 [pid 5036] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./46/binderfs") = 0 [pid 5036] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./46/cgroup") = 0 [pid 5036] umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./46/file2") = 0 [pid 5036] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./46/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./46") = 0 [pid 5036] mkdir("./47", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x5555564766a0, 24) = 0 [pid 5136] chdir("./47") = 0 [pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 99 [pid 5136] setpgid(0, 0) = 0 [pid 5136] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5136] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5136] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5136] write(3, "1000", 4) = 4 [pid 5136] close(3) = 0 [pid 5136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5136] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5136] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5137 attached [pid 5137] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5137] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5136] <... clone3 resumed> => {parent_tid=[100]}, 88) = 100 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5136] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5137] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5137] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] mkdir("./file2", 0777) = 0 [pid 5137] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5137] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] chdir("./file2") = 0 [pid 5137] ioctl(4, LOOP_CLR_FD) = 0 [pid 5137] close(4) = 0 [pid 5137] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5137] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5136] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... openat resumed>) = 4 [pid 5137] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 0 [ 66.086298][ T5137] loop0: detected capacity change from 0 to 4096 [pid 5137] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5137] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5137] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5137] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5137] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] <... futex resumed>) = 0 [pid 5137] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5136] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... openat resumed>) = 5 [pid 5137] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5137] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 1 [pid 5136] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5136] <... futex resumed>) = 0 [pid 5137] <... mmap resumed>) = 0x20000000 [pid 5136] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] close(3) = 0 [pid 5136] close(4) = 0 [pid 5136] close(5) = 0 [pid 5136] close(6) = -1 EBADF (Bad file descriptor) [pid 5136] close(7) = -1 EBADF (Bad file descriptor) [pid 5136] close(8) = -1 EBADF (Bad file descriptor) [pid 5136] close(9) = -1 EBADF (Bad file descriptor) [pid 5136] close(10) = -1 EBADF (Bad file descriptor) [pid 5136] close(11) = -1 EBADF (Bad file descriptor) [pid 5136] close(12 [pid 5137] <... futex resumed>) = 1 [pid 5136] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5136] close(13 [pid 5137] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5136] close(14) = -1 EBADF (Bad file descriptor) [pid 5136] close(15) = -1 EBADF (Bad file descriptor) [pid 5136] close(16) = -1 EBADF (Bad file descriptor) [pid 5136] close(17) = -1 EBADF (Bad file descriptor) [pid 5136] close(18) = -1 EBADF (Bad file descriptor) [pid 5136] close(19) = -1 EBADF (Bad file descriptor) [pid 5136] close(20) = -1 EBADF (Bad file descriptor) [pid 5136] close(21) = -1 EBADF (Bad file descriptor) [pid 5136] close(22) = -1 EBADF (Bad file descriptor) [pid 5136] close(23) = -1 EBADF (Bad file descriptor) [pid 5136] close(24) = -1 EBADF (Bad file descriptor) [pid 5136] close(25) = -1 EBADF (Bad file descriptor) [pid 5136] close(26) = -1 EBADF (Bad file descriptor) [pid 5136] close(27) = -1 EBADF (Bad file descriptor) [pid 5136] close(28) = -1 EBADF (Bad file descriptor) [pid 5136] close(29) = -1 EBADF (Bad file descriptor) [pid 5136] exit_group(0) = ? [pid 5137] <... futex resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=99, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5036] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./47/cgroup.cpu") = 0 [pid 5036] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./47/binderfs") = 0 [pid 5036] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./47/cgroup") = 0 [pid 5036] umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./47/file2") = 0 [pid 5036] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./47/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./47") = 0 [pid 5036] mkdir("./48", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5138 attached [pid 5138] set_robust_list(0x5555564766a0, 24) = 0 [pid 5138] chdir("./48") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5138] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5138] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5138] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5139 attached [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 101 [pid 5139] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5138] <... clone3 resumed> => {parent_tid=[102]}, 88) = 102 [pid 5139] <... rseq resumed>) = 0 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] set_robust_list(0x7f4c079f79a0, 24 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5138] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5138] <... futex resumed>) = 0 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5138] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5139] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5139] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] mkdir("./file2", 0777) = 0 [pid 5139] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5139] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./file2") = 0 [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5139] close(4) = 0 [pid 5139] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5138] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5139] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5139] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 66.245075][ T5139] loop0: detected capacity change from 0 to 4096 [pid 5138] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... write resumed>) = 1036288 [pid 5139] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5138] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5139] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... futex resumed>) = 0 [pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5138] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... openat resumed>) = 5 [pid 5139] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... futex resumed>) = 1 [pid 5139] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5139] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5139] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5138] close(3) = 0 [pid 5138] close(4) = 0 [pid 5138] close(5) = 0 [pid 5139] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] close(6) = -1 EBADF (Bad file descriptor) [pid 5138] close(7) = -1 EBADF (Bad file descriptor) [pid 5138] close(8) = -1 EBADF (Bad file descriptor) [pid 5138] close(9) = -1 EBADF (Bad file descriptor) [pid 5138] close(10) = -1 EBADF (Bad file descriptor) [pid 5138] close(11) = -1 EBADF (Bad file descriptor) [pid 5138] close(12) = -1 EBADF (Bad file descriptor) [pid 5138] close(13) = -1 EBADF (Bad file descriptor) [pid 5138] close(14) = -1 EBADF (Bad file descriptor) [pid 5138] close(15) = -1 EBADF (Bad file descriptor) [pid 5138] close(16) = -1 EBADF (Bad file descriptor) [pid 5138] close(17) = -1 EBADF (Bad file descriptor) [pid 5138] close(18) = -1 EBADF (Bad file descriptor) [pid 5138] close(19) = -1 EBADF (Bad file descriptor) [pid 5138] close(20) = -1 EBADF (Bad file descriptor) [pid 5138] close(21) = -1 EBADF (Bad file descriptor) [pid 5138] close(22) = -1 EBADF (Bad file descriptor) [pid 5138] close(23) = -1 EBADF (Bad file descriptor) [pid 5138] close(24) = -1 EBADF (Bad file descriptor) [pid 5138] close(25) = -1 EBADF (Bad file descriptor) [pid 5138] close(26) = -1 EBADF (Bad