./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3722572026 <...> Warning: Permanently added '10.128.0.150' (ED25519) to the list of known hosts. execve("./syz-executor3722572026", ["./syz-executor3722572026"], 0x7ffe7982d210 /* 10 vars */) = 0 brk(NULL) = 0x555579e09000 brk(0x555579e09e00) = 0x555579e09e00 arch_prctl(ARCH_SET_FS, 0x555579e09480) = 0 set_tid_address(0x555579e09750) = 5837 set_robust_list(0x555579e09760, 24) = 0 rseq(0x555579e09da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3722572026", 4096) = 28 getrandom("\xe8\x7e\x7e\x51\x64\x09\xed\xf4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555579e09e00 brk(0x555579e2ae00) = 0x555579e2ae00 brk(0x555579e2b000) = 0x555579e2b000 mprotect(0x7f0fd6bfa000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f0fd6b309a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f0fd6b39860}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f0fd6b309a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f0fd6b39860}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x555579e09750) = 5838 [pid 5838] set_robust_list(0x555579e09760, 24) = 0 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] mkdir("./syzkaller.K7bZll", 0700./strace-static-x86_64: Process 5839 attached [pid 5837] <... clone resumed>, child_tidptr=0x555579e09750) = 5839 [pid 5839] set_robust_list(0x555579e09760, 24 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... set_robust_list resumed>) = 0 [pid 5839] mkdir("./syzkaller.ZM7l9r", 0700 [pid 5838] <... mkdir resumed>) = 0 [pid 5838] chmod("./syzkaller.K7bZll", 0777./strace-static-x86_64: Process 5840 attached [pid 5839] <... mkdir resumed>) = 0 [pid 5838] <... chmod resumed>) = 0 [pid 5837] <... clone resumed>, child_tidptr=0x555579e09750) = 5840 [pid 5840] set_robust_list(0x555579e09760, 24 [pid 5838] chdir("./syzkaller.K7bZll") = 0 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... set_robust_list resumed>) = 0 [pid 5839] chmod("./syzkaller.ZM7l9r", 0777 [pid 5838] mkdir("./0", 0777./strace-static-x86_64: Process 5841 attached [pid 5840] mkdir("./syzkaller.6g3iyP", 0700 [pid 5839] <... chmod resumed>) = 0 [pid 5837] <... clone resumed>, child_tidptr=0x555579e09750) = 5841 [pid 5841] set_robust_list(0x555579e09760, 24 [pid 5839] chdir("./syzkaller.ZM7l9r" [pid 5838] <... mkdir resumed>) = 0 [pid 5841] <... set_robust_list resumed>) = 0 [pid 5839] <... chdir resumed>) = 0 [pid 5839] mkdir("./0", 0777 [pid 5841] mkdir("./syzkaller.Qur9np", 0700 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... mkdir resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5842 attached [pid 5841] <... mkdir resumed>) = 0 [pid 5840] chmod("./syzkaller.6g3iyP", 0777 [pid 5838] <... openat resumed>) = 3 [pid 5841] chmod("./syzkaller.Qur9np", 0777) = 0 [pid 5840] <... chmod resumed>) = 0 [pid 5841] chdir("./syzkaller.Qur9np" [pid 5837] <... clone resumed>, child_tidptr=0x555579e09750) = 5842 [pid 5842] set_robust_list(0x555579e09760, 24 [pid 5840] chdir("./syzkaller.6g3iyP" [pid 5839] <... openat resumed>) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5842] <... set_robust_list resumed>) = 0 [pid 5841] <... chdir resumed>) = 0 [pid 5840] <... chdir resumed>) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5842] mkdir("./syzkaller.gcEeYK", 0700 [pid 5841] mkdir("./0", 0777 [pid 5840] mkdir("./0", 0777 [pid 5839] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5838] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5842] <... mkdir resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5839] close(3 [pid 5838] close(3 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... close resumed>) = 0 [pid 5842] chmod("./syzkaller.gcEeYK", 0777 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... openat resumed>) = 3 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... close resumed>) = 0 [pid 5842] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5843 attached [pid 5842] chdir("./syzkaller.gcEeYK" [pid 5841] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... chdir resumed>) = 0 [pid 5840] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5843 [pid 5841] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5845 attached [pid 5843] set_robust_list(0x555579e09760, 24 [pid 5842] mkdir("./0", 0777 [pid 5841] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5840] close(3 [pid 5845] set_robust_list(0x555579e09760, 24 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5845 [pid 5845] chdir("./0" [pid 5843] chdir("./0" [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] close(3 [pid 5840] <... close resumed>) = 0 [pid 5845] <... chdir resumed>) = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] <... chdir resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5846 attached [pid 5845] setpgid(0, 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] <... setpgid resumed>) = 0 [pid 5842] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5848 attached [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] <... prctl resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5846] set_robust_list(0x555579e09760, 24 [pid 5843] setpgid(0, 0 [pid 5848] set_robust_list(0x555579e09760, 24 [pid 5846] <... set_robust_list resumed>) = 0 [pid 5843] <... setpgid resumed>) = 0 [pid 5846] chdir("./0" [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... set_robust_list resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5848] chdir("./0" [pid 5846] <... chdir resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5846 [pid 5848] <... chdir resumed>) = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] <... openat resumed>) = 3 [pid 5842] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5848 [pid 5845] write(3, "1000", 4 [pid 5843] write(3, "1000", 4 [pid 5842] close(3 [pid 5845] <... write resumed>) = 4 [pid 5846] <... prctl resumed>) = 0 [pid 5845] close(3 [pid 5843] <... write resumed>) = 4 [pid 5842] <... close resumed>) = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5846] setpgid(0, 0 [pid 5845] <... close resumed>) = 0 [pid 5843] close(3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... prctl resumed>) = 0 [pid 5846] <... setpgid resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5848] setpgid(0, 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] symlink("/dev/binderfs", "./binderfs"executing program ./strace-static-x86_64: Process 5849 attached [pid 5848] <... setpgid resumed>) = 0 [pid 5846] <... openat resumed>) = 3 [pid 5845] <... symlink resumed>) = 0 [pid 5843] <... symlink resumed>) = 0 [pid 5849] set_robust_list(0x555579e09760, 24 [pid 5845] write(1, "executing program\n", 18 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] <... write resumed>) = 18 [pid 5849] chdir("./0" [pid 5846] write(3, "1000", 4 [pid 5845] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5849] <... chdir resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5846] <... write resumed>) = 4 [pid 5845] <... bind resumed>) = -1 EBADF (Bad file descriptor) executing program [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] write(3, "1000", 4 [pid 5846] close(3 [pid 5843] write(1, "executing program\n", 18 [pid 5848] <... write resumed>) = 4 [pid 5846] <... close resumed>) = 0 [pid 5843] <... write resumed>) = 18 [pid 5848] close(3 [pid 5846] symlink("/dev/binderfs", "./binderfs" [pid 5843] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5848] <... close resumed>) = 0 [pid 5843] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5845] memfd_create("syzkaller", 0 [pid 5849] <... prctl resumed>) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs" [pid 5846] <... symlink resumed>) = 0 [pid 5843] memfd_create("syzkaller", 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5849 [pid 5849] setpgid(0, 0 [pid 5848] <... symlink resumed>) = 0 [pid 5846] write(1, "executing program\n", 18executing program [pid 5849] <... setpgid resumed>) = 0 [pid 5848] write(1, "executing program\n", 18 [pid 5846] <... write resumed>) = 18 executing program [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... write resumed>) = 18 [pid 5846] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5845] <... memfd_create resumed>) = 3 [pid 5849] <... openat resumed>) = 3 [pid 5848] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5846] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5843] <... memfd_create resumed>) = 3 [pid 5849] write(3, "1000", 4 [pid 5848] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5846] memfd_create("syzkaller", 0 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... write resumed>) = 4 [pid 5848] memfd_create("syzkaller", 0 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] close(3 [pid 5845] <... mmap resumed>) = 0x7f0fce600000 [pid 5849] <... close resumed>) = 0 [pid 5843] <... mmap resumed>) = 0x7f0fce600000 [pid 5849] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... memfd_create resumed>) = 3 [pid 5846] <... memfd_create resumed>) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... mmap resumed>) = 0x7f0fce600000 [pid 5849] <... symlink resumed>) = 0 [pid 5846] <... mmap resumed>) = 0x7f0fce600000 executing program [pid 5849] write(1, "executing program\n", 18) = 18 [pid 5849] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5849] memfd_create("syzkaller", 0) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5845] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5848] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5846] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5849] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5845] <... write resumed>) = 2097152 [pid 5843] <... write resumed>) = 2097152 [pid 5848] <... write resumed>) = 2097152 [pid 5846] <... write resumed>) = 2097152 [pid 5845] munmap(0x7f0fce600000, 138412032 [pid 5843] munmap(0x7f0fce600000, 138412032 [pid 5846] munmap(0x7f0fce600000, 138412032 [pid 5845] <... munmap resumed>) = 0 [pid 5843] <... munmap resumed>) = 0 [pid 5848] munmap(0x7f0fce600000, 138412032 [pid 5843] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5849] <... write resumed>) = 2097152 [pid 5848] <... munmap resumed>) = 0 [pid 5846] <... munmap resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] munmap(0x7f0fce600000, 138412032 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] <... openat resumed>) = 4 [pid 5848] <... openat resumed>) = 4 [pid 5846] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5845] <... openat resumed>) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... munmap resumed>) = 0 [pid 5848] ioctl(4, LOOP_SET_FD, 3 [pid 5849] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_SET_FD, 3 [pid 5846] <... openat resumed>) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... ioctl resumed>) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 5846] ioctl(4, LOOP_SET_FD, 3 [pid 5843] <... ioctl resumed>) = 0 [pid 5849] close(3 [pid 5848] close(3 [pid 5845] <... ioctl resumed>) = 0 [pid 5843] close(3 [pid 5845] close(3 [pid 5843] <... close resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5843] close(4 [pid 5849] close(4 [pid 5848] close(4 [pid 5845] close(4 [pid 5843] <... close resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5843] mkdir("./bus", 0777 [pid 5849] <... close resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5846] <... ioctl resumed>) = 0 [pid 5845] mkdir("./bus", 0777 [pid 5849] mkdir("./bus", 0777 [pid 5848] mkdir("./bus", 0777 [pid 5849] <... mkdir resumed>) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5846] close(3 [pid 5845] <... mkdir resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5849] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5848] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5846] <... close resumed>) = 0 [pid 5845] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5846] close(4) = 0 [pid 5846] mkdir("./bus", 0777) = 0 [pid 5843] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [ 86.496234][ T5843] loop1: detected capacity change from 0 to 4096 [ 86.502225][ T5849] loop4: detected capacity change from 0 to 4096 [ 86.504368][ T5848] loop3: detected capacity change from 0 to 4096 [ 86.516325][ T5845] loop0: detected capacity change from 0 to 4096 [ 86.525890][ T5846] loop2: detected capacity change from 0 to 4096 [pid 5846] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5849] <... mount resumed>) = 0 [pid 5845] <... mount resumed>) = 0 [pid 5843] <... mount resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5845] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5849] <... openat resumed>) = 3 [pid 5845] <... openat resumed>) = 3 [pid 5843] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5845] chdir("./bus" [pid 5843] <... openat resumed>) = 3 [pid 5849] chdir("./bus" [pid 5845] <... chdir resumed>) = 0 [pid 5849] <... chdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] chdir("./bus" [pid 5849] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5845] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... chdir resumed>) = 0 [pid 5849] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5849] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5845] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5843] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5849] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5846] <... mount resumed>) = 0 [pid 5845] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5843] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5849] memfd_create("syzkaller", 0 [pid 5848] <... mount resumed>) = 0 [pid 5845] memfd_create("syzkaller", 0 [pid 5846] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5849] <... memfd_create resumed>) = 4 [pid 5846] <... openat resumed>) = 3 [pid 5845] <... memfd_create resumed>) = 4 [pid 5843] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5849] <... mmap resumed>) = 0x7f0fce600000 [pid 5848] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5846] chdir("./bus" [pid 5845] <... mmap resumed>) = 0x7f0fce600000 [pid 5843] memfd_create("syzkaller", 0 [pid 5849] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5848] <... openat resumed>) = 3 [pid 5846] <... chdir resumed>) = 0 [pid 5845] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5843] <... memfd_create resumed>) = 4 [pid 5848] chdir("./bus" [pid 5846] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... chdir resumed>) = 0 [pid 5846] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... mmap resumed>) = 0x7f0fce600000 [pid 5846] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5849] <... write resumed>) = 32768 [pid 5846] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5846] memfd_create("syzkaller", 0 [pid 5845] <... write resumed>) = 32768 [pid 5843] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5849] munmap(0x7f0fce600000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] munmap(0x7f0fce600000, 138412032 [pid 5848] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] <... memfd_create resumed>) = 4 [pid 5845] <... munmap resumed>) = 0 [pid 5843] <... write resumed>) = 32768 [pid 5849] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] close(4 [pid 5846] <... mmap resumed>) = 0x7f0fce600000 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] munmap(0x7f0fce600000, 138412032 [pid 5849] <... close resumed>) = 0 [pid 5848] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5846] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5845] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... munmap resumed>) = 0 [pid 5848] memfd_create("syzkaller", 0 [pid 5849] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5848] <... memfd_create resumed>) = 4 [pid 5845] close(4 [pid 5843] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5849] <... prlimit64 resumed>NULL) = 0 [pid 5845] <... close resumed>) = 0 [pid 5849] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5843] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5849] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5849] sched_setaffinity(0, 0, NULL [pid 5845] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5843] close(4 [pid 5849] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... prlimit64 resumed>NULL) = 0 [pid 5843] <... close resumed>) = 0 [pid 5849] sched_setscheduler(0, SCHED_RR, NULL [pid 5845] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5849] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5845] sched_setaffinity(0, 0, NULL [pid 5843] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5849] <... openat resumed>) = 4 [pid 5845] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5849] read(4, [pid 5845] sched_setscheduler(0, SCHED_RR, NULL [pid 5843] <... prlimit64 resumed>NULL) = 0 [pid 5845] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5843] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5845] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5843] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... openat resumed>) = 4 [pid 5843] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5843] sched_setscheduler(0, SCHED_RR, NULL [pid 5845] read(4, [pid 5843] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5843] read(4, [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5846] <... write resumed>) = 32768 [pid 5848] <... mmap resumed>) = 0x7f0fce600000 [pid 5848] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5848] munmap(0x7f0fce600000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5846] munmap(0x7f0fce600000, 138412032 [pid 5848] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] close(4) = 0 [pid 5846] <... munmap resumed>) = 0 [pid 5848] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5846] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5848] <... prlimit64 resumed>NULL) = 0 [pid 5848] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5846] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5846] close(4 [pid 5848] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5848] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5846] <... close resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5846] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5848] <... openat resumed>) = 4 [pid 5848] read(4, [pid 5846] <... prlimit64 resumed>NULL) = 0 [pid 5846] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5846] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5846] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5846] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5846] read(4, [pid 5843] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5843] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5843] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5843] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5843] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./0/binderfs") = 0 [pid 5839] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5849] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5849] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5849] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5849] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5839] <... umount2 resumed>) = 0 [pid 5849] exit_group(0 [pid 5839] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... exit_group resumed>) = ? [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] +++ exited with 0 +++ [pid 5839] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [pid 5839] <... openat resumed>) = 4 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, [pid 5842] <... restart_syscall resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5845] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5845] sched_setaffinity(0, 0, NULL [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] rmdir("./0/bus" [pid 5845] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5842] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... rmdir resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5845] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5845] rename(NULL, NULL [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5842] getdents64(3, [pid 5845] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] <... openat resumed>) = 5 [pid 5842] unlink("./0/binderfs" [pid 5839] getdents64(3, [pid 5842] <... unlink resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./0" [pid 5842] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] exit_group(0 [pid 5839] <... rmdir resumed>) = 0 [pid 5845] <... exit_group resumed>) = ? [pid 5839] mkdir("./1", 0777) = 0 [pid 5845] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5842] <... umount2 resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5842] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] close(3 [pid 5842] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5848] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5848] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5846] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5846] sched_setaffinity(0, 0, NULL [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] rename(NULL, NULL [pid 5846] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5848] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5842] getdents64(4, [pid 5848] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5846] rename(NULL, NULL [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5846] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5846] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] getdents64(4, [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] close(4 [pid 5838] <... openat resumed>) = 3 [pid 5842] <... close resumed>) = 0 [pid 5838] newfstatat(3, "", [pid 5842] rmdir("./0/bus") = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5846] <... openat resumed>) = 5 [pid 5848] <... openat resumed>) = 5 [pid 5842] getdents64(3, [pid 5838] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5842] close(3 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... close resumed>) = 0 [pid 5838] unlink("./0/binderfs") = 0 [pid 5842] rmdir("./0" [pid 5838] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] exit_group(0 [pid 5842] <... rmdir resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5848] exit_group(0 [pid 5846] <... exit_group resumed>) = ? [pid 5846] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5848] <... exit_group resumed>) = ? [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5848] +++ exited with 0 +++ [pid 5842] mkdir("./1", 0777 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5840] <... restart_syscall resumed>) = 0 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... mkdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... openat resumed>) = 3 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5841] newfstatat(3, "", [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5842] <... openat resumed>) = 3 [pid 5841] getdents64(3, [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5841] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./0/binderfs" [pid 5841] unlink("./0/binderfs" [pid 5840] <... unlink resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5841] <... unlink resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] close(3 [pid 5838] <... umount2 resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached , child_tidptr=0x555579e09750) = 5853 [pid 5838] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... openat resumed>) = 4 [pid 5853] set_robust_list(0x555579e09760, 24 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = 0 [pid 5838] newfstatat(4, "", [pid 5841] newfstatat(AT_FDCWD, "./0/bus", [pid 5853] <... set_robust_list resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] getdents64(4, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./0/bus", [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] getdents64(4, [pid 5841] <... openat resumed>) = 4 [pid 5840] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] newfstatat(4, "", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... close resumed>) = 0 [pid 5853] chdir("./1" [pid 5841] getdents64(4, [pid 5840] <... openat resumed>) = 4 [pid 5838] rmdir("./0/bus" [pid 5853] <... chdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] newfstatat(4, "", [pid 5838] <... rmdir resumed>) = 0 [pid 5841] getdents64(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] getdents64(4, [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] close(3 [pid 5841] <... close resumed>) = 0 [pid 5840] getdents64(4, [pid 5841] rmdir("./0/bus" [pid 5838] <... close resumed>) = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] getdents64(3, [pid 5838] rmdir("./0" [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5841] close(3 [pid 5838] <... rmdir resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] rmdir("./0" [pid 5838] mkdir("./1", 0777 [pid 5853] <... prctl resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] rmdir("./0/bus" [pid 5838] <... mkdir resumed>) = 0 [pid 5853] setpgid(0, 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] mkdir("./1", 0777 [pid 5840] <... rmdir resumed>) = 0 [pid 5853] <... setpgid resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5854 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] getdents64(3, [pid 5838] <... openat resumed>) = 3 [pid 5853] <... openat resumed>) = 3 [pid 5841] <... openat resumed>) = 3 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] close(3 [pid 5841] <... ioctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] close(3 [pid 5840] rmdir("./0" [pid 5838] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5854 attached [pid 5853] write(3, "1000", 4 [pid 5840] <... rmdir resumed>) = 0 [pid 5838] <... ioctl resumed>) = 0 [pid 5854] set_robust_list(0x555579e09760, 24 [pid 5853] <... write resumed>) = 4 [pid 5840] mkdir("./1", 0777 [pid 5838] close(3 [pid 5853] close(3 [pid 5840] <... mkdir resumed>) = 0 [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] <... close resumed>) = 0 [pid 5854] chdir("./1" [pid 5853] symlink("/dev/binderfs", "./binderfs" [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5854] <... chdir resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5854] <... prctl resumed>) = 0 [pid 5853] <... symlink resumed>) = 0 [pid 5854] setpgid(0, 0 [pid 5853] write(1, "executing program\n", 18 [pid 5840] <... ioctl resumed>) = 0 [pid 5854] <... setpgid resumed>) = 0 [pid 5840] close(3executing program executing program [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5853] <... write resumed>) = 18 [pid 5854] <... openat resumed>) = 3 [pid 5853] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] write(1, "executing program\n", 18) = 18 [pid 5853] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5854] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5854] memfd_create("syzkaller", 0) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5841] <... close resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached ./strace-static-x86_64: Process 5855 attached ./strace-static-x86_64: Process 5857 attached [pid 5856] set_robust_list(0x555579e09760, 24 [pid 5855] set_robust_list(0x555579e09760, 24 [pid 5853] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5856 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5855 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5856] chdir("./1" [pid 5855] chdir("./1" [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5857 [pid 5856] <... chdir resumed>) = 0 [pid 5855] <... chdir resumed>) = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] set_robust_list(0x555579e09760, 24 [pid 5855] write(3, "1000", 4 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5855] <... write resumed>) = 4 [pid 5857] chdir("./1" [pid 5855] close(3) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5857] <... chdir resumed>) = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC executing program [pid 5855] write(1, "executing program\n", 18) = 18 [pid 5855] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5857] <... openat resumed>) = 3 [pid 5855] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5855] memfd_create("syzkaller", 0 [pid 5857] write(3, "1000", 4 [pid 5856] <... prctl resumed>) = 0 [pid 5854] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5856] setpgid(0, 0) = 0 [pid 5857] <... write resumed>) = 4 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5855] <... memfd_create resumed>) = 3 [pid 5857] close(3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5857] <... close resumed>) = 0 [pid 5855] <... mmap resumed>) = 0x7f0fce600000 [pid 5857] symlink("/dev/binderfs", "./binderfs" [pid 5856] <... openat resumed>) = 3 [pid 5857] <... symlink resumed>) = 0 [pid 5856] write(3, "1000", 4) = 4 executing program [pid 5857] write(1, "executing program\n", 18 [pid 5856] close(3) = 0 [pid 5857] <... write resumed>) = 18 [pid 5857] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5857] memfd_create("syzkaller", 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5857] <... memfd_create resumed>) = 3 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5856] write(1, "executing program\n", 18executing program ) = 18 [pid 5856] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5853] <... write resumed>) = 2097152 [pid 5856] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5856] memfd_create("syzkaller", 0 [pid 5853] munmap(0x7f0fce600000, 138412032 [pid 5856] <... memfd_create resumed>) = 3 [pid 5853] <... munmap resumed>) = 0 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5855] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5854] <... write resumed>) = 2097152 [pid 5854] munmap(0x7f0fce600000, 138412032 [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./bus", 0777 [pid 5854] <... munmap resumed>) = 0 [pid 5853] <... mkdir resumed>) = 0 [pid 5857] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5854] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5853] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5854] <... openat resumed>) = 4 [ 88.111569][ T5853] loop1: detected capacity change from 0 to 4096 [pid 5854] ioctl(4, LOOP_SET_FD, 3 [pid 5857] <... write resumed>) = 2097152 [pid 5855] <... write resumed>) = 2097152 [pid 5854] <... ioctl resumed>) = 0 [pid 5856] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5855] munmap(0x7f0fce600000, 138412032 [pid 5854] close(3 [pid 5853] <... mount resumed>) = 0 [pid 5854] <... close resumed>) = 0 [ 88.152359][ T5854] loop4: detected capacity change from 0 to 4096 [pid 5854] close(4 [pid 5857] munmap(0x7f0fce600000, 138412032 [pid 5855] <... munmap resumed>) = 0 [pid 5854] <... close resumed>) = 0 [pid 5853] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./bus") = 0 [pid 5854] mkdir("./bus", 0777 [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5853] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5854] <... mkdir resumed>) = 0 [pid 5853] memfd_create("syzkaller", 0) = 4 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5853] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5857] <... munmap resumed>) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5855] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5854] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5853] munmap(0x7f0fce600000, 138412032 [pid 5857] <... openat resumed>) = 4 [pid 5855] <... openat resumed>) = 4 [pid 5853] <... munmap resumed>) = 0 [pid 5857] ioctl(4, LOOP_SET_FD, 3 [pid 5855] ioctl(4, LOOP_SET_FD, 3 [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5853] close(4) = 0 [pid 5853] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5853] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5853] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5853] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5853] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5853] read(4, [pid 5855] <... ioctl resumed>) = 0 [pid 5855] close(3) = 0 [pid 5855] close(4 [pid 5857] <... ioctl resumed>) = 0 [pid 5855] <... close resumed>) = 0 [pid 5857] close(3 [pid 5855] mkdir("./bus", 0777 [pid 5857] <... close resumed>) = 0 [pid 5857] close(4 [pid 5855] <... mkdir resumed>) = 0 [pid 5857] <... close resumed>) = 0 [pid 5855] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5856] <... write resumed>) = 2097152 [pid 5856] munmap(0x7f0fce600000, 138412032 [ 88.245687][ T5855] loop3: detected capacity change from 0 to 4096 [ 88.264344][ T5857] loop2: detected capacity change from 0 to 4096 [pid 5857] mkdir("./bus", 0777 [pid 5856] <... munmap resumed>) = 0 [pid 5857] <... mkdir resumed>) = 0 [pid 5857] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] <... mount resumed>) = 0 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5854] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5856] mkdir("./bus", 0777) = 0 [pid 5854] <... openat resumed>) = 3 [pid 5854] chdir("./bus") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5854] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5854] memfd_create("syzkaller", 0) = 4 [ 88.324913][ T5856] loop0: detected capacity change from 0 to 4096 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5857] <... mount resumed>) = 0 [pid 5854] <... mmap resumed>) = 0x7f0fce600000 [pid 5855] <... mount resumed>) = 0 [pid 5854] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5857] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5855] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5854] <... write resumed>) = 32768 [pid 5857] <... openat resumed>) = 3 [pid 5855] <... openat resumed>) = 3 [pid 5854] munmap(0x7f0fce600000, 138412032) = 0 [pid 5855] chdir("./bus" [pid 5857] chdir("./bus" [pid 5854] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5855] <... chdir resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5857] <... chdir resumed>) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5854] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5855] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5857] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5857] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5855] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5854] close(4 [pid 5856] <... mount resumed>) = 0 [pid 5856] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./bus") = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5856] memfd_create("syzkaller", 0 [pid 5857] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5856] <... memfd_create resumed>) = 4 [pid 5855] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5854] <... close resumed>) = 0 [pid 5857] memfd_create("syzkaller", 0 [pid 5856] <... mmap resumed>) = 0x7f0fce600000 [pid 5855] memfd_create("syzkaller", 0 [pid 5857] <... memfd_create resumed>) = 4 [pid 5856] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5855] <... memfd_create resumed>) = 4 [pid 5854] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5854] <... prlimit64 resumed>NULL) = 0 [pid 5857] <... mmap resumed>) = 0x7f0fce600000 [pid 5856] <... write resumed>) = 32768 [pid 5856] munmap(0x7f0fce600000, 138412032 [pid 5855] <... mmap resumed>) = 0x7f0fce600000 [pid 5857] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5856] <... munmap resumed>) = 0 [pid 5854] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5857] <... write resumed>) = 32768 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] close(4 [pid 5857] munmap(0x7f0fce600000, 138412032 [pid 5856] <... close resumed>) = 0 [pid 5855] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5854] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5857] <... munmap resumed>) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5856] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5854] sched_setaffinity(0, 0, NULL [pid 5857] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5856] <... prlimit64 resumed>NULL) = 0 [pid 5857] close(4 [pid 5854] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5856] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5857] <... close resumed>) = 0 [pid 5854] sched_setscheduler(0, SCHED_RR, NULL [pid 5855] <... write resumed>) = 32768 [pid 5854] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5856] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5856] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5856] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5854] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5856] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5854] <... openat resumed>) = 4 [pid 5857] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5856] <... openat resumed>) = 4 [pid 5855] munmap(0x7f0fce600000, 138412032 [pid 5854] read(4, [pid 5856] read(4, [pid 5857] <... prlimit64 resumed>NULL) = 0 [pid 5855] <... munmap resumed>) = 0 [pid 5857] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5855] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5857] sched_setaffinity(0, 0, NULL [pid 5855] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5857] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5855] close(4 [pid 5857] sched_setscheduler(0, SCHED_RR, NULL [pid 5855] <... close resumed>) = 0 [pid 5857] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5855] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5857] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5855] <... prlimit64 resumed>NULL) = 0 [pid 5857] <... openat resumed>) = 4 [pid 5855] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5855] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5855] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5855] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5857] read(4, [pid 5855] <... openat resumed>) = 4 [pid 5855] read(4, [pid 5853] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5853] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5853] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5853] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5853] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5853] exit_group(0) = ? [pid 5853] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./1/binderfs") = 0 [pid 5839] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5839] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5857] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5857] sched_setaffinity(0, 0, NULL [pid 5839] <... openat resumed>) = 4 [pid 5857] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(4, "", [pid 5857] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5857] rename(NULL, NULL [pid 5839] getdents64(4, [pid 5857] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5857] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./1/bus" [pid 5857] <... openat resumed>) = 5 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, [pid 5857] exit_group(0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5857] <... exit_group resumed>) = ? [pid 5839] <... close resumed>) = 0 [pid 5857] +++ exited with 0 +++ [pid 5839] rmdir("./1" [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./2", 0777) = 0 [pid 5840] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] newfstatat(3, "", [pid 5839] <... openat resumed>) = 3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5840] getdents64(3, [pid 5839] <... ioctl resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] close(3 [pid 5840] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./1/binderfs") = 0 [pid 5840] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5839] <... close resumed>) = 0 [pid 5854] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached [pid 5840] newfstatat(AT_FDCWD, "./1/bus", [pid 5858] set_robust_list(0x555579e09760, 24 [pid 5854] sched_setaffinity(0, 0, NULL [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5854] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5854] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5854] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5858] <... set_robust_list resumed>) = 0 [pid 5854] rename(NULL, NULL [pid 5858] chdir("./2" [pid 5854] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] <... openat resumed>) = 4 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5858 [pid 5858] <... chdir resumed>) = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] newfstatat(4, "", [pid 5858] <... prctl resumed>) = 0 [pid 5858] setpgid(0, 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5854] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./1/bus") = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./1") = 0 [pid 5840] mkdir("./2", 0777 [pid 5858] <... setpgid resumed>) = 0 [pid 5854] <... openat resumed>) = 5 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5855] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5858] <... openat resumed>) = 3 [pid 5840] <... mkdir resumed>) = 0 [pid 5854] exit_group(0) = ? [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5854] +++ exited with 0 +++ [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5855] sched_setaffinity(0, 0, NULL [pid 5840] close(3 [pid 5858] write(3, "1000", 4 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5858] <... write resumed>) = 4 [pid 5855] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... restart_syscall resumed>) = 0 [pid 5855] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5855] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5842] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5855] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5858] close(3 [pid 5842] <... openat resumed>) = 3 [pid 5858] <... close resumed>) = 0 [pid 5842] newfstatat(3, "", [pid 5858] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5858] <... symlink resumed>) = 0 [pid 5842] getdents64(3, executing program [pid 5858] write(1, "executing program\n", 18 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5858] <... write resumed>) = 18 [pid 5842] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5858] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./1/binderfs" [pid 5858] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... unlink resumed>) = 0 [pid 5842] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5855] <... openat resumed>) = 5 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5858] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5859 attached ) = 3 [pid 5855] exit_group(0 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] set_robust_list(0x555579e09760, 24 [pid 5858] <... mmap resumed>) = 0x7f0fce600000 [pid 5855] <... exit_group resumed>) = ? [pid 5859] <... set_robust_list resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5859] chdir("./2" [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5859 [pid 5859] <... chdir resumed>) = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4 [pid 5855] +++ exited with 0 +++ [pid 5842] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5859] <... write resumed>) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- [pid 5842] newfstatat(AT_FDCWD, "./1/bus", [pid 