file descriptor) [pid 5138] close(27) = -1 EBADF (Bad file descriptor) [pid 5138] close(28) = -1 EBADF (Bad file descriptor) [pid 5138] close(29) = -1 EBADF (Bad file descriptor) [pid 5138] exit_group(0) = ? [pid 5139] <... futex resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=101, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./48/cgroup.cpu") = 0 [pid 5036] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./48/binderfs") = 0 [pid 5036] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./48/cgroup") = 0 [pid 5036] umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./48/file2") = 0 [pid 5036] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./48/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./48") = 0 [pid 5036] mkdir("./49", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 103 ./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x5555564766a0, 24) = 0 [pid 5140] chdir("./49") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5140] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5140] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5140] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5141 attached => {parent_tid=[104]}, 88) = 104 [pid 5141] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5141] <... rseq resumed>) = 0 [pid 5141] set_robust_list(0x7f4c079f79a0, 24 [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5141] <... set_robust_list resumed>) = 0 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5140] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] memfd_create("syzkaller", 0 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] <... memfd_create resumed>) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5141] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5141] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file2", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5141] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file2") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5140] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... openat resumed>) = 4 [pid 5141] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5140] <... futex resumed>) = 0 [ 66.409669][ T5141] loop0: detected capacity change from 0 to 4096 [pid 5140] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... write resumed>) = 1036288 [pid 5141] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 1 [pid 5141] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5141] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5140] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... openat resumed>) = 5 [pid 5141] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5141] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5141] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] close(3 [pid 5141] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... close resumed>) = 0 [pid 5140] close(4) = 0 [pid 5140] close(5) = 0 [pid 5140] close(6) = -1 EBADF (Bad file descriptor) [pid 5140] close(7) = -1 EBADF (Bad file descriptor) [pid 5140] close(8) = -1 EBADF (Bad file descriptor) [pid 5140] close(9) = -1 EBADF (Bad file descriptor) [pid 5140] close(10) = -1 EBADF (Bad file descriptor) [pid 5140] close(11) = -1 EBADF (Bad file descriptor) [pid 5140] close(12) = -1 EBADF (Bad file descriptor) [pid 5140] close(13) = -1 EBADF (Bad file descriptor) [pid 5140] close(14) = -1 EBADF (Bad file descriptor) [pid 5140] close(15) = -1 EBADF (Bad file descriptor) [pid 5140] close(16) = -1 EBADF (Bad file descriptor) [pid 5140] close(17) = -1 EBADF (Bad file descriptor) [pid 5140] close(18) = -1 EBADF (Bad file descriptor) [pid 5140] close(19) = -1 EBADF (Bad file descriptor) [pid 5140] close(20) = -1 EBADF (Bad file descriptor) [pid 5140] close(21) = -1 EBADF (Bad file descriptor) [pid 5140] close(22) = -1 EBADF (Bad file descriptor) [pid 5140] close(23) = -1 EBADF (Bad file descriptor) [pid 5140] close(24) = -1 EBADF (Bad file descriptor) [pid 5140] close(25) = -1 EBADF (Bad file descriptor) [pid 5140] close(26) = -1 EBADF (Bad file descriptor) [pid 5140] close(27) = -1 EBADF (Bad file descriptor) [pid 5140] close(28) = -1 EBADF (Bad file descriptor) [pid 5140] close(29) = -1 EBADF (Bad file descriptor) [pid 5140] exit_group(0) = ? [pid 5141] <... futex resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=103, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./49/cgroup.cpu") = 0 [pid 5036] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./49/binderfs") = 0 [pid 5036] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./49/cgroup") = 0 [pid 5036] umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./49/file2") = 0 [pid 5036] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./49/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./49") = 0 [pid 5036] mkdir("./50", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5142 attached , child_tidptr=0x555556476690) = 105 [pid 5142] set_robust_list(0x5555564766a0, 24) = 0 [pid 5142] chdir("./50") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5142] setpgid(0, 0) = 0 [pid 5142] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5142] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5142] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5142] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5143 attached => {parent_tid=[106]}, 88) = 106 [pid 5143] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5143] set_robust_list(0x7f4c079f79a0, 24 [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5143] <... set_robust_list resumed>) = 0 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5143] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5143] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./file2", 0777) = 0 [pid 5143] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5143] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./file2") = 0 [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] close(4) = 0 [pid 5143] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... futex resumed>) = 0 [pid 5143] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5143] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5142] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5142] <... futex resumed>) = 0 [ 66.575435][ T5143] loop0: detected capacity change from 0 to 4096 [pid 5142] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... write resumed>) = 1036288 [pid 5143] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... futex resumed>) = 0 [pid 5143] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5143] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5142] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... openat resumed>) = 5 [pid 5143] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5142] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5143] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5142] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5142] close(3) = 0 [pid 5142] close(4) = 0 [pid 5142] close(5) = 0 [pid 5142] close(6) = -1 EBADF (Bad file descriptor) [pid 5142] close(7) = -1 EBADF (Bad file descriptor) [pid 5142] close(8) = -1 EBADF (Bad file descriptor) [pid 5142] close(9) = -1 EBADF (Bad file descriptor) [pid 5142] close(10) = -1 EBADF (Bad file descriptor) [pid 5142] close(11) = -1 EBADF (Bad file descriptor) [pid 5142] close(12) = -1 EBADF (Bad file descriptor) [pid 5142] close(13) = -1 EBADF (Bad file descriptor) [pid 5142] close(14) = -1 EBADF (Bad file descriptor) [pid 5142] close(15) = -1 EBADF (Bad file descriptor) [pid 5142] close(16) = -1 EBADF (Bad file descriptor) [pid 5142] close(17) = -1 EBADF (Bad file descriptor) [pid 5142] close(18) = -1 EBADF (Bad file descriptor) [pid 5142] close(19) = -1 EBADF (Bad file descriptor) [pid 5142] close(20) = -1 EBADF (Bad file descriptor) [pid 5142] close(21) = -1 EBADF (Bad file descriptor) [pid 5142] close(22) = -1 EBADF (Bad file descriptor) [pid 5142] close(23) = -1 EBADF (Bad file descriptor) [pid 5142] close(24) = -1 EBADF (Bad file descriptor) [pid 5142] close(25) = -1 EBADF (Bad file descriptor) [pid 5142] close(26) = -1 EBADF (Bad file descriptor) [pid 5142] close(27) = -1 EBADF (Bad file descriptor) [pid 5142] close(28) = -1 EBADF (Bad file descriptor) [pid 5142] close(29) = -1 EBADF (Bad file descriptor) [pid 5142] exit_group(0 [pid 5143] <... futex resumed>) = ? [pid 5142] <... exit_group resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=105, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./50/cgroup.cpu") = 0 [pid 5036] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./50/binderfs") = 0 [pid 5036] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./50/cgroup") = 0 [pid 5036] umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./50/file2") = 0 [pid 5036] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./50/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./50") = 0 [pid 5036] mkdir("./51", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5144 attached , child_tidptr=0x555556476690) = 107 [pid 5144] set_robust_list(0x5555564766a0, 24) = 0 [pid 5144] chdir("./51") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5144] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5144] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5144] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5145 attached [pid 5145] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5144] <... clone3 resumed> => {parent_tid=[108]}, 88) = 108 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5145] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], [pid 5144] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5145] memfd_create("syzkaller", 0 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] <... memfd_create resumed>) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5145] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5145] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file2", 0777) = 0 [pid 5145] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5145] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file2") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5144] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... openat resumed>) = 4 [pid 5145] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5145] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 66.736277][ T5145] loop0: detected capacity change from 0 to 4096 [pid 5144] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... write resumed>) = 1036288 [pid 5145] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5145] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5145] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5144] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... openat resumed>) = 5 [pid 5145] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5145] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5144] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5145] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 1 [pid 5145] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5145] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] close(3) = 0 [pid 5144] close(4 [pid 5145] <... futex resumed>) = 1 [pid 5145] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... close resumed>) = 0 [pid 5144] close(5) = 0 [pid 5144] close(6) = -1 EBADF (Bad file descriptor) [pid 5144] close(7) = -1 EBADF (Bad file descriptor) [pid 5144] close(8) = -1 EBADF (Bad file descriptor) [pid 5144] close(9) = -1 EBADF (Bad file descriptor) [pid 5144] close(10) = -1 EBADF (Bad file descriptor) [pid 5144] close(11) = -1 EBADF (Bad file descriptor) [pid 5144] close(12) = -1 EBADF (Bad file descriptor) [pid 5144] close(13) = -1 EBADF (Bad file descriptor) [pid 5144] close(14) = -1 EBADF (Bad file descriptor) [pid 5144] close(15) = -1 EBADF (Bad file descriptor) [pid 5144] close(16) = -1 EBADF (Bad file descriptor) [pid 5144] close(17) = -1 EBADF (Bad file descriptor) [pid 5144] close(18) = -1 EBADF (Bad file descriptor) [pid 5144] close(19) = -1 EBADF (Bad file descriptor) [pid 5144] close(20) = -1 EBADF (Bad file descriptor) [pid 5144] close(21) = -1 EBADF (Bad file descriptor) [pid 5144] close(22) = -1 EBADF (Bad file descriptor) [pid 5144] close(23) = -1 EBADF (Bad file descriptor) [pid 5144] close(24) = -1 EBADF (Bad file descriptor) [pid 5144] close(25) = -1 EBADF (Bad file descriptor) [pid 5144] close(26) = -1 EBADF (Bad file descriptor) [pid 5144] close(27) = -1 EBADF (Bad file descriptor) [pid 5144] close(28) = -1 EBADF (Bad file descriptor) [pid 5144] close(29) = -1 EBADF (Bad file descriptor) [pid 5144] exit_group(0 [pid 5145] <... futex resumed>) = ? [pid 5144] <... exit_group resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=107, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./51/cgroup.cpu") = 0 [pid 5036] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./51/binderfs") = 0 [pid 5036] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./51/cgroup") = 0 [pid 5036] umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./51/file2") = 0 [pid 5036] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./51/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./51") = 0 [pid 5036] mkdir("./52", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached , child_tidptr=0x555556476690) = 109 [pid 5146] set_robust_list(0x5555564766a0, 24) = 0 [pid 5146] chdir("./52") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5146] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5146] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5146] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5147 attached => {parent_tid=[110]}, 88) = 110 [pid 5147] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5147] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5147] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] memfd_create("syzkaller", 0 [pid 5146] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] <... memfd_create resumed>) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5147] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5147] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file2", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5147] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file2") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5146] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... openat resumed>) = 4 [pid 5147] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5147] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 66.913964][ T5147] loop0: detected capacity change from 0 to 4096 [pid 5146] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... write resumed>) = 1036288 [pid 5147] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5147] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5147] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5147] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5147] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] close(3) = 0 [pid 5146] close(4) = 0 [pid 5146] close(5) = 0 [pid 5146] close(6) = -1 EBADF (Bad file descriptor) [pid 5146] close(7) = -1 EBADF (Bad file descriptor) [pid 5146] close(8) = -1 EBADF (Bad file descriptor) [pid 5146] close(9) = -1 EBADF (Bad file descriptor) [pid 5146] close(10) = -1 EBADF (Bad file descriptor) [pid 5146] close(11) = -1 EBADF (Bad file descriptor) [pid 5146] close(12) = -1 EBADF (Bad file descriptor) [pid 5146] close(13) = -1 EBADF (Bad file descriptor) [pid 5146] close(14) = -1 EBADF (Bad file descriptor) [pid 5146] close(15) = -1 EBADF (Bad file descriptor) [pid 5146] close(16) = -1 EBADF (Bad file descriptor) [pid 5146] close(17) = -1 EBADF (Bad file descriptor) [pid 5146] close(18) = -1 EBADF (Bad file descriptor) [pid 5146] close(19) = -1 EBADF (Bad file descriptor) [pid 5146] close(20) = -1 EBADF (Bad file descriptor) [pid 5146] close(21) = -1 EBADF (Bad file descriptor) [pid 5146] close(22) = -1 EBADF (Bad file descriptor) [pid 5146] close(23) = -1 EBADF (Bad file descriptor) [pid 5146] close(24) = -1 EBADF (Bad file descriptor) [pid 5146] close(25) = -1 EBADF (Bad file descriptor) [pid 5146] close(26) = -1 EBADF (Bad file descriptor) [pid 5146] close(27) = -1 EBADF (Bad file descriptor) [pid 5146] close(28) = -1 EBADF (Bad file descriptor) [pid 5146] close(29) = -1 EBADF (Bad file descriptor) [pid 5146] exit_group(0) = ? [pid 5147] <... futex resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=109, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./52/cgroup.cpu") = 0 [pid 5036] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./52/binderfs") = 0 [pid 5036] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./52/cgroup") = 0 [pid 5036] umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./52/file2") = 0 [pid 5036] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./52/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./52") = 