5859] close(3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5859] <... close resumed>) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5859] write(1, "executing program\n", 18) = 18 executing program [pid 5859] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5842] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5859] memfd_create("syzkaller", 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... openat resumed>) = 3 [pid 5842] <... openat resumed>) = 4 [pid 5841] newfstatat(3, "", [pid 5842] newfstatat(4, "", [pid 5859] <... memfd_create resumed>) = 3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 5841] getdents64(3, [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 5841] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./1/bus") = 0 [pid 5841] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5842] getdents64(3, [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] unlink("./1/binderfs" [pid 5842] close(3 [pid 5841] <... unlink resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5841] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] rmdir("./1") = 0 [pid 5842] mkdir("./2", 0777 [pid 5858] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5859] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./1/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./1") = 0 [pid 5841] mkdir("./2", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5859] <... write resumed>) = 2097152 [pid 5856] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] <... close resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5859] munmap(0x7f0fce600000, 138412032 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5860 attached [pid 5841] close(3 [pid 5856] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5856] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5856] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5856] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5860] set_robust_list(0x555579e09760, 24 [pid 5859] <... munmap resumed>) = 0 [pid 5856] <... openat resumed>) = 5 [pid 5856] exit_group(0) = ? [pid 5860] <... set_robust_list resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5860 [pid 5858] <... write resumed>) = 2097152 [pid 5858] munmap(0x7f0fce600000, 138412032 [pid 5859] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5860] chdir("./2" [pid 5859] <... openat resumed>) = 4 [pid 5860] <... chdir resumed>) = 0 [pid 5859] ioctl(4, LOOP_SET_FD, 3 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4 [pid 5856] +++ exited with 0 +++ [pid 5860] <... write resumed>) = 4 [pid 5860] close(3 [pid 5858] <... munmap resumed>) = 0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- [pid 5860] <... close resumed>) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5859] <... ioctl resumed>) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] <... close resumed>) = 0 [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5859] close(3 [pid 5858] <... openat resumed>) = 4 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5859] <... close resumed>) = 0 [pid 5858] ioctl(4, LOOP_SET_FD, 3 [pid 5859] close(4 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5860] write(1, "executing program\n", 18executing program ) = 18 [pid 5860] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5859] <... close resumed>) = 0 [pid 5860] memfd_create("syzkaller", 0 [pid 5859] mkdir("./bus", 0777 [pid 5858] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5861 attached [pid 5861] set_robust_list(0x555579e09760, 24 [pid 5859] <... mkdir resumed>) = 0 [pid 5858] close(3 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5861 [pid 5838] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5861] <... set_robust_list resumed>) = 0 [pid 5860] <... memfd_create resumed>) = 3 [pid 5858] <... close resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5859] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5858] close(4 [pid 5838] <... openat resumed>) = 3 [pid 5861] chdir("./2" [pid 5858] <... close resumed>) = 0 [pid 5838] newfstatat(3, "", [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5861] <... chdir resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5860] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5861] <... prctl resumed>) = 0 [pid 5858] mkdir("./bus", 0777 [pid 5838] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5861] setpgid(0, 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5858] <... mkdir resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5861] <... setpgid resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5858] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5838] unlink("./1/binderfs" [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... unlink resumed>) = 0 [pid 5861] <... openat resumed>) = 3 [pid 5861] write(3, "1000", 4 [pid 5838] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5861] <... write resumed>) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5861] write(1, "executing program\n", 18) = 18 [pid 5861] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [ 89.371917][ T5859] loop2: detected capacity change from 0 to 4096 [ 89.406043][ T5858] loop1: detected capacity change from 0 to 4096 [pid 5861] memfd_create("syzkaller", 0) = 3 [pid 5838] <... umount2 resumed>) = 0 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5859] <... mount resumed>) = 0 [pid 5838] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5859] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5860] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5859] <... openat resumed>) = 3 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./1/bus", [pid 5859] chdir("./bus" [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5859] <... chdir resumed>) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5859] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5858] <... mount resumed>) = 0 [pid 5838] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5859] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5859] memfd_create("syzkaller", 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5859] <... memfd_create resumed>) = 4 [pid 5838] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... openat resumed>) = 4 [pid 5859] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] newfstatat(4, "", [pid 5859] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5858] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5858] <... openat resumed>) = 3 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5859] <... write resumed>) = 32768 [pid 5858] chdir("./bus" [pid 5838] getdents64(4, [pid 5859] munmap(0x7f0fce600000, 138412032 [pid 5858] <... chdir resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5859] <... munmap resumed>) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5838] close(4 [pid 5858] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... close resumed>) = 0 [pid 5858] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] rmdir("./1/bus" [pid 5858] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5858] memfd_create("syzkaller", 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5858] <... memfd_create resumed>) = 4 [pid 5838] getdents64(3, [pid 5859] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5859] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5861] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5859] close(4 [pid 5858] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] close(3) = 0 [pid 5859] <... close resumed>) = 0 [pid 5858] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] rmdir("./1" [pid 5859] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5858] <... write resumed>) = 32768 [pid 5859] <... prlimit64 resumed>NULL) = 0 [pid 5858] munmap(0x7f0fce600000, 138412032 [pid 5838] <... rmdir resumed>) = 0 [pid 5859] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5858] <... munmap resumed>) = 0 [pid 5859] sched_setaffinity(0, 0, NULL [pid 5858] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5838] mkdir("./2", 0777 [pid 5859] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5859] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5838] <... mkdir resumed>) = 0 [pid 5859] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5858] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5859] <... openat resumed>) = 4 [pid 5858] close(4 [pid 5838] <... openat resumed>) = 3 [pid 5860] <... write resumed>) = 2097152 [pid 5859] read(4, [pid 5858] <... close resumed>) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5860] munmap(0x7f0fce600000, 138412032 [pid 5858] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5860] <... munmap resumed>) = 0 [pid 5858] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5858] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5858] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5858] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5858] read(4, [pid 5838] <... close resumed>) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached [pid 5860] <... openat resumed>) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3 [pid 5862] set_robust_list(0x555579e09760, 24) = 0 [pid 5862] chdir("./2") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5862 [pid 5862] <... openat resumed>) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5861] <... write resumed>) = 2097152 executing program [pid 5862] write(1, "executing program\n", 18 [pid 5861] munmap(0x7f0fce600000, 138412032 [pid 5862] <... write resumed>) = 18 [pid 5862] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5862] memfd_create("syzkaller", 0 [pid 5860] <... ioctl resumed>) = 0 [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] mkdir("./bus", 0777) = 0 [pid 5862] <... memfd_create resumed>) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5861] <... munmap resumed>) = 0 [pid 5860] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5861] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 89.616127][ T5860] loop4: detected capacity change from 0 to 4096 [pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] <... mount resumed>) = 0 [pid 5861] close(3 [pid 5860] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5861] <... close resumed>) = 0 [pid 5861] close(4 [pid 5860] <... openat resumed>) = 3 [pid 5860] chdir("./bus") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5861] <... close resumed>) = 0 [pid 5860] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5861] mkdir("./bus", 0777 [pid 5860] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5861] <... mkdir resumed>) = 0 [pid 5860] memfd_create("syzkaller", 0 [pid 5861] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5860] <... memfd_create resumed>) = 4 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5860] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5860] munmap(0x7f0fce600000, 138412032) = 0 [ 89.676180][ T5861] loop3: detected capacity change from 0 to 4096 [pid 5860] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5860] close(4) = 0 [pid 5860] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5860] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5860] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5860] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5862] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5860] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5860] read(4, [pid 5861] <... mount resumed>) = 0 [pid 5861] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5861] chdir("./bus") = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5861] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5861] memfd_create("syzkaller", 0) = 4 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5861] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5861] munmap(0x7f0fce600000, 138412032) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5861] close(4) = 0 [pid 5862] <... write resumed>) = 2097152 [pid 5861] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5862] munmap(0x7f0fce600000, 138412032 [pid 5861] <... prlimit64 resumed>NULL) = 0 [pid 5861] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5861] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5861] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5861] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5861] read(4, [pid 5862] <... munmap resumed>) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] close(4) = 0 [pid 5862] mkdir("./bus", 0777) = 0 [ 89.993850][ T5862] loop0: detected capacity change from 0 to 4096 [pid 5862] mount("/dev/loop0", "./bus", "ntfs3", 0, "") = 0 [pid 5862] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./bus") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5862] memfd_create("syzkaller", 0) = 4 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5862] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5862] munmap(0x7f0fce600000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] close(4) = 0 [pid 5862] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5862] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5862] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5862] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5862] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5862] read(4, [pid 5861] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5861] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5861] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5861] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5861] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5861] exit_group(0) = ? [pid 5861] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5841] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5859] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5859] sched_setaffinity(0, 0, NULL [pid 5841] getdents64(3, [pid 5859] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5859] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5841] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5859] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5859] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./2/binderfs") = 0 [pid 5858] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5858] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5859] <... openat resumed>) = 5 [pid 5858] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5841] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5859] exit_group(0 [pid 5858] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5858] rename(NULL, NULL [pid 5859] <... exit_group resumed>) = ? [pid 5858] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5858] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./2/bus", [pid 5858] <... openat resumed>) = 5 [pid 5858] exit_group(0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5859] +++ exited with 0 +++ [pid 5858] <... exit_group resumed>) = ? [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5841] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5858] +++ exited with 0 +++ [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./2/bus" [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- [pid 5841] <... rmdir resumed>) = 0 [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(3, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] close(3 [pid 5839] <... openat resumed>) = 3 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./2" [pid 5839] newfstatat(3, "", [pid 5860] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5860] sched_setaffinity(0, 0, NULL [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5860] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(3, [pid 5839] getdents64(3, [pid 5860] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5841] mkdir("./3", 0777 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5860] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] <... mkdir resumed>) = 0 [pid 5839] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5860] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5860] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5840] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5840] unlink("./2/binderfs" [pid 5839] unlink("./2/binderfs" [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] <... unlink resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5840] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] close(3 [pid 5839] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5860] <... openat resumed>) = 5 [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5860] exit_group(0) = ? [pid 5860] +++ exited with 0 +++ [pid 5840] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./2/bus", [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] newfstatat(AT_FDCWD, "./2/bus", [pid 5842] <... openat resumed>) = 3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] newfstatat(3, "", [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] getdents64(3, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... openat resumed>) = 4 [pid 5840] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] newfstatat(4, "", [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] <... openat resumed>) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(4, "", [pid 5839] getdents64(4, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5840] getdents64(4, [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./2/binderfs" [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] close(4 [pid 5840] getdents64(4, [pid 5839] <... close resumed>) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5842] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] rmdir("./2/bus" [pid 5840] close(4 [pid 5839] <... rmdir resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5839] getdents64(3, [pid 5840] rmdir("./2/bus" [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./2" [pid 5842] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... rmdir resumed>) = 0 [pid 5862] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] newfstatat(AT_FDCWD, "./2/bus", [pid 5841] <... close resumed>) = 0 [pid 5840] getdents64(3, [pid 5839] mkdir("./3", 0777 [pid 5862] sched_setaffinity(0, 0, NULL [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5862] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(3 [pid 5862] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] <... close resumed>) = 0 [pid 5862] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] rmdir("./2"./strace-static-x86_64: Process 5863 attached [pid 5862] rename(NULL, NULL [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... rmdir resumed>) = 0 [pid 5863] set_robust_list(0x555579e09760, 24 [pid 5862] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] mkdir("./3", 0777 [pid 5863] <... set_robust_list resumed>) = 0 [pid 5862] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] <... mkdir resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5863] chdir("./3" [pid 5842] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5863 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 5839] <... openat resumed>) = 3 [pid 5863] <... chdir resumed>) = 0 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5842] getdents64(4, [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... ioctl resumed>) = 0 [pid 5863] <... prctl resumed>) = 0 [pid 5862] <... openat resumed>) = 5 [pid 5842] close(4 [pid 5840] <... openat resumed>) = 3 [pid 5863] setpgid(0, 0) = 0 [pid 5842] <... close resumed>) = 0 [pid 5839] close(3 [pid 5842] rmdir("./2/bus" [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5862] exit_group(0 [pid 5840] <... ioctl resumed>) = 0 [pid 5863] <... openat resumed>) = 3 [pid 5862] <... exit_group resumed>) = ? [pid 5840] close(3 [pid 5863] write(3, "1000", 4 [pid 5842] <... rmdir resumed>) = 0 [pid 5863] <... write resumed>) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5863] write(1, "executing program\n", 18) = 18 [pid 5863] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) executing program [pid 5863] memfd_create("syzkaller", 0 [pid 5862] +++ exited with 0 +++ [pid 5842] getdents64(3, [pid 5863] <... memfd_create resumed>) = 3 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5863] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] close(3 [pid 5838] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... close resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./2/binderfs") = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5864 attached [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./2" [pid 5864] set_robust_list(0x555579e09760, 24) = 0 [pid 5864] chdir("./3" [pid 5842] <... rmdir resumed>) = 0 [pid 5842] mkdir("./3", 0777 [pid 5864] <... chdir resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5864 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... mkdir resumed>) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5864] <... prctl resumed>) = 0 [pid 5864] setpgid(0, 0 [pid 5842] <... openat resumed>) = 3 [pid 5864] <... setpgid resumed>) = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5838] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 5864] write(3, "1000", 4 [pid 5842] <... ioctl resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./2/bus", [pid 5842] close(3 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5864] <... write resumed>) = 4 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5864] close(3 [pid 5838] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5864] <... close resumed>) = 0 [pid 5838] <... openat resumed>) = 4 [pid 5864] symlink("/dev/binderfs", "./binderfs" [pid 