0 [pid 5036] mkdir("./53", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 111 ./strace-static-x86_64: Process 5148 attached [pid 5148] set_robust_list(0x5555564766a0, 24) = 0 [pid 5148] chdir("./53") = 0 [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5148] setpgid(0, 0) = 0 [pid 5148] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5148] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5148] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5148] write(3, "1000", 4) = 4 [pid 5148] close(3) = 0 [pid 5148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5148] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5148] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5149 attached [pid 5149] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5148] <... clone3 resumed> => {parent_tid=[112]}, 88) = 112 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5149] <... rseq resumed>) = 0 [pid 5149] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5149] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5149] memfd_create("syzkaller", 0 [pid 5148] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5149] <... memfd_create resumed>) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5149] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5149] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] mkdir("./file2", 0777) = 0 [pid 5149] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5149] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] chdir("./file2") = 0 [pid 5149] ioctl(4, LOOP_CLR_FD) = 0 [pid 5149] close(4) = 0 [pid 5149] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5148] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5149] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 67.089427][ T5149] loop0: detected capacity change from 0 to 4096 [pid 5149] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5149] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5149] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5148] <... futex resumed>) = 0 [pid 5149] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5148] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5149] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5149] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5148] <... futex resumed>) = 0 [pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5148] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... openat resumed>) = 5 [pid 5149] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5148] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5149] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5148] <... futex resumed>) = 1 [pid 5149] <... mmap resumed>) = 0x20000000 [pid 5148] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] close(3) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5148] close(4 [pid 5149] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] <... close resumed>) = 0 [pid 5148] close(5) = 0 [pid 5148] close(6) = -1 EBADF (Bad file descriptor) [pid 5148] close(7) = -1 EBADF (Bad file descriptor) [pid 5148] close(8) = -1 EBADF (Bad file descriptor) [pid 5148] close(9) = -1 EBADF (Bad file descriptor) [pid 5148] close(10) = -1 EBADF (Bad file descriptor) [pid 5148] close(11) = -1 EBADF (Bad file descriptor) [pid 5148] close(12) = -1 EBADF (Bad file descriptor) [pid 5148] close(13) = -1 EBADF (Bad file descriptor) [pid 5148] close(14) = -1 EBADF (Bad file descriptor) [pid 5148] close(15) = -1 EBADF (Bad file descriptor) [pid 5148] close(16) = -1 EBADF (Bad file descriptor) [pid 5148] close(17) = -1 EBADF (Bad file descriptor) [pid 5148] close(18) = -1 EBADF (Bad file descriptor) [pid 5148] close(19) = -1 EBADF (Bad file descriptor) [pid 5148] close(20) = -1 EBADF (Bad file descriptor) [pid 5148] close(21) = -1 EBADF (Bad file descriptor) [pid 5148] close(22) = -1 EBADF (Bad file descriptor) [pid 5148] close(23) = -1 EBADF (Bad file descriptor) [pid 5148] close(24) = -1 EBADF (Bad file descriptor) [pid 5148] close(25) = -1 EBADF (Bad file descriptor) [pid 5148] close(26) = -1 EBADF (Bad file descriptor) [pid 5148] close(27) = -1 EBADF (Bad file descriptor) [pid 5148] close(28) = -1 EBADF (Bad file descriptor) [pid 5148] close(29) = -1 EBADF (Bad file descriptor) [pid 5148] exit_group(0 [pid 5149] <... futex resumed>) = ? [pid 5149] +++ exited with 0 +++ [pid 5148] <... exit_group resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=111, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./53/cgroup.cpu") = 0 [pid 5036] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./53/binderfs") = 0 [pid 5036] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./53/cgroup") = 0 [pid 5036] umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./53/file2") = 0 [pid 5036] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./53/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./53") = 0 [pid 5036] mkdir("./54", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x5555564766a0, 24) = 0 [pid 5150] chdir("./54") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 113 [pid 5150] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5150] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5150] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5150] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5151 attached [pid 5151] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5150] <... clone3 resumed> => {parent_tid=[114]}, 88) = 114 [pid 5151] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5151] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5150] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5151] memfd_create("syzkaller", 0 [pid 5150] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5151] <... memfd_create resumed>) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5151] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5151] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./file2", 0777) = 0 [pid 5151] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5151] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./file2") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [pid 5151] close(4) = 0 [pid 5151] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5151] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 67.267884][ T5151] loop0: detected capacity change from 0 to 4096 [pid 5150] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... write resumed>) = 1036288 [pid 5151] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] <... futex resumed>) = 0 [pid 5151] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5150] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5151] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] <... futex resumed>) = 0 [pid 5151] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5150] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... openat resumed>) = 5 [pid 5151] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] <... futex resumed>) = 0 [pid 5151] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5150] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5151] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5151] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5150] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... mmap resumed>) = 0x20000000 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] close(3) = 0 [pid 5150] close(4) = 0 [pid 5150] close(5) = 0 [pid 5150] close(6) = -1 EBADF (Bad file descriptor) [pid 5150] close(7) = -1 EBADF (Bad file descriptor) [pid 5150] close(8) = -1 EBADF (Bad file descriptor) [pid 5150] close(9) = -1 EBADF (Bad file descriptor) [pid 5150] close(10) = -1 EBADF (Bad file descriptor) [pid 5150] close(11) = -1 EBADF (Bad file descriptor) [pid 5150] close(12) = -1 EBADF (Bad file descriptor) [pid 5150] close(13) = -1 EBADF (Bad file descriptor) [pid 5150] close(14) = -1 EBADF (Bad file descriptor) [pid 5150] close(15 [pid 5151] <... futex resumed>) = 0 [pid 5150] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5150] close(16) = -1 EBADF (Bad file descriptor) [pid 5150] close(17) = -1 EBADF (Bad file descriptor) [pid 5150] close(18) = -1 EBADF (Bad file descriptor) [pid 5150] close(19) = -1 EBADF (Bad file descriptor) [pid 5151] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] close(20) = -1 EBADF (Bad file descriptor) [pid 5150] close(21) = -1 EBADF (Bad file descriptor) [pid 5150] close(22) = -1 EBADF (Bad file descriptor) [pid 5150] close(23) = -1 EBADF (Bad file descriptor) [pid 5150] close(24) = -1 EBADF (Bad file descriptor) [pid 5150] close(25) = -1 EBADF (Bad file descriptor) [pid 5150] close(26) = -1 EBADF (Bad file descriptor) [pid 5150] close(27) = -1 EBADF (Bad file descriptor) [pid 5150] close(28) = -1 EBADF (Bad file descriptor) [pid 5150] close(29) = -1 EBADF (Bad file descriptor) [pid 5150] exit_group(0 [pid 5151] <... futex resumed>) = ? [pid 5150] <... exit_group resumed>) = ? [pid 5151] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=113, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5036] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./54/cgroup.cpu") = 0 [pid 5036] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./54/binderfs") = 0 [pid 5036] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./54/cgroup") = 0 [pid 5036] umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./54/file2") = 0 [pid 5036] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./54/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./54") = 0 [pid 5036] mkdir("./55", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x5555564766a0, 24) = 0 [pid 5152] chdir("./55" [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 115 [pid 5152] <... chdir resumed>) = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5152] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5152] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5152] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5153 attached [pid 5153] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5152] <... clone3 resumed> => {parent_tid=[116]}, 88) = 116 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5152] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5153] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5153] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5153] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file2", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5153] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file2") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 0 [pid 5153] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5153] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 67.435794][ T5153] loop0: detected capacity change from 0 to 4096 [pid 5152] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... write resumed>) = 1036288 [pid 5153] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5153] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5152] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5153] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5152] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5153] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5152] <... futex resumed>) = 0 [pid 5153] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5153] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5152] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5153] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = 0 [pid 5152] close(3) = 0 [pid 5152] close(4) = 0 [pid 5152] close(5) = 0 [pid 5152] close(6) = -1 EBADF (Bad file descriptor) [pid 5152] close(7) = -1 EBADF (Bad file descriptor) [pid 5152] close(8) = -1 EBADF (Bad file descriptor) [pid 5152] close(9) = -1 EBADF (Bad file descriptor) [pid 5152] close(10) = -1 EBADF (Bad file descriptor) [pid 5152] close(11) = -1 EBADF (Bad file descriptor) [pid 5152] close(12) = -1 EBADF (Bad file descriptor) [pid 5152] close(13) = -1 EBADF (Bad file descriptor) [pid 5152] close(14) = -1 EBADF (Bad file descriptor) [pid 5152] close(15) = -1 EBADF (Bad file descriptor) [pid 5152] close(16) = -1 EBADF (Bad file descriptor) [pid 5152] close(17) = -1 EBADF (Bad file descriptor) [pid 5152] close(18) = -1 EBADF (Bad file descriptor) [pid 5152] close(19) = -1 EBADF (Bad file descriptor) [pid 5152] close(20) = -1 EBADF (Bad file descriptor) [pid 5152] close(21) = -1 EBADF (Bad file descriptor) [pid 5152] close(22) = -1 EBADF (Bad file descriptor) [pid 5152] close(23) = -1 EBADF (Bad file descriptor) [pid 5152] close(24) = -1 EBADF (Bad file descriptor) [pid 5152] close(25) = -1 EBADF (Bad file descriptor) [pid 5152] close(26) = -1 EBADF (Bad file descriptor) [pid 5152] close(27) = -1 EBADF (Bad file descriptor) [pid 5152] close(28) = -1 EBADF (Bad file descriptor) [pid 5152] close(29) = -1 EBADF (Bad file descriptor) [pid 5152] exit_group(0) = ? [pid 5153] <... futex resumed>) = ? [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=115, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./55/cgroup.cpu") = 0 [pid 5036] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./55/binderfs") = 0 [pid 5036] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./55/cgroup") = 0 [pid 5036] umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./55/file2") = 0 [pid 5036] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./55/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./55") = 0 [pid 5036] mkdir("./56", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 117 ./strace-static-x86_64: Process 5154 attached [pid 5154] set_robust_list(0x5555564766a0, 24) = 0 [pid 5154] chdir("./56") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5154] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5154] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5154] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5155 attached [pid 5155] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5155] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5154] <... clone3 resumed> => {parent_tid=[118]}, 88) = 118 [pid 5155] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5154] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5154] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5155] memfd_create("syzkaller", 0) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5155] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5155] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] mkdir("./file2", 0777) = 0 [pid 5155] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5155] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./file2") = 0 [pid 5155] ioctl(4, LOOP_CLR_FD) = 0 [pid 5155] close(4) = 0 [pid 5155] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... openat resumed>) = 4 [pid 5155] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] <... futex resumed>) = 0 [pid 5155] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5154] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... write resumed>) = 1036288 [ 67.603995][ T5155] loop0: detected capacity change from 0 to 4096 [pid 5155] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5154] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5155] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5154] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5155] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] <... futex resumed>) = 0 [pid 5155] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5154] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5155] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5154] <... futex resumed>) = 0 [pid 5155] <... mmap resumed>) = 0x20000000 [pid 5154] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] close(3) = 0 [pid 5154] close(4) = 0 [pid 5154] close(5) = 0 [pid 5154] close(6) = -1 EBADF (Bad file descriptor) [pid 5154] close(7) = -1 EBADF (Bad file descriptor) [pid 5154] close(8) = -1 EBADF (Bad file descriptor) [pid 5154] close(9) = -1 EBADF (Bad file descriptor) [pid 5154] close(10) = -1 EBADF (Bad file descriptor) [pid 5154] close(11) = -1 EBADF (Bad file descriptor) [pid 5154] close(12) = -1 EBADF (Bad file descriptor) [pid 5154] close(13) = -1 EBADF (Bad file descriptor) [pid 5154] close(14) = -1 EBADF (Bad file descriptor) [pid 5154] close(15) = -1 EBADF (Bad file descriptor) [pid 5154] close(16) = -1 EBADF (Bad file descriptor) [pid 5154] close(17) = -1 EBADF (Bad file descriptor) [pid 5154] close(18) = -1 EBADF (Bad file descriptor) [pid 5154] close(19) = -1 EBADF (Bad file descriptor) [pid 5154] close(20) = -1 EBADF (Bad file descriptor) [pid 5154] close(21) = -1 EBADF (Bad file descriptor) [pid 5154] close(22) = -1 EBADF (Bad file descriptor) [pid 5154] close(23) = -1 EBADF (Bad file descriptor) [pid 5154] close(24) = -1 EBADF (Bad file descriptor) [pid 5154] close(25) = -1 EBADF (Bad file descriptor) [pid 