5838] newfstatat(4, "", [pid 5864] <... symlink resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5864] write(1, "executing program\n", 18 [pid 5838] close(4 [pid 5864] <... write resumed>) = 18 [pid 5838] <... close resumed>) = 0 [pid 5864] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5838] rmdir("./2/bus"./strace-static-x86_64: Process 5865 attached [pid 5864] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] <... rmdir resumed>) = 0 [pid 5864] memfd_create("syzkaller", 0 [pid 5865] set_robust_list(0x555579e09760, 24 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5865 [pid 5838] getdents64(3, [pid 5865] <... set_robust_list resumed>) = 0 [pid 5864] <... memfd_create resumed>) = 3 [pid 5865] chdir("./3" [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5865] <... chdir resumed>) = 0 [pid 5864] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] close(3 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./2") = 0 [pid 5838] mkdir("./3", 0777) = 0 [pid 5865] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... openat resumed>) = 3 [pid 5865] <... openat resumed>) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5865] write(3, "1000", 4 [pid 5842] <... close resumed>) = 0 [pid 5865] <... write resumed>) = 4 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached [pid 5865] close(3 [pid 5866] set_robust_list(0x555579e09760, 24 [pid 5865] <... close resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5866 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5865] symlink("/dev/binderfs", "./binderfs" [pid 5866] chdir("./3" [pid 5865] <... symlink resumed>) = 0 [pid 5866] <... chdir resumed>) = 0 executing program [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5865] write(1, "executing program\n", 18) = 18 [pid 5866] <... prctl resumed>) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5865] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5865] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5866] <... openat resumed>) = 3 [pid 5865] memfd_create("syzkaller", 0 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs" [pid 5865] <... memfd_create resumed>) = 3 [pid 5866] <... symlink resumed>) = 0 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 5866] write(1, "executing program\n", 18 [pid 5865] <... mmap resumed>) = 0x7f0fce600000 [pid 5866] <... write resumed>) = 18 [pid 5866] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5864] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5863] <... write resumed>) = 2097152 [pid 5866] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] <... close resumed>) = 0 [pid 5866] memfd_create("syzkaller", 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5866] <... memfd_create resumed>) = 3 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5867 ./strace-static-x86_64: Process 5867 attached [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5863] munmap(0x7f0fce600000, 138412032 [pid 5867] set_robust_list(0x555579e09760, 24 [pid 5863] <... munmap resumed>) = 0 [pid 5867] <... set_robust_list resumed>) = 0 [pid 5865] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5867] chdir("./3") = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5863] ioctl(4, LOOP_SET_FD, 3 [pid 5867] setpgid(0, 0) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5864] <... write resumed>) = 2097152 [pid 5864] munmap(0x7f0fce600000, 138412032 [pid 5867] <... openat resumed>) = 3 [pid 5863] <... ioctl resumed>) = 0 [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3 [pid 5863] close(3 [pid 5867] <... close resumed>) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs" [pid 5863] <... close resumed>) = 0 [pid 5863] close(4) = 0 [pid 5863] mkdir("./bus", 0777) = 0 [pid 5867] <... symlink resumed>) = 0 executing program [pid 5867] write(1, "executing program\n", 18 [pid 5866] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5867] <... write resumed>) = 18 [pid 5863] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5867] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5867] memfd_create("syzkaller", 0 [pid 5864] <... munmap resumed>) = 0 [pid 5867] <... memfd_create resumed>) = 3 [pid 5865] <... write resumed>) = 2097152 [pid 5864] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5864] <... openat resumed>) = 4 [ 90.871724][ T5863] loop3: detected capacity change from 0 to 4096 [pid 5867] <... mmap resumed>) = 0x7f0fce600000 [pid 5864] ioctl(4, LOOP_SET_FD, 3 [pid 5866] <... write resumed>) = 2097152 [pid 5864] <... ioctl resumed>) = 0 [pid 5865] munmap(0x7f0fce600000, 138412032 [pid 5864] close(3 [pid 5865] <... munmap resumed>) = 0 [pid 5864] <... close resumed>) = 0 [pid 5864] close(4) = 0 [pid 5864] mkdir("./bus", 0777 [pid 5865] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5864] <... mkdir resumed>) = 0 [pid 5864] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5866] munmap(0x7f0fce600000, 138412032) = 0 [pid 5865] <... openat resumed>) = 4 [pid 5863] <... mount resumed>) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5867] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5865] ioctl(4, LOOP_SET_FD, 3 [ 90.931884][ T5864] loop2: detected capacity change from 0 to 4096 [pid 5863] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5866] <... openat resumed>) = 4 [pid 5863] <... openat resumed>) = 3 [pid 5865] <... ioctl resumed>) = 0 [pid 5863] chdir("./bus" [pid 5865] close(3 [pid 5863] <... chdir resumed>) = 0 [pid 5865] <... close resumed>) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5865] close(4 [pid 5866] ioctl(4, LOOP_SET_FD, 3 [pid 5865] <... close resumed>) = 0 [pid 5863] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] mkdir("./bus", 0777 [pid 5863] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5865] <... mkdir resumed>) = 0 [pid 5863] memfd_create("syzkaller", 0) = 4 [pid 5865] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5866] <... ioctl resumed>) = 0 [pid 5864] <... mount resumed>) = 0 [pid 5863] <... mmap resumed>) = 0x7f0fce600000 [pid 5867] <... write resumed>) = 2097152 [pid 5866] close(3 [pid 5864] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5863] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [ 90.988208][ T5865] loop1: detected capacity change from 0 to 4096 [ 91.002832][ T5866] loop4: detected capacity change from 0 to 4096 [pid 5867] munmap(0x7f0fce600000, 138412032 [pid 5866] <... close resumed>) = 0 [pid 5864] <... openat resumed>) = 3 [pid 5863] <... write resumed>) = 32768 [pid 5867] <... munmap resumed>) = 0 [pid 5866] close(4 [pid 5864] chdir("./bus" [pid 5863] munmap(0x7f0fce600000, 138412032) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5863] close(4 [pid 5864] <... chdir resumed>) = 0 [pid 5863] <... close resumed>) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5863] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5863] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5864] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5863] sched_setaffinity(0, 0, NULL [pid 5864] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5863] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5864] memfd_create("syzkaller", 0 [pid 5863] sched_setscheduler(0, SCHED_RR, NULL [pid 5864] <... memfd_create resumed>) = 4 [pid 5863] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5866] <... close resumed>) = 0 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5863] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5866] mkdir("./bus", 0777 [pid 5864] <... mmap resumed>) = 0x7f0fce600000 [pid 5863] <... openat resumed>) = 4 [pid 5866] <... mkdir resumed>) = 0 [pid 5864] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5863] read(4, [pid 5866] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5864] <... write resumed>) = 32768 [pid 5864] munmap(0x7f0fce600000, 138412032) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5864] close(4 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5864] <... close resumed>) = 0 [pid 5867] <... openat resumed>) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3 [pid 5865] <... mount resumed>) = 0 [pid 5864] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5865] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5864] <... prlimit64 resumed>NULL) = 0 [pid 5864] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5865] <... openat resumed>) = 3 [pid 5864] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5864] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5864] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5864] read(4, [pid 5867] <... ioctl resumed>) = 0 [pid 5865] chdir("./bus" [pid 5867] close(3 [pid 5865] <... chdir resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 5867] close(4) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5867] mkdir("./bus", 0777 [pid 5865] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 91.069894][ T5867] loop0: detected capacity change from 0 to 4096 [pid 5867] <... mkdir resumed>) = 0 [pid 5865] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5867] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5866] <... mount resumed>) = 0 [pid 5866] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5865] memfd_create("syzkaller", 0 [pid 5866] <... openat resumed>) = 3 [pid 5865] <... memfd_create resumed>) = 4 [pid 5866] chdir("./bus" [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5866] <... chdir resumed>) = 0 [pid 5865] <... mmap resumed>) = 0x7f0fce600000 [pid 5866] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5865] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5866] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] <... write resumed>) = 32768 [pid 5866] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5866] memfd_create("syzkaller", 0) = 4 [pid 5865] munmap(0x7f0fce600000, 138412032 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5865] <... munmap resumed>) = 0 [pid 5866] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5865] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5866] <... write resumed>) = 32768 [pid 5865] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5866] munmap(0x7f0fce600000, 138412032 [pid 5865] close(4 [pid 5866] <... munmap resumed>) = 0 [pid 5865] <... close resumed>) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5866] close(4) = 0 [pid 5866] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5866] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5866] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5866] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5866] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5866] read(4, [pid 5865] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5867] <... mount resumed>) = 0 [pid 5865] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5865] sched_setaffinity(0, 0, NULL [pid 5867] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5865] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5867] <... openat resumed>) = 3 [pid 5867] chdir("./bus") = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5867] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5867] memfd_create("syzkaller", 0) = 4 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5867] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5867] munmap(0x7f0fce600000, 138412032 [pid 5865] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5867] <... munmap resumed>) = 0 [pid 5865] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5865] <... openat resumed>) = 4 [pid 5867] close(4 [pid 5865] read(4, [pid 5867] <... close resumed>) = 0 [pid 5867] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5867] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5867] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5867] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5867] read(4, [pid 5863] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5864] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5863] sched_setaffinity(0, 0, NULL [pid 5864] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5864] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5864] rename(NULL, NULL [pid 5863] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5863] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5864] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5863] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5864] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5863] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5863] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5864] <... openat resumed>) = 5 [pid 5863] exit_group(0) = ? [pid 5864] exit_group(0) = ? [pid 5863] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- [pid 5841] <... restart_syscall resumed>) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5841] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 5840] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... openat resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(3, "", [pid 5841] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./3/binderfs" [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./3/binderfs") = 0 [pid 5840] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./3/bus", [pid 5840] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... openat resumed>) = 4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(4, "", [pid 5840] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] getdents64(4, [pid 5841] close(4) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] rmdir("./3/bus" [pid 5840] getdents64(4, [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./3/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 5840] getdents64(3, [pid 5841] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] rmdir("./3" [pid 5840] close(3 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./3" [pid 5841] mkdir("./4", 0777) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5840] mkdir("./4", 0777 [pid 5865] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] <... mkdir resumed>) = 0 [pid 5865] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 5865] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5865] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5865] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5866] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5865] <... openat resumed>) = 5 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5865] exit_group(0) = ? [pid 5866] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 3 [pid 5866] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5866] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5866] rename(NULL, NULL [pid 5840] <... ioctl resumed>) = 0 [pid 5866] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5866] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] close(3 [pid 5865] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5868 attached [pid 5866] <... openat resumed>) = 5 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5868 [pid 5839] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] set_robust_list(0x555579e09760, 24 [pid 5866] exit_group(0 [pid 5839] <... openat resumed>) = 3 [pid 5866] <... exit_group resumed>) = ? [pid 5839] newfstatat(3, "", [pid 5868] <... set_robust_list resumed>) = 0 [pid 5866] +++ exited with 0 +++ [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5868] chdir("./4" [pid 5842] <... restart_syscall resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", [pid 5868] <... chdir resumed>) = 0 [pid 5839] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0 [pid 5842] getdents64(3, [pid 5868] <... setpgid resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] unlink("./3/binderfs" [pid 5842] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... openat resumed>) = 3 [pid 5839] <... unlink resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./3/binderfs" [pid 5868] write(3, "1000", 4 [pid 5842] <... unlink resumed>) = 0 [pid 5868] <... write resumed>) = 4 [pid 5842] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] <... close resumed>) = 0 [pid 5868] write(1, "executing program\n", 18 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5868] <... write resumed>) = 18 ./strace-static-x86_64: Process 5869 attached [pid 5868] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5839] <... umount2 resumed>) = 0 [pid 5869] set_robust_list(0x555579e09760, 24 [pid 5868] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... umount2 resumed>) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5869] chdir("./4" [pid 5868] memfd_create("syzkaller", 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5869 [pid 5839] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... chdir resumed>) = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0 [pid 5842] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... setpgid resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./3/bus", [pid 5842] newfstatat(AT_FDCWD, "./3/bus", [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] <... memfd_create resumed>) = 3 [pid 5839] newfstatat(4, "", [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... openat resumed>) = 4 [pid 5839] getdents64(4, [pid 5868] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5869] <... openat resumed>) = 3 [pid 5842] newfstatat(4, "", [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... close resumed>) = 0 [pid 5842] getdents64(4, [pid 5839] rmdir("./3/bus" [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] <... rmdir resumed>) = 0 [pid 5869] write(3, "1000", 4) = 4 [pid 5869] close(3) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] getdents64(4, executing program [pid 5869] write(1, "executing program\n", 18 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 5839] getdents64(3, [pid 5842] <... close resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] rmdir("./3/bus" [pid 5839] close(3 [pid 5869] <... write resumed>) = 18 [pid 5842] <... rmdir resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./3") = 0 [pid 5839] mkdir("./4", 0777 [pid 5869] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] getdents64(3, [pid 5839] <... mkdir resumed>) = 0 [pid 5869] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] rmdir("./3" [pid 5839] <... openat resumed>) = 3 [pid 5842] <... rmdir resumed>) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5842] mkdir("./4", 0777 [pid 5869] memfd_create("syzkaller", 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5869] <... memfd_create resumed>) = 3 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5869] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 5868] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5869] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached [pid 5870] set_robust_list(0x555579e09760, 24./strace-static-x86_64: Process 5871 attached ) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5870 [pid 5870] chdir("./4" [pid 5871] set_robust_list(0x555579e09760, 24 [pid 5870] <... chdir resumed>) = 0 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5871 [pid 5870] <... prctl resumed>) = 0 [pid 5871] chdir("./4" [pid 5870] setpgid(0, 0) = 0 [pid 5871] <... chdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] <... openat resumed>) = 3 executing program [pid 5870] write(3, "1000", 4 [pid 5871] <... openat resumed>) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] write(1, "executing program\n", 18) = 18 [pid 5871] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5871] memfd_create("syzkaller", 0 [pid 5870] <... write resumed>) = 4 [pid 5870] close(3) = 0 [pid 5871] <... memfd_create resumed>) = 3 [ 92.032130][ T9] cfg80211: failed to load regulatory.db [pid 5868] <... write resumed>) = 2097152 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... mmap resumed>) = 0x7f0fce600000 executing program [pid 5870] <... symlink resumed>) = 0 [pid 5870] write(1, "executing program\n", 18) = 18 [pid 5868] munmap(0x7f0fce600000, 138412032 [pid 5870] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5869] <... write resumed>) = 2097152 [pid 5870] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5870] memfd_create("syzkaller", 0 [pid 5869] munmap(0x7f0fce600000, 138412032 [pid 5868] <... munmap resumed>) = 0 [pid 5870] <... memfd_create resumed>) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... munmap resumed>) = 0 [pid 5867] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5870] <... mmap resumed>) = 0x7f0fce600000 [pid 5867] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5867] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5868] close(3 [pid 5869] <... openat resumed>) = 4 [pid 5867] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5869] ioctl(4, LOOP_SET_FD, 3 [pid 5867] rename(NULL, NULL [pid 5868] <... close resumed>) = 0 [pid 5868] close(4) = 0 [pid 5868] mkdir("./bus", 0777) = 0 [pid 5868] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5869] <... ioctl resumed>) = 0 [pid 5867] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5867] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5871] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] close(3 [pid 5867] <... openat resumed>) = 5 [pid 5869] <... close resumed>) = 0 [pid 5867] exit_group(0 [pid 5869] close(4 [pid 5867] <... exit_group resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5869] <... close resumed>) = 0 [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5869] mkdir("./bus", 0777) = 0 [pid 