5154] close(26) = -1 EBADF (Bad file descriptor) [pid 5154] close(27) = -1 EBADF (Bad file descriptor) [pid 5154] close(28) = -1 EBADF (Bad file descriptor) [pid 5154] close(29) = -1 EBADF (Bad file descriptor) [pid 5154] exit_group(0) = ? [pid 5155] <... futex resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5154] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=117, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./56/cgroup.cpu") = 0 [pid 5036] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./56/binderfs") = 0 [pid 5036] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./56/cgroup") = 0 [pid 5036] umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./56/file2") = 0 [pid 5036] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./56/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./56") = 0 [pid 5036] mkdir("./57", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5156 attached , child_tidptr=0x555556476690) = 119 [pid 5156] set_robust_list(0x5555564766a0, 24) = 0 [pid 5156] chdir("./57") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5156] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5156] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5156] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5157 attached => {parent_tid=[120]}, 88) = 120 [pid 5157] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5156] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5157] <... rseq resumed>) = 0 [pid 5157] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5157] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5157] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] mkdir("./file2", 0777) = 0 [pid 5157] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5157] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./file2") = 0 [pid 5157] ioctl(4, LOOP_CLR_FD) = 0 [pid 5157] close(4) = 0 [pid 5157] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5157] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5156] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... openat resumed>) = 4 [pid 5157] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5157] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 67.751930][ T5157] loop0: detected capacity change from 0 to 4096 [pid 5156] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... write resumed>) = 1036288 [pid 5157] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5156] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5157] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... openat resumed>) = 5 [pid 5157] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5157] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5157] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] close(3) = 0 [pid 5156] close(4) = 0 [pid 5156] close(5) = 0 [pid 5156] close(6 [pid 5157] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5156] close(7) = -1 EBADF (Bad file descriptor) [pid 5156] close(8) = -1 EBADF (Bad file descriptor) [pid 5156] close(9) = -1 EBADF (Bad file descriptor) [pid 5156] close(10) = -1 EBADF (Bad file descriptor) [pid 5156] close(11) = -1 EBADF (Bad file descriptor) [pid 5156] close(12) = -1 EBADF (Bad file descriptor) [pid 5156] close(13) = -1 EBADF (Bad file descriptor) [pid 5156] close(14) = -1 EBADF (Bad file descriptor) [pid 5156] close(15) = -1 EBADF (Bad file descriptor) [pid 5156] close(16) = -1 EBADF (Bad file descriptor) [pid 5156] close(17) = -1 EBADF (Bad file descriptor) [pid 5156] close(18) = -1 EBADF (Bad file descriptor) [pid 5156] close(19) = -1 EBADF (Bad file descriptor) [pid 5156] close(20) = -1 EBADF (Bad file descriptor) [pid 5156] close(21) = -1 EBADF (Bad file descriptor) [pid 5156] close(22) = -1 EBADF (Bad file descriptor) [pid 5156] close(23) = -1 EBADF (Bad file descriptor) [pid 5156] close(24) = -1 EBADF (Bad file descriptor) [pid 5156] close(25) = -1 EBADF (Bad file descriptor) [pid 5156] close(26) = -1 EBADF (Bad file descriptor) [pid 5156] close(27) = -1 EBADF (Bad file descriptor) [pid 5156] close(28) = -1 EBADF (Bad file descriptor) [pid 5156] close(29) = -1 EBADF (Bad file descriptor) [pid 5156] exit_group(0) = ? [pid 5157] <... futex resumed>) = ? [pid 5157] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=119, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5036] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./57/cgroup.cpu") = 0 [pid 5036] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./57/binderfs") = 0 [pid 5036] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./57/cgroup") = 0 [pid 5036] umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./57/file2") = 0 [pid 5036] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./57/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./57") = 0 [pid 5036] mkdir("./58", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5158 attached , child_tidptr=0x555556476690) = 121 [pid 5158] set_robust_list(0x5555564766a0, 24) = 0 [pid 5158] chdir("./58") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5158] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5158] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5158] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5159 attached => {parent_tid=[122]}, 88) = 122 [pid 5159] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] set_robust_list(0x7f4c079f79a0, 24 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], [pid 5158] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5158] <... futex resumed>) = 0 [pid 5159] memfd_create("syzkaller", 0 [pid 5158] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5159] <... memfd_create resumed>) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5159] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5159] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] mkdir("./file2", 0777) = 0 [pid 5159] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5159] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./file2") = 0 [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [pid 5159] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... openat resumed>) = 4 [pid 5159] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 67.943516][ T5159] loop0: detected capacity change from 0 to 4096 [pid 5158] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... write resumed>) = 1036288 [pid 5159] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5159] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5158] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... openat resumed>) = 5 [pid 5159] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5158] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5159] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5158] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5159] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] close(3) = 0 [pid 5158] close(4) = 0 [pid 5158] close(5) = 0 [pid 5158] close(6) = -1 EBADF (Bad file descriptor) [pid 5158] close(7) = -1 EBADF (Bad file descriptor) [pid 5158] close(8) = -1 EBADF (Bad file descriptor) [pid 5158] close(9) = -1 EBADF (Bad file descriptor) [pid 5158] close(10) = -1 EBADF (Bad file descriptor) [pid 5158] close(11) = -1 EBADF (Bad file descriptor) [pid 5158] close(12) = -1 EBADF (Bad file descriptor) [pid 5158] close(13) = -1 EBADF (Bad file descriptor) [pid 5158] close(14) = -1 EBADF (Bad file descriptor) [pid 5158] close(15) = -1 EBADF (Bad file descriptor) [pid 5158] close(16) = -1 EBADF (Bad file descriptor) [pid 5158] close(17) = -1 EBADF (Bad file descriptor) [pid 5158] close(18) = -1 EBADF (Bad file descriptor) [pid 5158] close(19) = -1 EBADF (Bad file descriptor) [pid 5158] close(20) = -1 EBADF (Bad file descriptor) [pid 5158] close(21) = -1 EBADF (Bad file descriptor) [pid 5158] close(22) = -1 EBADF (Bad file descriptor) [pid 5158] close(23) = -1 EBADF (Bad file descriptor) [pid 5158] close(24) = -1 EBADF (Bad file descriptor) [pid 5158] close(25) = -1 EBADF (Bad file descriptor) [pid 5158] close(26) = -1 EBADF (Bad file descriptor) [pid 5158] close(27) = -1 EBADF (Bad file descriptor) [pid 5158] close(28) = -1 EBADF (Bad file descriptor) [pid 5158] close(29) = -1 EBADF (Bad file descriptor) [pid 5158] exit_group(0 [pid 5159] <... futex resumed>) = ? [pid 5158] <... exit_group resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=121, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5036] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./58/cgroup.cpu") = 0 [pid 5036] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./58/binderfs") = 0 [pid 5036] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./58/cgroup") = 0 [pid 5036] umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./58/file2") = 0 [pid 5036] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./58/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./58") = 0 [pid 5036] mkdir("./59", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5160 attached , child_tidptr=0x555556476690) = 123 [pid 5160] set_robust_list(0x5555564766a0, 24) = 0 [pid 5160] chdir("./59") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5160] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5160] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5160] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5160] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[124]}, 88) = 124 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5161 attached [pid 5161] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5161] <... rseq resumed>) = 0 [pid 5160] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] set_robust_list(0x7f4c079f79a0, 24 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5161] <... set_robust_list resumed>) = 0 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5161] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5161] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] mkdir("./file2", 0777) = 0 [pid 5161] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5161] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] chdir("./file2") = 0 [pid 5161] ioctl(4, LOOP_CLR_FD) = 0 [pid 5161] close(4) = 0 [pid 5161] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5161] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5161] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5160] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... openat resumed>) = 4 [pid 5161] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5161] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5160] <... futex resumed>) = 0 [pid 5161] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 68.111688][ T5161] loop0: detected capacity change from 0 to 4096 [pid 5160] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... write resumed>) = 1036288 [pid 5161] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5161] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5161] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5160] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... openat resumed>) = 5 [pid 5161] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5161] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5160] <... futex resumed>) = 0 [pid 5161] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5160] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5160] <... futex resumed>) = 0 [pid 5161] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5160] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... mmap resumed>) = 0x20000000 [pid 5161] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] <... futex resumed>) = 0 [pid 5160] close(3) = 0 [pid 5160] close(4) = 0 [pid 5160] close(5) = 0 [pid 5160] close(6) = -1 EBADF (Bad file descriptor) [pid 5160] close(7) = -1 EBADF (Bad file descriptor) [pid 5160] close(8) = -1 EBADF (Bad file descriptor) [pid 5160] close(9) = -1 EBADF (Bad file descriptor) [pid 5160] close(10) = -1 EBADF (Bad file descriptor) [pid 5160] close(11) = -1 EBADF (Bad file descriptor) [pid 5160] close(12) = -1 EBADF (Bad file descriptor) [pid 5160] close(13) = -1 EBADF (Bad file descriptor) [pid 5160] close(14) = -1 EBADF (Bad file descriptor) [pid 5160] close(15) = -1 EBADF (Bad file descriptor) [pid 5160] close(16) = -1 EBADF (Bad file descriptor) [pid 5160] close(17) = -1 EBADF (Bad file descriptor) [pid 5160] close(18) = -1 EBADF (Bad file descriptor) [pid 5160] close(19) = -1 EBADF (Bad file descriptor) [pid 5160] close(20) = -1 EBADF (Bad file descriptor) [pid 5160] close(21) = -1 EBADF (Bad file descriptor) [pid 5160] close(22) = -1 EBADF (Bad file descriptor) [pid 5160] close(23) = -1 EBADF (Bad file descriptor) [pid 5160] close(24) = -1 EBADF (Bad file descriptor) [pid 5160] close(25) = -1 EBADF (Bad file descriptor) [pid 5160] close(26) = -1 EBADF (Bad file descriptor) [pid 5160] close(27) = -1 EBADF (Bad file descriptor) [pid 5160] close(28) = -1 EBADF (Bad file descriptor) [pid 5160] close(29) = -1 EBADF (Bad file descriptor) [pid 5160] exit_group(0 [pid 5161] <... futex resumed>) = ? [pid 5161] +++ exited with 0 +++ [pid 5160] <... exit_group resumed>) = ? [pid 5160] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=123, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./59/cgroup.cpu") = 0 [pid 5036] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./59/binderfs") = 0 [pid 5036] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./59/cgroup") = 0 [pid 5036] umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./59/file2") = 0 [pid 5036] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./59/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./59") = 0 [pid 5036] mkdir("./60", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached , child_tidptr=0x555556476690) = 125 [pid 5162] set_robust_list(0x5555564766a0, 24) = 0 [pid 5162] chdir("./60") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5162] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5162] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5162] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5162] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5163 attached => {parent_tid=[126]}, 88) = 126 [pid 5163] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] <... rseq resumed>) = 0 [pid 5163] set_robust_list(0x7f4c079f79a0, 24 [pid 5162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] <... set_robust_list resumed>) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5163] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5162] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] memfd_create("syzkaller", 0 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5163] <... memfd_create resumed>) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5163] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5163] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5163] close(3) = 0 [pid 5163] mkdir("./file2", 0777) = 0 [pid 5163] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5163] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5163] chdir("./file2") = 0 [pid 5163] ioctl(4, LOOP_CLR_FD) = 0 [pid 5163] close(4) = 0 [pid 5163] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5163] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5162] <... futex resumed>) = 0 [pid 5163] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5162] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... openat resumed>) = 4 [pid 5163] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 68.279101][ T5163] loop0: detected capacity change from 0 to 4096 [pid 5162] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... write resumed>) = 1036288 [pid 5163] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5163] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5163] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5162] <... futex resumed>) = 0 [pid 5163] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5162] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... openat resumed>) = 5 [pid 5163] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5163] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5162] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5162] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5162] close(3) = 0 [pid 5162] close(4) = 0 [pid 5162] close(5) = 0 [pid 5162] close(6) = -1 EBADF (Bad file descriptor) [pid 5162] close(7) = -1 EBADF (Bad file descriptor) [pid 5162] close(8) = -1 EBADF (Bad file descriptor) [pid 5162] close(9) = -1 EBADF (Bad file descriptor) [pid 5162] close(10) = -1 EBADF (Bad file descriptor) [pid 5162] close(11) = -1 EBADF (Bad file descriptor) [pid 5162] close(12) = -1 EBADF (Bad file descriptor) [pid 5162] close(13) = -1 EBADF (Bad file descriptor) [pid 5162] close(14 [pid 5163] <... futex resumed>) = 1 [pid 5162] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5163] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] close(15) = -1 