5870] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... mount resumed>) = 0 [pid 5869] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5838] <... restart_syscall resumed>) = 0 [pid 5838] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./3/binderfs") = 0 [ 92.140869][ T5868] loop3: detected capacity change from 0 to 4096 [ 92.160005][ T5869] loop2: detected capacity change from 0 to 4096 [pid 5838] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5871] <... write resumed>) = 2097152 [pid 5868] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5838] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] munmap(0x7f0fce600000, 138412032 [pid 5869] <... mount resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5868] chdir("./bus" [pid 5869] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5868] <... chdir resumed>) = 0 [pid 5838] getdents64(4, [pid 5869] <... openat resumed>) = 3 [pid 5868] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5868] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5869] chdir("./bus" [pid 5838] getdents64(4, [pid 5869] <... chdir resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5868] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] memfd_create("syzkaller", 0 [pid 5838] close(4 [pid 5869] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] <... memfd_create resumed>) = 4 [pid 5838] <... close resumed>) = 0 [pid 5871] <... munmap resumed>) = 0 [pid 5869] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] rmdir("./3/bus" [pid 5869] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5838] <... rmdir resumed>) = 0 [pid 5869] memfd_create("syzkaller", 0) = 4 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5838] getdents64(3, [pid 5869] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5868] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5869] <... write resumed>) = 32768 [pid 5838] close(3 [pid 5868] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] <... close resumed>) = 0 [pid 5869] munmap(0x7f0fce600000, 138412032 [pid 5838] rmdir("./3" [pid 5869] <... munmap resumed>) = 0 [pid 5868] <... write resumed>) = 32768 [pid 5838] <... rmdir resumed>) = 0 [pid 5868] munmap(0x7f0fce600000, 138412032 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] mkdir("./4", 0777 [pid 5869] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] <... munmap resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] close(4 [pid 5868] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] <... mkdir resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5869] <... close resumed>) = 0 [pid 5868] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] ioctl(4, LOOP_SET_FD, 3 [pid 5869] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5868] close(4 [pid 5869] <... prlimit64 resumed>NULL) = 0 [pid 5869] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... openat resumed>) = 3 [pid 5869] sched_setaffinity(0, 0, NULL [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(3 [pid 5869] sched_setscheduler(0, SCHED_RR, NULL [pid 5868] <... close resumed>) = 0 [pid 5869] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5870] <... write resumed>) = 2097152 [pid 5869] read(4, [pid 5868] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5871] <... ioctl resumed>) = 0 [pid 5870] munmap(0x7f0fce600000, 138412032 [pid 5868] <... prlimit64 resumed>NULL) = 0 [pid 5868] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5871] close(3 [pid 5870] <... munmap resumed>) = 0 [pid 5868] sched_setaffinity(0, 0, NULL [pid 5871] <... close resumed>) = 0 [ 92.279231][ T5871] loop4: detected capacity change from 0 to 4096 [pid 5871] close(4) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... openat resumed>) = 4 [pid 5868] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5871] mkdir("./bus", 0777 [pid 5868] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5870] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... openat resumed>) = 4 [pid 5868] read(4, [pid 5870] <... ioctl resumed>) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5871] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5870] close(3 [pid 5838] <... close resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] close(4) = 0 ./strace-static-x86_64: Process 5872 attached [pid 5870] mkdir("./bus", 0777 [pid 5872] set_robust_list(0x555579e09760, 24) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5872 [pid 5872] chdir("./4" [pid 5870] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5872] <... chdir resumed>) = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] write(1, "executing program\n", 18executing program ) = 18 [pid 5872] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [ 92.338990][ T5870] loop1: detected capacity change from 0 to 4096 [pid 5872] memfd_create("syzkaller", 0) = 3 [pid 5871] <... mount resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] chdir("./bus") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5871] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5872] <... mmap resumed>) = 0x7f0fce600000 [pid 5871] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5871] memfd_create("syzkaller", 0) = 4 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5871] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5870] <... mount resumed>) = 0 [pid 5871] munmap(0x7f0fce600000, 138412032 [pid 5870] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5871] <... munmap resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5871] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] chdir("./bus" [pid 5871] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] <... chdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] close(4 [pid 5870] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] <... close resumed>) = 0 [pid 5870] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5870] memfd_create("syzkaller", 0) = 4 [pid 5871] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] <... prlimit64 resumed>NULL) = 0 [pid 5870] <... mmap resumed>) = 0x7f0fce600000 [pid 5872] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5870] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5871] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... write resumed>) = 32768 [pid 5871] sched_setaffinity(0, 0, NULL [pid 5870] munmap(0x7f0fce600000, 138412032 [pid 5871] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... munmap resumed>) = 0 [pid 5871] sched_setscheduler(0, SCHED_RR, NULL [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5870] close(4 [pid 5871] <... openat resumed>) = 4 [pid 5870] <... close resumed>) = 0 [pid 5871] read(4, [pid 5870] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5870] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5870] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5870] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5870] read(4, [pid 5872] <... write resumed>) = 2097152 [pid 5872] munmap(0x7f0fce600000, 138412032) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [ 92.580835][ T5872] loop0: detected capacity change from 0 to 4096 [pid 5872] close(4) = 0 [pid 5872] mkdir("./bus", 0777) = 0 [pid 5872] mount("/dev/loop0", "./bus", "ntfs3", 0, "") = 0 [pid 5872] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] chdir("./bus") = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5872] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5872] memfd_create("syzkaller", 0) = 4 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5872] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5872] munmap(0x7f0fce600000, 138412032) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5872] close(4) = 0 [pid 5872] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5872] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5872] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5872] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5872] read(4, [pid 5871] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5871] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5871] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5871] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5871] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5871] exit_group(0) = ? [pid 5869] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5869] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5869] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5869] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5871] +++ exited with 0 +++ [pid 5868] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5869] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5868] sched_setaffinity(0, 0, NULL [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5868] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5868] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5868] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5842] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] <... openat resumed>) = 5 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 5868] <... openat resumed>) = 5 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5869] exit_group(0) = ? [pid 5842] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] +++ exited with 0 +++ [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] exit_group(0 [pid 5842] unlink("./4/binderfs" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... exit_group resumed>) = ? [pid 5842] <... unlink resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] +++ exited with 0 +++ [pid 5842] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... openat resumed>) = 3 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5840] newfstatat(3, "", [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5841] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5840] unlink("./4/binderfs" [pid 5841] newfstatat(3, "", [pid 5840] <... unlink resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 5840] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5842] <... umount2 resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./4/binderfs") = 0 [pid 5841] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5842] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(AT_FDCWD, "./4/bus", [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... openat resumed>) = 4 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./4/bus", [pid 5842] newfstatat(4, "", [pid 5841] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5840] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] getdents64(4, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(4, "", [pid 5872] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] sched_setaffinity(0, 0, NULL [pid 5840] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] getdents64(4, [pid 5840] <... openat resumed>) = 4 [pid 5872] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5842] close(4 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] <... close resumed>) = 0 [pid 5841] getdents64(4, [pid 5840] newfstatat(4, "", [pid 5872] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] rmdir("./4/bus" [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5842] <... rmdir resumed>) = 0 [pid 5841] close(4 [pid 5840] getdents64(4, [pid 5841] <... close resumed>) = 0 [pid 5872] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] getdents64(3, [pid 5841] rmdir("./4/bus" [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 5840] close(4 [pid 5842] <... close resumed>) = 0 [pid 5841] getdents64(3, [pid 5840] <... close resumed>) = 0 [pid 5842] rmdir("./4" [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] rmdir("./4/bus" [pid 5842] <... rmdir resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./4") = 0 [pid 5842] mkdir("./5", 0777 [pid 5840] getdents64(3, [pid 5842] <... mkdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5841] mkdir("./5", 0777) = 0 [pid 5840] <... close resumed>) = 0 [pid 5872] <... openat resumed>) = 5 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5840] rmdir("./4" [pid 5872] exit_group(0) = ? [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5840] <... rmdir resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5872] +++ exited with 0 +++ [pid 5842] close(3 [pid 5840] mkdir("./5", 0777 [pid 5870] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5870] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5870] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] <... mkdir resumed>) = 0 [pid 5870] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5870] rename(NULL, NULL [pid 5841] <... ioctl resumed>) = 0 [pid 5870] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5841] close(3 [pid 5870] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5870] exit_group(0 [pid 5842] <... close resumed>) = 0 [pid 5838] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... exit_group resumed>) = ? [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... openat resumed>) = 3 [pid 5838] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5838] <... openat resumed>) = 3 [pid 5840] <... ioctl resumed>) = 0 [pid 5838] newfstatat(3, "", [pid 5840] close(3 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, ./strace-static-x86_64: Process 5873 attached [pid 5870] +++ exited with 0 +++ [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5873 [pid 5841] <... close resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5873] set_robust_list(0x555579e09760, 24) = 0 [pid 5873] chdir("./5") = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5873] setpgid(0, 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5874 attached [pid 5873] <... setpgid resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5838] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5874] set_robust_list(0x555579e09760, 24 [pid 5873] <... openat resumed>) = 3 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... set_robust_list resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5873] write(3, "1000", 4 [pid 5874] chdir("./5" [pid 5873] <... write resumed>) = 4 [pid 5873] close(3 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5874 [pid 5839] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] <... close resumed>) = 0 [pid 5874] <... chdir resumed>) = 0 [pid 5873] symlink("/dev/binderfs", "./binderfs" [pid 5840] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] unlink("./4/binderfs" [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5873] <... symlink resumed>) = 0 executing program [pid 5839] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... prctl resumed>) = 0 [pid 5873] write(1, "executing program\n", 18 [pid 5838] <... unlink resumed>) = 0 [pid 5874] setpgid(0, 0 [pid 5873] <... write resumed>) = 18 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... openat resumed>) = 3 [pid 5874] <... setpgid resumed>) = 0 [pid 5873] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5838] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] newfstatat(3, "", [pid 5873] <... bind resumed>) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 5875 attached [pid 5874] <... openat resumed>) = 3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] write(3, "1000", 4 [pid 5839] getdents64(3, [pid 5874] <... write resumed>) = 4 [pid 5875] set_robust_list(0x555579e09760, 24 [pid 5874] close(3 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 5839] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5875] chdir("./5" [pid 5874] <... symlink resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5875 [pid 5839] newfstatat(AT_FDCWD, "./4/binderfs", executing program [pid 5875] <... chdir resumed>) = 0 [pid 5874] write(1, "executing program\n", 18 [pid 5873] memfd_create("syzkaller", 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5874] <... write resumed>) = 18 [pid 5875] <... prctl resumed>) = 0 [pid 5873] <... memfd_create resumed>) = 3 [pid 5875] setpgid(0, 0 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5875] <... setpgid resumed>) = 0 [pid 5873] <... mmap resumed>) = 0x7f0fce600000 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5874] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5839] unlink("./4/binderfs" [pid 5838] <... umount2 resumed>) = 0 [pid 5874] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] <... unlink resumed>) = 0 [pid 5838] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] <... openat resumed>) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3 [pid 5874] memfd_create("syzkaller", 0 [pid 5839] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... memfd_create resumed>) = 3 [pid 5875] <... close resumed>) = 0 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] newfstatat(AT_FDCWD, "./4/bus", [pid 5875] symlink("/dev/binderfs", "./binderfs" [pid 5874] <... mmap resumed>) = 0x7f0fce600000 [pid 5875] <... symlink resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 5838] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5838] <... openat resumed>) = 4 [pid 5875] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5875] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5875] memfd_create("syzkaller", 0 [pid 5838] close(4 [pid 5875] <... memfd_create resumed>) = 3 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./4/bus" [pid 5875] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... rmdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] getdents64(3, [pid 5839] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(3 [pid 5839] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... close resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5838] rmdir("./4" [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5839] getdents64(4, [pid 5838] mkdir("./5", 0777 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, [pid 5838] <... mkdir resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./4/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5839] close(3 [pid 5838] <... openat resumed>) = 3 [pid 5839] <... close resumed>) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5839] rmdir("./4") = 0 [pid 5838] <... ioctl resumed>) = 0 [pid 5838] close(3 [pid 5839] mkdir("./5", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5874] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5873] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... close resumed>) = 0 [pid 5875] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5876 ./strace-static-x86_64: Process 5876 attached ./strace-static-x86_64: Process 5877 attached [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5877 [pid 5877] set_robust_list(0x555579e09760, 24 [pid 5876] set_robust_list(0x555579e09760, 24) = 0 [pid 5876] chdir("./5") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] <... set_robust_list resumed>) = 0 [pid 5876] write(3, "1000", 4 [pid 5877] chdir("./5" [pid 5876] <... write resumed>) = 4 [pid 5877] <... chdir resumed>) = 0 [pid 5876] close(3) = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs" [pid 5877] setpgid(0, 0 [pid 5876] <... symlink resumed>) = 0 [pid 5877] <... setpgid resumed>) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5876] write(1, "executing program\n", 18 [pid 5877] write(3, "1000", 4 [pid 5876] <... write resumed>) = 18 [pid 5877] <... write resumed>) = 4 [pid 5876] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5874] <... write resumed>) = 2097152 [pid 5876] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5877] close(3 [pid 5876] memfd_create("syzkaller", 0 [pid 5874] munmap(0x7f0fce600000, 138412032 [pid 5877] <... close resumed>) = 0 [pid 5873] <... write resumed>) = 2097152 [pid 5877] symlink("/dev/binderfs", "./binderfs" [pid 5873] munmap(0x7f0fce600000, 138412032executing program [pid 5877] <... symlink resumed>) = 0 [pid 5876] <... memfd_create resumed>) = 3 [pid 5874] <... munmap resumed>) = 0 [pid 5877] write(1, "executing program\n", 18 [pid 5873] <... munmap resumed>) = 0 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5877] <... write resumed>) = 18 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5877] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5874] <... openat resumed>) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3 [pid 5877] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5873] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5877] memfd_create("syzkaller", 0 [pid 5875] <... write resumed>) = 2097152 [pid 5873] <... openat resumed>) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3 [pid 5877] <... memfd_create resumed>) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5875] munmap(0x7f0fce600000, 138412032 [pid 5874] <... ioctl resumed>) = 0 [pid 5877] <... mmap resumed>) = 0x7f0fce600000 [pid 5875] <... munmap resumed>) = 0 [pid 5874] close(3) = 0 [pid 5874] close(4) = 0 [pid 5874] mkdir("./bus", 0777) = 0 [ 93.360740][ T5874] loop3: detected capacity change from 0 to 4096 [ 93.377620][ T5873] loop4: detected capacity change from 0 to 4096 [pid 5875] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5874] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5873] <... ioctl resumed>) = 0 [pid 5875] <... openat resumed>) = 4 [pid 5873] close(3) = 0 [pid 5873] close(4) = 0 [pid 5875] ioctl(4, LOOP_SET_FD, 3 [pid 5873] mkdir("./bus", 0777) = 0 [pid 5873] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5877] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5876] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5875] <... ioctl resumed>) = 0 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [pid 5875] mkdir("./bus", 0777) = 0 [pid 5875] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5874] <... mount resumed>) = 0 [ 93.448759][ T5875] loop2: detected capacity change from 0 to 4096 [pid 5874] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5876] <... write resumed>) = 2097152 [pid 5876] munmap(0x7f0fce600000, 138412032 [pid 5874] <... openat resumed>) = 3 [pid 5874] chdir("./bus") = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5874] memfd_create("syzkaller", 0) = 4 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5874] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5876] <... munmap resumed>) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5874] <... write resumed>) = 32768 [pid 5876] ioctl(4, LOOP_SET_FD, 3 [pid 5875] <... mount resumed>) = 0 [pid 5874] munmap(0x7f0fce600000, 138412032 [pid 5873] <... mount resumed>) = 0 [pid 5877] <... write resumed>) = 2097152 [pid 5874] <... munmap resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5875] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5874] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5877] munmap(0x7f0fce600000, 138412032 [pid 5874] close(4 [pid 5877] <... munmap resumed>) = 0 [pid 5875] <... openat resumed>) = 3 [pid 5874] <... close resumed>) = 0 [pid 5873] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] <... openat resumed>) = 3 [pid 5877] <... openat resumed>) = 4 [pid 5875] chdir("./bus" [pid 5874] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5877] ioctl(4, LOOP_SET_FD, 3 [pid 5876] <... ioctl resumed>) = 0 [pid 5875] <... chdir resumed>) = 0 [pid 5874] <... prlimit64 resumed>NULL) = 0 [pid 5873] chdir("./bus") = 0 [pid 5876] close(3) = 0 [pid 5876] close(4) = 0 [pid 5876] mkdir("./bus", 0777) = 0 [pid 5876] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5875] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5874] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5873] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5875] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5874] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5873] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5875] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5874] sched_setaffinity(0, 0, NULL [pid 5873] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5875] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5874] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5873] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5875] memfd_create("syzkaller", 0 [pid 5874] sched_setscheduler(0, SCHED_RR, NULL [pid 5875] <... memfd_create resumed>) = 4 [pid 5874] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5873] memfd_create("syzkaller", 0 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5874] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5873] <... memfd_create resumed>) = 4 [pid 5877] <... ioctl resumed>) = 0 [pid 5875] <... mmap resumed>) = 0x7f0fce600000 [pid 5874] <... openat resumed>) = 4 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5877] close(3 [pid 5874] read(4, [pid 5873] <... mmap resumed>) = 0x7f0fce600000 [pid 5877] <... close resumed>) = 0 [pid 5877] close(4) = 0 [pid 5877] mkdir("./bus", 0777 [pid 5875] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5873] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5877] <... mkdir resumed>) = 0 [pid 5875] <... write resumed>) = 32768 [pid 5873] <... write resumed>) = 32768 [pid 5875] munmap(0x7f0fce600000, 138412032 [pid 5873] munmap(0x7f0fce600000, 138412032 [pid 5875] <... munmap resumed>) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5873] <... munmap resumed>) = 0 [pid 5877] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5875] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5873] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5875] close(4) = 0 [pid 5873] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 93.551437][ T5876] loop1: detected capacity change from 0 to 4096 [ 93.576148][ T5877] loop0: detected capacity change from 0 to 4096 [pid 5875] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5873] close(4 [pid 5875] <... prlimit64 resumed>NULL) = 0 [pid 5875] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5873] <... close resumed>) = 0 [pid 5875] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5873] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5875] sched_setaffinity(0, 0, NULL [pid 5873] <... prlimit64 resumed>NULL) = 0 [pid 5875] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5873] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5875] sched_setscheduler(0, SCHED_RR, NULL [pid 5873] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5875] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5873] sched_setaffinity(0, 0, NULL [pid 5875] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5873] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5875] <... openat resumed>) = 4 [pid 5873] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5875] read(4, [pid 5873] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5876] <... mount resumed>) = 0 [pid 5873] read(4, [pid 5876] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./bus") = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5876] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5876] memfd_create("syzkaller", 0) = 4 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5876] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5876] munmap(0x7f0fce600000, 138412032 [pid 5877] <... mount resumed>) = 0 [pid 5876] <... munmap resumed>) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5877] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] close(4 [pid 5877] chdir("./bus" [pid 5876] <... close resumed>) = 0 [pid 5877] <... chdir resumed>) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5876] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5876] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5877] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5876] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5877] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5877] memfd_create("syzkaller", 0 [pid 5876] sched_setaffinity(0, 0, NULL [pid 5877] <... memfd_create resumed>) = 4 [pid 5876] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5876] sched_setscheduler(0, SCHED_RR, NULL [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5876] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5877] <... mmap resumed>) = 0x7f0fce600000 [pid 5876] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5877] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5876] <... openat resumed>) = 4 [pid 5876] read(4, [pid 5877] <... write resumed>) = 32768 [pid 5877] munmap(0x7f0fce600000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5877] close(4) = 0 [pid 5877] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5877] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5877] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5877] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5877] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5877] read(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5877] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5877] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5877] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5877] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5877] exit_group(0) = ? [pid 5877] +++ exited with 0 +++ [pid 5874] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5874] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5874] rename(NULL, NULL [pid 5838] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5874] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, [pid 5874] <... openat resumed>) = 5 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] exit_group(0 [pid 5838] unlink("./5/binderfs") = 0 [pid 5874] <... exit_group resumed>) = ? [pid 5874] +++ exited with 0 +++ [pid 5838] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5876] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5876] sched_setaffinity(0, 0, NULL [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5876] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5876] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5841] <... restart_syscall resumed>) = 0 [pid 5876] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5876] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5876] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5875] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5876] <... openat resumed>) = 5 [pid 5875] sched_setaffinity(0, 0, NULL [pid 5873] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] getdents64(3, [pid 5838] <... umount2 resumed>) = 0 [pid 5876] exit_group(0 [pid 5875] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5873] sched_setaffinity(0, 0, NULL [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5876] <... exit_group resumed>) = ? [pid 5875] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5873] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5873] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5876] +++ exited with 0 +++ [pid 5875] rename(NULL, NULL [pid 5873] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5838] newfstatat(AT_FDCWD, "./5/bus", [pid 5875] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5873] rename(NULL, NULL [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5875] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5873] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] unlink("./5/binderfs" [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5838] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... unlink resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5875] <... openat resumed>) = 5 [pid 5873] <... openat resumed>) = 5 [pid 5841] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... restart_syscall resumed>) = 0 [pid 5838] getdents64(4, [pid 5873] exit_group(0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5875] exit_group(0 [pid 5838] getdents64(4, [pid 5873] <... exit_group resumed>) = ? [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5875] <... exit_group resumed>) = ? [pid 5873] +++ exited with 0 +++ [pid 5841] <... umount2 resumed>) = 0 [pid 5839] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] close(4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... close resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] rmdir("./5/bus" [pid 5839] <... openat resumed>) = 3 [pid 5841] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5841] newfstatat(AT_FDCWD, "./5/bus", [pid 5839] newfstatat(3, "", [pid 5838] <... rmdir resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] getdents64(3, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5875] +++ exited with 0 +++ [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- [pid 5842] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5838] close(3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... restart_syscall resumed>) = 0 [pid 5839] unlink("./5/binderfs" [pid 5838] rmdir("./5" [pid 5842] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... openat resumed>) = 4 [pid 5839] <... unlink resumed>) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(4, "", [pid 5838] mkdir("./6", 0777 [pid 5842] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] newfstatat(3, "", [pid 5841] getdents64(4, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... mkdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] getdents64(3, [pid 5841] getdents64(4, [pid 5840] <... openat resumed>) = 3 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] newfstatat(3, "", [pid 5838] <... openat resumed>) = 3 [pid 5842] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] close(4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... close resumed>) = 0 [pid 5840] getdents64(3, [pid 5838] close(3 [pid 5842] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5841] rmdir("./5/bus" [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./5/binderfs" [pid 5841] <... rmdir resumed>) = 0 [pid 5840] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... unlink resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(3, [pid 5840] unlink("./5/binderfs" [pid 5839] <... umount2 resumed>) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5839] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] close(3 [pid 5840] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(AT_FDCWD, "./5/bus", [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./5" [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5839] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", [pid 5841] mkdir("./6", 0777 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] rmdir("./5/bus") = 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5839] getdents64(3, [pid 5842] <... umount2 resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] close(3 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./5"./strace-static-x86_64: Process 5878 attached [pid 5842] newfstatat(AT_FDCWD, "./5/bus", [pid 5840] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... rmdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] mkdir("./6", 0777 [pid 5842] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5879 attached ) = -1 EINVAL (Invalid argument) [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5878 [pid 5842] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5879] set_robust_list(0x555579e09760, 24 [pid 5842] <... openat resumed>) = 4 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5879 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5879] <... set_robust_list resumed>) = 0 [pid 5842] getdents64(4, [pid 5879] chdir("./6" [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] <... mkdir resumed>) = 0 [pid 5879] <... chdir resumed>) = 0 [pid 5878] set_robust_list(0x555579e09760, 24 [pid 5842] getdents64(4, [pid 5840] newfstatat(AT_FDCWD, "./5/bus", [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] close(4 [pid 5839] <... openat resumed>) = 3 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5840] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... ioctl resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] close(3 [pid 5878] chdir("./6" [pid 5879] <... prctl resumed>) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5879] setpgid(0, 0 [pid 5842] rmdir("./5/bus" [pid 5879] <... setpgid resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] getdents64(3, [pid 5879] write(3, "1000", 4 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 5879] <... write resumed>) = 4 [pid 5842] <... close resumed>) = 0 [pid 5879] close(3 [pid 5842] rmdir("./5" [pid 5879] <... close resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5878] <... chdir resumed>) = 0 [pid 5842] mkdir("./6", 0777 [pid 5840] newfstatat(4, "", [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5878] setpgid(0, 0 [pid 5840] getdents64(4, executing program [pid 5878] <... setpgid resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5879] write(1, "executing program\n", 18) = 18 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] getdents64(4, [pid 5879] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5878] <... openat resumed>) = 3 [pid 5842] <... mkdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5879] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5879] memfd_create("syzkaller", 0 [pid 5840] close(4 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5879] <... memfd_create resumed>) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5878] write(3, "1000", 4 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./5/bus" [pid 5878] <... write resumed>) = 4 [pid 5878] close(3 [pid 5840] <... rmdir resumed>) = 0 [pid 5878] <... close resumed>) = 0 [pid 5840] getdents64(3, [pid 5878] symlink("/dev/binderfs", "./binderfs" [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5878] <... symlink resumed>) = 0 [pid 5840] close(3executing program ) = 0 [pid 5878] write(1, "executing program\n", 18) = 18 [pid 5840] rmdir("./5" [pid 5839] <... close resumed>) = 0 [pid 5878] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5840] <... rmdir resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5878] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] mkdir("./6", 0777 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5880 ./strace-static-x86_64: Process 5880 attached [pid 5878] memfd_create("syzkaller", 0 [pid 5880] set_robust_list(0x555579e09760, 24 [pid 5878] <... memfd_create resumed>) = 3 [pid 5840] <... mkdir resumed>) = 0 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5880] chdir("./6" [pid 5878] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] <... openat resumed>) = 3 [pid 5880] <... chdir resumed>) = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5880] <... prctl resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5880] setpgid(0, 0 [pid 5840] close(3 [pid 5880] <... setpgid resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5879] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5880] <... openat resumed>) = 3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] write(3, "1000", 4./strace-static-x86_64: Process 5881 attached [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5881 [pid 5880] <... write resumed>) = 4 [pid 5881] set_robust_list(0x555579e09760, 24 [pid 5880] close(3 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5880] <... close resumed>) = 0 [pid 5881] chdir("./6" [pid 5880] symlink("/dev/binderfs", "./binderfs" [pid 5881] <... chdir resumed>) = 0 executing program [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5880] <... symlink resumed>) = 0 [pid 5881] <... prctl resumed>) = 0 [pid 5880] write(1, "executing program\n", 18) = 18 [pid 5881] setpgid(0, 0 [pid 5880] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5881] <... setpgid resumed>) = 0 [pid 5880] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5880] memfd_create("syzkaller", 0 [pid 5881] <... openat resumed>) = 3 [pid 5840] <... close resumed>) = 0 [pid 5881] write(3, "1000", 4 [pid 5880] <... memfd_create resumed>) = 3 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5881] <... write resumed>) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5882 attached ) = 0 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 5881] write(1, "executing program\n", 18 [pid 5880] <... mmap resumed>) = 0x7f0fce600000 [pid 5881] <... write resumed>) = 18 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5882 [pid 5882] set_robust_list(0x555579e09760, 24 [pid 5881] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5882] <... set_robust_list resumed>) = 0 [pid 5882] chdir("./6" [pid 5881] memfd_create("syzkaller", 0 [pid 5882] <... chdir resumed>) = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5879] <... write resumed>) = 2097152 [pid 5881] <... memfd_create resumed>) = 3 [pid 5882] <... prctl resumed>) = 0 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5878] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5882] setpgid(0, 0 [pid 5881] <... mmap resumed>) = 0x7f0fce600000 [pid 5882] <... setpgid resumed>) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5879] munmap(0x7f0fce600000, 138412032 [pid 5882] <... openat resumed>) = 3 [pid 5879] <... munmap resumed>) = 0 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5882] write(1, "executing program\n", 18) = 18 [pid 5882] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5879] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5882] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5882] memfd_create("syzkaller", 0 [pid 5879] <... openat resumed>) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3 [pid 5882] <... memfd_create resumed>) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5880] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5879] <... ioctl resumed>) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./bus", 0777) = 0 [pid 5879] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5878] <... write resumed>) = 2097152 [ 94.890713][ T5879] loop3: detected capacity change from 0 to 4096 [pid 5878] munmap(0x7f0fce600000, 138412032 [pid 5881] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5878] <... munmap resumed>) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5882] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5878] <... openat resumed>) = 4 [pid 5878] ioctl(4, LOOP_SET_FD, 3 [pid 5880] <... write resumed>) = 2097152 [pid 5878] <... ioctl resumed>) = 0 [pid 5880] munmap(0x7f0fce600000, 138412032) = 0 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] mkdir("./bus", 0777) = 0 [pid 5878] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5880] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5881] <... write resumed>) = 2097152 [ 94.979372][ T5878] loop0: detected capacity change from 0 to 4096 [pid 5881] munmap(0x7f0fce600000, 138412032) = 0 [pid 5880] <... openat resumed>) = 4 [pid 5879] <... mount resumed>) = 0 [pid 5882] <... write resumed>) = 2097152 [pid 5880] ioctl(4, LOOP_SET_FD, 3 [pid 5878] <... mount resumed>) = 0 [pid 5878] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5878] chdir("./bus" [pid 5882] munmap(0x7f0fce600000, 138412032 [pid 5881] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5880] <... ioctl resumed>) = 0 [pid 5879] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5878] <... chdir resumed>) = 0 [pid 5881] <... openat resumed>) = 4 