EBADF (Bad file descriptor) [pid 5162] close(16) = -1 EBADF (Bad file descriptor) [pid 5162] close(17) = -1 EBADF (Bad file descriptor) [pid 5162] close(18) = -1 EBADF (Bad file descriptor) [pid 5162] close(19) = -1 EBADF (Bad file descriptor) [pid 5162] close(20) = -1 EBADF (Bad file descriptor) [pid 5162] close(21) = -1 EBADF (Bad file descriptor) [pid 5162] close(22) = -1 EBADF (Bad file descriptor) [pid 5162] close(23) = -1 EBADF (Bad file descriptor) [pid 5162] close(24) = -1 EBADF (Bad file descriptor) [pid 5162] close(25) = -1 EBADF (Bad file descriptor) [pid 5162] close(26) = -1 EBADF (Bad file descriptor) [pid 5162] close(27) = -1 EBADF (Bad file descriptor) [pid 5162] close(28) = -1 EBADF (Bad file descriptor) [pid 5162] close(29) = -1 EBADF (Bad file descriptor) [pid 5162] exit_group(0 [pid 5163] <... futex resumed>) = ? [pid 5162] <... exit_group resumed>) = ? [pid 5163] +++ exited with 0 +++ [pid 5162] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=125, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./60/cgroup.cpu") = 0 [pid 5036] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./60/binderfs") = 0 [pid 5036] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./60/cgroup") = 0 [pid 5036] umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./60/file2") = 0 [pid 5036] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./60/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./60") = 0 [pid 5036] mkdir("./61", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556476690) = 127 ./strace-static-x86_64: Process 5164 attached [pid 5164] set_robust_list(0x5555564766a0, 24) = 0 [pid 5164] chdir("./61") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5164] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5164] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5164] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5164] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0} => {parent_tid=[128]}, 88) = 128 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5164] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5165 attached [pid 5165] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5165] set_robust_list(0x7f4c079f79a0, 24 [pid 5164] <... futex resumed>) = 0 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5164] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5165] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5165] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] mkdir("./file2", 0777) = 0 [pid 5165] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5165] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./file2") = 0 [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4) = 0 [pid 5165] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... futex resumed>) = 0 [pid 5165] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5164] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... openat resumed>) = 4 [pid 5165] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... futex resumed>) = 0 [pid 5165] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 68.442843][ T5165] loop0: detected capacity change from 0 to 4096 [pid 5164] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... write resumed>) = 1036288 [pid 5165] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5165] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... openat resumed>) = 5 [pid 5165] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5165] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5165] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] close(3) = 0 [pid 5164] close(4) = 0 [pid 5164] close(5) = 0 [pid 5164] close(6) = -1 EBADF (Bad file descriptor) [pid 5164] close(7) = -1 EBADF (Bad file descriptor) [pid 5164] close(8) = -1 EBADF (Bad file descriptor) [pid 5165] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] close(9) = -1 EBADF (Bad file descriptor) [pid 5164] close(10) = -1 EBADF (Bad file descriptor) [pid 5164] close(11) = -1 EBADF (Bad file descriptor) [pid 5164] close(12) = -1 EBADF (Bad file descriptor) [pid 5164] close(13) = -1 EBADF (Bad file descriptor) [pid 5164] close(14) = -1 EBADF (Bad file descriptor) [pid 5164] close(15) = -1 EBADF (Bad file descriptor) [pid 5164] close(16) = -1 EBADF (Bad file descriptor) [pid 5164] close(17) = -1 EBADF (Bad file descriptor) [pid 5164] close(18) = -1 EBADF (Bad file descriptor) [pid 5164] close(19) = -1 EBADF (Bad file descriptor) [pid 5164] close(20) = -1 EBADF (Bad file descriptor) [pid 5164] close(21) = -1 EBADF (Bad file descriptor) [pid 5164] close(22) = -1 EBADF (Bad file descriptor) [pid 5164] close(23) = -1 EBADF (Bad file descriptor) [pid 5164] close(24) = -1 EBADF (Bad file descriptor) [pid 5164] close(25) = -1 EBADF (Bad file descriptor) [pid 5164] close(26) = -1 EBADF (Bad file descriptor) [pid 5164] close(27) = -1 EBADF (Bad file descriptor) [pid 5164] close(28) = -1 EBADF (Bad file descriptor) [pid 5164] close(29) = -1 EBADF (Bad file descriptor) [pid 5164] exit_group(0 [pid 5165] <... futex resumed>) = ? [pid 5164] <... exit_group resumed>) = ? [pid 5165] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ [pid 5036] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=127, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5036] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5036] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, 0x555556477730 /* 7 entries */, 32768) = 208 [pid 5036] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./61/cgroup.cpu") = 0 [pid 5036] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./61/binderfs") = 0 [pid 5036] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./61/cgroup") = 0 [pid 5036] umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5036] umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5036] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(4, 0x55555647f770 /* 2 entries */, 32768) = 48 [pid 5036] getdents64(4, 0x55555647f770 /* 0 entries */, 32768) = 0 [pid 5036] close(4) = 0 [pid 5036] rmdir("./61/file2") = 0 [pid 5036] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5036] newfstatat(AT_FDCWD, "./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5036] unlink("./61/cgroup.net") = 0 [pid 5036] getdents64(3, 0x555556477730 /* 0 entries */, 32768) = 0 [pid 5036] close(3) = 0 [pid 5036] rmdir("./61") = 0 [pid 5036] mkdir("./62", 0777) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5036] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5036] close(3) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x5555564766a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556476690) = 129 [pid 5166] <... set_robust_list resumed>) = 0 [pid 5166] chdir("./62") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5166] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5166] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] rt_sigaction(SIGRT_1, {sa_handler=0x7f4c07a61920, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4c07a52ad0}, NULL, 8) = 0 [pid 5166] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4c079d7000 [pid 5166] mprotect(0x7f4c079d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5166] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4c079f7990, parent_tid=0x7f4c079f7990, exit_signal=0, stack=0x7f4c079d7000, stack_size=0x20300, tls=0x7f4c079f76c0}./strace-static-x86_64: Process 5167 attached => {parent_tid=[130]}, 88) = 130 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5166] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f4c07ae36cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5167] rseq(0x7f4c079f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5167] set_robust_list(0x7f4c079f79a0, 24) = 0 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4bff5d7000 [pid 5167] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5167] munmap(0x7f4bff5d7000, 138412032) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./file2", 0777) = 0 [pid 5167] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5167] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file2") = 0 [pid 5167] ioctl(4, LOOP_CLR_FD) = 0 [pid 5167] close(4) = 0 [pid 5167] futex(0x7f4c07ae36cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] futex(0x7f4c07ae36c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f4c07ae36c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5167] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000