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5882] <... munmap resumed>) = 0 [pid 5881] ioctl(4, LOOP_SET_FD, 3 [pid 5880] close(3 [pid 5879] <... openat resumed>) = 3 [pid 5878] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5878] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5878] memfd_create("syzkaller", 0) = 4 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5878] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5878] munmap(0x7f0fce600000, 138412032) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5882] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5881] <... ioctl resumed>) = 0 [pid 5880] <... close resumed>) = 0 [pid 5879] chdir("./bus" [pid 5878] close(4 [pid 5882] <... openat resumed>) = 4 [pid 5881] close(3 [pid 5880] close(4 [pid 5879] <... chdir resumed>) = 0 [pid 5878] <... close resumed>) = 0 [pid 5880] <... close resumed>) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5881] <... close resumed>) = 0 [pid 5880] mkdir("./bus", 0777 [pid 5879] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5882] ioctl(4, LOOP_SET_FD, 3 [pid 5880] <... mkdir resumed>) = 0 [pid 5879] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5878] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5881] close(4) = 0 [pid 5880] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5879] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5878] <... prlimit64 resumed>NULL) = 0 [pid 5881] mkdir("./bus", 0777 [pid 5879] memfd_create("syzkaller", 0 [pid 5878] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5879] <... memfd_create resumed>) = 4 [pid 5878] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5878] sched_setaffinity(0, 0, NULL [pid 5879] <... mmap resumed>) = 0x7f0fce600000 [pid 5878] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5881] <... mkdir resumed>) = 0 [pid 5879] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5878] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5881] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5878] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5879] <... write resumed>) = 32768 [pid 5878] <... openat resumed>) = 4 [pid 5879] munmap(0x7f0fce600000, 138412032 [pid 5878] read(4, [pid 5879] <... munmap resumed>) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5879] close(4) = 0 [pid 5879] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5879] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5879] sched_setaffinity(0, 0, NULL [pid 5882] <... ioctl resumed>) = 0 [pid 5879] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5882] close(3 [pid 5879] sched_setscheduler(0, SCHED_RR, NULL [pid 5882] <... close resumed>) = 0 [pid 5879] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5882] close(4 [pid 5879] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5882] <... close resumed>) = 0 [pid 5879] <... openat resumed>) = 4 [pid 5882] mkdir("./bus", 0777 [pid 5879] read(4, [pid 5882] <... mkdir resumed>) = 0 [ 95.046837][ T5880] loop1: detected capacity change from 0 to 4096 [ 95.074031][ T5881] loop4: detected capacity change from 0 to 4096 [ 95.090639][ T5882] loop2: detected capacity change from 0 to 4096 [pid 5882] mount("/dev/loop2", "./bus", "ntfs3", 0, "") = 0 [pid 5881] <... mount resumed>) = 0 [pid 5882] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5880] <... mount resumed>) = 0 [pid 5882] <... openat resumed>) = 3 [pid 5881] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5880] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5881] <... openat resumed>) = 3 [pid 5880] <... openat resumed>) = 3 [pid 5881] chdir("./bus" [pid 5880] chdir("./bus" [pid 5881] <... chdir resumed>) = 0 [pid 5880] <... chdir resumed>) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5880] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5881] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5880] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5882] chdir("./bus") = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5882] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5882] memfd_create("syzkaller", 0) = 4 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5880] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5881] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5880] memfd_create("syzkaller", 0 [pid 5881] memfd_create("syzkaller", 0 [pid 5882] <... mmap resumed>) = 0x7f0fce600000 [pid 5881] <... memfd_create resumed>) = 4 [pid 5880] <... memfd_create resumed>) = 4 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5881] <... mmap resumed>) = 0x7f0fce600000 [pid 5880] <... mmap resumed>) = 0x7f0fce600000 [pid 5882] <... write resumed>) = 32768 [pid 5881] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5880] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5882] munmap(0x7f0fce600000, 138412032 [pid 5881] <... write resumed>) = 32768 [pid 5881] munmap(0x7f0fce600000, 138412032) = 0 [pid 5880] <... write resumed>) = 32768 [pid 5881] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5880] munmap(0x7f0fce600000, 138412032 [pid 5881] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5880] <... munmap resumed>) = 0 [pid 5882] <... munmap resumed>) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5880] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5882] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5882] close(4) = 0 [pid 5880] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5882] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5881] close(4 [pid 5880] close(4 [pid 5882] <... prlimit64 resumed>NULL) = 0 [pid 5880] <... close resumed>) = 0 [pid 5882] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5882] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5882] sched_setscheduler(0, SCHED_RR, NULL [pid 5881] <... close resumed>) = 0 [pid 5880] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5881] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5880] <... prlimit64 resumed>NULL) = 0 [pid 5882] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5881] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5880] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5881] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5880] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5881] sched_setaffinity(0, 0, NULL [pid 5880] sched_setaffinity(0, 0, NULL [pid 5881] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5882] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5880] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5881] sched_setscheduler(0, SCHED_RR, NULL [pid 5882] <... openat resumed>) = 4 [pid 5881] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5882] read(4, [pid 5881] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5880] sched_setscheduler(0, SCHED_RR, NULL [pid 5881] <... openat resumed>) = 4 [pid 5880] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5881] read(4, [pid 5880] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5880] read(4, [pid 5878] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5878] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5878] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5878] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5878] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5878] exit_group(0) = ? [pid 5878] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5838] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./6/binderfs") = 0 [pid 5838] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5838] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./6/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./6") = 0 [pid 5838] mkdir("./7", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5880] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5880] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5880] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5880] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5880] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5880] exit_group(0 [pid 5838] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5883 attached [pid 5883] set_robust_list(0x555579e09760, 24) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5883 [pid 5883] chdir("./7") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5883] write(3, "1000", 4 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5883] <... write resumed>) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5883] write(1, "executing program\n", 18executing program [pid 5839] <... restart_syscall resumed>) = 0 [pid 5883] <... write resumed>) = 18 [pid 5883] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5883] memfd_create("syzkaller", 0 [pid 5839] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5883] <... memfd_create resumed>) = 3 [pid 5839] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5883] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./6/binderfs") = 0 [pid 5839] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5839] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5881] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] <... close resumed>) = 0 [pid 5881] sched_setaffinity(0, 0, NULL [pid 5839] rmdir("./6/bus" [pid 5881] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5881] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5881] rename(NULL, NULL [pid 5839] <... rmdir resumed>) = 0 [pid 5881] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5881] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./6" [pid 5881] <... openat resumed>) = 5 [pid 5839] <... rmdir resumed>) = 0 [pid 5881] exit_group(0 [pid 5883] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5881] <... exit_group resumed>) = ? [pid 5839] mkdir("./7", 0777 [pid 5879] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] <... mkdir resumed>) = 0 [pid 5881] +++ exited with 0 +++ [pid 5879] sched_setaffinity(0, 0, NULL [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5879] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5879] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] <... openat resumed>) = 3 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 5882] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5879] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... ioctl resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5882] sched_setaffinity(0, 0, NULL [pid 5879] rename(NULL, NULL [pid 5842] <... openat resumed>) = 3 [pid 5882] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5879] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] close(3 [pid 5883] <... write resumed>) = 2097152 [pid 5882] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5879] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] newfstatat(3, "", [pid 5882] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5882] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5882] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5883] munmap(0x7f0fce600000, 138412032 [pid 5882] <... openat resumed>) = 5 [pid 5879] <... openat resumed>) = 5 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5882] exit_group(0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./6/binderfs" [pid 5883] <... munmap resumed>) = 0 [pid 5882] <... exit_group resumed>) = ? [pid 5879] exit_group(0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] <... unlink resumed>) = 0 [pid 5882] +++ exited with 0 +++ [pid 5879] <... exit_group resumed>) = ? [pid 5842] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5883] <... openat resumed>) = 4 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... close resumed>) = 0 [pid 5883] ioctl(4, LOOP_SET_FD, 3 [pid 5879] +++ exited with 0 +++ [pid 5842] <... umount2 resumed>) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 5840] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./6/bus") = 0 ./strace-static-x86_64: Process 5884 attached [pid 5883] <... ioctl resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 3 [pid 5842] getdents64(3, [pid 5841] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] newfstatat(3, "", [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5883] close(3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5883] <... close resumed>) = 0 [pid 5842] close(3 [pid 5841] <... openat resumed>) = 3 [pid 5840] getdents64(3, [pid 5842] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5883] close(4 [pid 5842] rmdir("./6" [pid 5840] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] set_robust_list(0x555579e09760, 24 [pid 5883] <... close resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] newfstatat(3, "", [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5884 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5884] <... set_robust_list resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5883] mkdir("./bus", 0777 [pid 5884] chdir("./7" [pid 5883] <... mkdir resumed>) = 0 [pid 5841] getdents64(3, [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] mkdir("./7", 0777 [pid 5840] unlink("./6/binderfs" [pid 5842] <... mkdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5883] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5884] <... chdir resumed>) = 0 [pid 5841] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... unlink resumed>) = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5884] <... prctl resumed>) = 0 [pid 5840] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5884] setpgid(0, 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./6/binderfs" [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5884] <... setpgid resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] close(3 [pid 5841] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] <... openat resumed>) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 [pid 5884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] <... umount2 resumed>) = 0 [ 96.023606][ T5883] loop0: detected capacity change from 0 to 4096 executing program [pid 5884] write(1, "executing program\n", 18) = 18 [pid 5840] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", [pid 5884] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] <... umount2 resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5884] memfd_create("syzkaller", 0 [pid 5841] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(4 [pid 5884] <... memfd_create resumed>) = 3 [pid 5840] <... close resumed>) = 0 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] rmdir("./6/bus" [pid 5884] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... close resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(3, [pid 5841] newfstatat(AT_FDCWD, "./6/bus", [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./6") = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] mkdir("./7", 0777 [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", [pid 5883] <... mount resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5885 attached [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5885] set_robust_list(0x555579e09760, 24 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5885 [pid 5840] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 5883] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./bus" [pid 5885] <... set_robust_list resumed>) = 0 [pid 5883] <... chdir resumed>) = 0 [pid 5841] getdents64(4, [pid 5885] chdir("./7" [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5883] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] getdents64(4, [pid 5885] <... chdir resumed>) = 0 [pid 5883] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5883] memfd_create("syzkaller", 0) = 4 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5883] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5885] <... prctl resumed>) = 0 [pid 5883] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5885] setpgid(0, 0 [pid 5883] munmap(0x7f0fce600000, 138412032 [pid 5841] close(4 [pid 5883] <... munmap resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5885] <... setpgid resumed>) = 0 [pid 5841] rmdir("./6/bus" [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... rmdir resumed>) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5883] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] getdents64(3, [pid 5885] <... openat resumed>) = 3 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5885] write(3, "1000", 4 [pid 5883] close(4 [pid 5841] close(3 [pid 5883] <... close resumed>) = 0 [pid 5885] <... write resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5885] close(3 [pid 5883] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5883] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5883] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5885] <... close resumed>) = 0 [pid 5883] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] rmdir("./6" [pid 5840] <... close resumed>) = 0 [pid 5883] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5883] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5885] symlink("/dev/binderfs", "./binderfs" [pid 5883] <... openat resumed>) = 4 [pid 5841] <... rmdir resumed>) = 0 [pid 5885] <... symlink resumed>) = 0 [pid 5883] read(4, [pid 5841] mkdir("./7", 0777 [pid 5885] write(1, "executing program\n", 18 [pid 5841] <... mkdir resumed>) = 0 executing program [pid 5885] <... write resumed>) = 18 [pid 5884] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5885] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5885] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] close(3./strace-static-x86_64: Process 5886 attached [pid 5885] memfd_create("syzkaller", 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5886 [pid 5886] set_robust_list(0x555579e09760, 24) = 0 [pid 5886] chdir("./7") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 executing program [pid 5885] <... memfd_create resumed>) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5886] write(1, "executing program\n", 18) = 18 [pid 5886] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5886] memfd_create("syzkaller", 0 [pid 5885] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] <... close resumed>) = 0 [pid 5886] <... memfd_create resumed>) = 3 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5884] <... write resumed>) = 2097152 [pid 5884] munmap(0x7f0fce600000, 138412032 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached [pid 5887] set_robust_list(0x555579e09760, 24) = 0 [pid 5887] chdir("./7" [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5887 [pid 5884] <... munmap resumed>) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 executing program [pid 5887] <... chdir resumed>) = 0 [pid 5884] ioctl(4, LOOP_SET_FD, 3 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5887] write(1, "executing program\n", 18) = 18 [pid 5887] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5887] memfd_create("syzkaller", 0 [pid 5884] <... ioctl resumed>) = 0 [pid 5887] <... memfd_create resumed>) = 3 [pid 5886] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5885] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5884] close(3 [pid 5887] <... mmap resumed>) = 0x7f0fce600000 [pid 5884] <... close resumed>) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./bus", 0777) = 0 [ 96.290178][ T5884] loop1: detected capacity change from 0 to 4096 [pid 5884] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5886] <... write resumed>) = 2097152 [pid 5886] munmap(0x7f0fce600000, 138412032) = 0 [pid 5885] <... write resumed>) = 2097152 [pid 5885] munmap(0x7f0fce600000, 138412032 [pid 5886] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5886] ioctl(4, LOOP_SET_FD, 3 [pid 5887] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5884] <... mount resumed>) = 0 [pid 5884] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5884] chdir("./bus") = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5884] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5885] <... munmap resumed>) = 0 [pid 5884] memfd_create("syzkaller", 0 [pid 5886] <... ioctl resumed>) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5884] <... memfd_create resumed>) = 4 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5886] close(3 [pid 5885] <... openat resumed>) = 4 [pid 5884] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5886] <... close resumed>) = 0 [pid 5885] ioctl(4, LOOP_SET_FD, 3 [pid 5884] munmap(0x7f0fce600000, 138412032) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5886] close(4 [pid 5885] <... ioctl resumed>) = 0 [pid 5886] <... close resumed>) = 0 [pid 5884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5884] close(4) = 0 [pid 5884] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5884] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5884] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5884] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5884] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5884] read(4, [pid 5886] mkdir("./bus", 0777 [pid 5885] close(3 [pid 5886] <... mkdir resumed>) = 0 [pid 5885] <... close resumed>) = 0 [pid 5886] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5885] close(4) = 0 [pid 5885] mkdir("./bus", 0777) = 0 [pid 5885] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5887] <... write resumed>) = 2097152 [ 96.392559][ T5886] loop2: detected capacity change from 0 to 4096 [ 96.415542][ T5885] loop4: detected capacity change from 0 to 4096 [pid 5887] munmap(0x7f0fce600000, 138412032 [pid 5886] <... mount resumed>) = 0 [pid 5887] <... munmap resumed>) = 0 [pid 5886] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5886] chdir("./bus") = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5886] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5887] <... openat resumed>) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3 [pid 5886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5887] <... ioctl resumed>) = 0 [pid 5885] <... mount resumed>) = 0 [pid 5886] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5885] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5886] memfd_create("syzkaller", 0 [pid 5885] <... openat resumed>) = 3 [pid 5886] <... memfd_create resumed>) = 4 [pid 5885] chdir("./bus") = 0 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5885] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5886] <... mmap resumed>) = 0x7f0fce600000 [pid 5885] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5886] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5885] memfd_create("syzkaller", 0) = 4 [pid 5887] close(3 [pid 5886] <... write resumed>) = 32768 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5886] munmap(0x7f0fce600000, 138412032 [pid 5885] <... mmap resumed>) = 0x7f0fce600000 [pid 5887] <... close resumed>) = 0 [pid 5886] <... munmap resumed>) = 0 [pid 5885] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5885] munmap(0x7f0fce600000, 138412032) = 0 [pid 5887] close(4) = 0 [pid 5887] mkdir("./bus", 0777) = 0 [pid 5887] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5886] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5885] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] close(4 [pid 5885] close(4 [pid 5886] <... close resumed>) = 0 [pid 5886] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5885] <... close resumed>) = 0 [pid 5886] <... prlimit64 resumed>NULL) = 0 [pid 5885] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5886] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5885] <... prlimit64 resumed>NULL) = 0 [pid 5886] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5885] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5886] sched_setaffinity(0, 0, NULL [pid 5885] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5886] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5885] sched_setaffinity(0, 0, NULL [pid 5886] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5885] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5886] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5885] sched_setscheduler(0, SCHED_RR, NULL [pid 5886] <... openat resumed>) = 4 [pid 5885] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5886] read(4, [pid 5885] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [ 96.501487][ T5887] loop3: detected capacity change from 0 to 4096 [pid 5885] read(4, [pid 5887] <... mount resumed>) = 0 [pid 5883] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5883] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5883] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5883] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5887] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5887] chdir("./bus") = 0 [pid 5883] <... openat resumed>) = 5 [pid 5887] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5883] exit_group(0 [pid 5887] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5887] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5883] <... exit_group resumed>) = ? [pid 5887] memfd_create("syzkaller", 0) = 4 [pid 5883] +++ exited with 0 +++ [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- [pid 5887] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5887] <... write resumed>) = 32768 [pid 5887] munmap(0x7f0fce600000, 138412032) = 0 [pid 5838] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5887] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5887] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... openat resumed>) = 3 [pid 5887] close(4 [pid 5838] newfstatat(3, "", [pid 5887] <... close resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, [pid 5887] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5887] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5887] sched_setaffinity(0, 0, NULL [pid 5838] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5887] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5887] sched_setscheduler(0, SCHED_RR, NULL [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5887] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] unlink("./7/binderfs" [pid 5887] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5838] <... unlink resumed>) = 0 [pid 5887] read(4, [pid 5838] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5838] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./7/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./7") = 0 [pid 5838] mkdir("./8", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555579e09750) = 5888 ./strace-static-x86_64: Process 5888 attached [pid 5884] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5888] set_robust_list(0x555579e09760, 24 [pid 5884] sched_setaffinity(0, 0, NULL [pid 5888] <... set_robust_list resumed>) = 0 [pid 5886] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5884] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5886] sched_setaffinity(0, 0, NULL [pid 5884] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5888] chdir("./8" [pid 5886] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5884] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5888] <... chdir resumed>) = 0 [pid 5886] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5884] rename(NULL, NULL [pid 5886] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5884] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5884] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5886] rename(NULL, NULL [pid 5884] <... openat resumed>) = 5 [pid 5888] <... prctl resumed>) = 0 [pid 5886] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5888] setpgid(0, 0 [pid 5886] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5888] <... setpgid resumed>) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] <... openat resumed>) = 5 [pid 5884] exit_group(0 [pid 5886] exit_group(0 [pid 5884] <... exit_group resumed>) = ? [pid 5888] write(3, "1000", 4) = 4 [pid 5884] +++ exited with 0 +++ [pid 5886] <... exit_group resumed>) = ? [pid 5888] close(3 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5888] <... close resumed>) = 0 [pid 5839] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5888] <... symlink resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./7/binderfs", executing program [pid 5888] write(1, "executing program\n", 18 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5888] <... write resumed>) = 18 [pid 5839] unlink("./7/binderfs" [pid 5888] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5886] +++ exited with 0 +++ [pid 5839] <... unlink resumed>) = 0 [pid 5888] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] memfd_create("syzkaller", 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5840] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", [pid 5888] <... memfd_create resumed>) = 3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5888] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./7/binderfs") = 0 [pid 5840] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5840] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(4, "", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] <... openat resumed>) = 4 [pid 5839] getdents64(4, [pid 5840] newfstatat(4, "", [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] close(4 [pid 5840] getdents64(4, [pid 5839] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] rmdir("./7/bus" [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5840] rmdir("./7/bus" [pid 5839] getdents64(3, [pid 5840] <... rmdir resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./7" [pid 5840] close(3) = 0 [pid 5840] rmdir("./7") = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5840] mkdir("./8", 0777 [pid 5839] mkdir("./8", 0777 [pid 5840] <... mkdir resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5840] <... ioctl resumed>) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 5888] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] close(3 [pid 5887] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] <... close resumed>) = 0 [pid 5887] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5887] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5887] rename(NULL, NULL [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5887] <... rename resumed>) = -1 EFAULT (Bad address) ./strace-static-x86_64: Process 5889 attached [pid 5889] set_robust_list(0x555579e09760, 24 [pid 5887] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5889 [pid 5889] <... set_robust_list resumed>) = 0 [pid 5889] chdir("./8") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5887] exit_group(0) = ? [pid 5889] <... openat resumed>) = 3 [pid 5887] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] <... close resumed>) = 0 [pid 5889] write(3, "1000", 4) = 4 [pid 5841] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5889] close(3 [pid 5888] <... write resumed>) = 2097152 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5888] munmap(0x7f0fce600000, 138412032 [pid 5889] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5889] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... openat resumed>) = 3 executing program [pid 5889] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 5890 attached [pid 5841] newfstatat(3, "", [pid 5889] write(1, "executing program\n", 18 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5890] set_robust_list(0x555579e09760, 24 [pid 5889] <... write resumed>) = 18 [pid 5890] <... set_robust_list resumed>) = 0 [pid 5841] getdents64(3, [pid 5890] chdir("./8" [pid 5889] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5890] <... chdir resumed>) = 0 [pid 5889] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5890 [pid 5890] <... prctl resumed>) = 0 [pid 5888] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5890] setpgid(0, 0 [pid 5889] memfd_create("syzkaller", 0 [pid 5841] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5890] <... setpgid resumed>) = 0 [pid 5889] <... memfd_create resumed>) = 3 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5888] <... openat resumed>) = 4 [pid 5890] <... openat resumed>) = 3 [pid 5889] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] unlink("./7/binderfs" [pid 5888] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... unlink resumed>) = 0 [pid 5890] write(3, "1000", 4 [pid 5841] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] <... write resumed>) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5890] write(1, "executing program\n", 18) = 18 [pid 5890] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5890] memfd_create("syzkaller", 0) = 3 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5888] <... ioctl resumed>) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./bus", 0777) = 0 [pid 5888] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 97.252400][ T5888] loop0: detected capacity change from 0 to 4096 [pid 5841] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5889] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./7/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./7") = 0 [pid 5841] mkdir("./8", 0777 [pid 5890] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3) = 0 [pid 5889] <... write resumed>) = 2097152 [pid 5888] <... mount resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5891 attached [pid 5891] set_robust_list(0x555579e09760, 24 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5891 [pid 5891] <... set_robust_list resumed>) = 0 [pid 5891] chdir("./8") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5890] <... write resumed>) = 2097152 [pid 5889] munmap(0x7f0fce600000, 138412032 [pid 5888] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5891] <... openat resumed>) = 3 [pid 5888] <... openat resumed>) = 3 [pid 5891] write(3, "1000", 4 [pid 5888] chdir("./bus" [pid 5891] <... write resumed>) = 4 [pid 5891] close(3 [pid 5888] <... chdir resumed>) = 0 [pid 5891] <... close resumed>) = 0 [pid 5890] munmap(0x7f0fce600000, 138412032 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5891] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5888] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5888] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5891] write(1, "executing program\n", 18) = 18 [pid 5889] <... munmap resumed>) = 0 [pid 5891] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5888] memfd_create("syzkaller", 0 [pid 5891] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5889] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5888] <... memfd_create resumed>) = 4 [pid 5891] memfd_create("syzkaller", 0 [pid 5890] <... munmap resumed>) = 0 [pid 5889] <... openat resumed>) = 4 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5891] <... memfd_create resumed>) = 3 [pid 5890] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5889] ioctl(4, LOOP_SET_FD, 3 [pid 5888] <... mmap resumed>) = 0x7f0fce600000 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5888] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5891] <... mmap resumed>) = 0x7f0fce600000 [pid 5890] <... openat resumed>) = 4 [pid 5888] <... write resumed>) = 32768 [pid 5890] ioctl(4, LOOP_SET_FD, 3 [pid 5888] munmap(0x7f0fce600000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5890] <... ioctl resumed>) = 0 [pid 5889] <... ioctl resumed>) = 0 [pid 5888] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5890] close(3 [pid 5889] close(3 [pid 5888] close(4 [pid 5890] <... close resumed>) = 0 [pid 5889] <... close resumed>) = 0 [pid 5888] <... close resumed>) = 0 [pid 5890] close(4 [pid 5889] close(4 [pid 5888] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5890] <... close resumed>) = 0 [pid 5889] <... close resumed>) = 0 [pid 5888] <... prlimit64 resumed>NULL) = 0 [pid 5890] mkdir("./bus", 0777 [pid 5889] mkdir("./bus", 0777 [pid 5888] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5890] <... mkdir resumed>) = 0 [pid 5888] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5890] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5888] sched_setaffinity(0, 0, NULL [pid 5889] <... mkdir resumed>) = 0 [pid 5888] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5889] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5888] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5888] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [ 97.487247][ T5889] loop2: detected capacity change from 0 to 4096 [ 97.497121][ T5890] loop1: detected capacity change from 0 to 4096 [pid 5888] read(4, [pid 5891] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5885] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5885] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5885] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5885] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5885] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5885] exit_group(0) = ? [pid 5891] <... write resumed>) = 2097152 [pid 5891] munmap(0x7f0fce600000, 138412032 [pid 5885] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5889] <... mount resumed>) = 0 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5890] <... mount resumed>) = 0 [pid 5889] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5842] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5889] chdir("./bus") = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5889] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5889] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] newfstatat(3, "", [pid 5890] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5889] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5889] memfd_create("syzkaller", 0 [pid 5890] <... openat resumed>) = 3 [pid 5889] <... memfd_create resumed>) = 4 [pid 5890] chdir("./bus" [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] getdents64(3, [pid 5891] <... munmap resumed>) = 0 [pid 5890] <... chdir resumed>) = 0 [pid 5889] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5890] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5889] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5891] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5890] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5890] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5889] <... write resumed>) = 32768 [pid 5891] <... openat resumed>) = 4 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5891] ioctl(4, LOOP_SET_FD, 3 [pid 5890] memfd_create("syzkaller", 0 [pid 5889] munmap(0x7f0fce600000, 138412032 [pid 5842] unlink("./7/binderfs") = 0 [pid 5842] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] <... memfd_create resumed>) = 4 [pid 5889] <... munmap resumed>) = 0 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5889] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5889] close(4 [pid 5890] <... mmap resumed>) = 0x7f0fce600000 [pid 5890] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5891] <... ioctl resumed>) = 0 [pid 5890] <... write resumed>) = 32768 [pid 5889] <... close resumed>) = 0 [pid 5891] close(3 [pid 5890] munmap(0x7f0fce600000, 138412032 [pid 5889] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5891] <... close resumed>) = 0 [pid 5890] <... munmap resumed>) = 0 [pid 5889] <... prlimit64 resumed>NULL) = 0 [pid 5891] close(4 [pid 5890] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5889] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5891] <... close resumed>) = 0 [pid 5889] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5891] mkdir("./bus", 0777 [pid 5890] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5889] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5889] sched_setscheduler(0, SCHED_RR, NULL [pid 5891] <... mkdir resumed>) = 0 [pid 5889] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5891] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5889] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5889] read(4, [pid 5842] <... umount2 resumed>) = 0 [pid 5890] close(4 [pid 5842] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5890] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] newfstatat(AT_FDCWD, "./7/bus", [pid 5890] <... prlimit64 resumed>NULL) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5890] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5890] sched_setaffinity(0, 0, NULL [pid 5842] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5890] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... openat resumed>) = 4 [pid 5890] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] newfstatat(4, "", [pid 5890] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5890] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5842] getdents64(4, [pid 5890] <... openat resumed>) = 4 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5890] read(4, [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./7/bus") = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./7") = 0 [pid 5842] mkdir("./8", 0777) = 0 [ 97.655718][ T5891] loop3: detected capacity change from 0 to 4096 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3) = 0 [pid 5891] <... mount resumed>) = 0 [pid 5891] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./bus" [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5891] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5892 attached [pid 5891] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5892] set_robust_list(0x555579e09760, 24 [pid 5891] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5892] <... set_robust_list resumed>) = 0 [pid 5891] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5892] chdir("./8") = 0 [pid 5891] memfd_create("syzkaller", 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5891] <... memfd_create resumed>) = 4 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5892 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5892] <... prctl resumed>) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5891] <... mmap resumed>) = 0x7f0fce600000 [pid 5892] <... openat resumed>) = 3 [pid 5891] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5892] write(3, "1000", 4) = 4 [pid 5891] <... write resumed>) = 32768 [pid 5892] close(3 [pid 5891] munmap(0x7f0fce600000, 138412032 [pid 5892] <... close resumed>) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs" [pid 5891] <... munmap resumed>) = 0 [pid 5892] <... symlink resumed>) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) executing program [pid 5892] write(1, "executing program\n", 18 [pid 5891] close(4 [pid 5892] <... write resumed>) = 18 [pid 5891] <... close resumed>) = 0 [pid 5892] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5891] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5892] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5891] <... prlimit64 resumed>NULL) = 0 [pid 5892] memfd_create("syzkaller", 0 [pid 5891] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5892] <... memfd_create resumed>) = 3 [pid 5891] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5891] sched_setaffinity(0, 0, NULL [pid 5892] <... mmap resumed>) = 0x7f0fce600000 [pid 5891] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5891] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5891] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5891] read(4, [pid 5892] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5892] munmap(0x7f0fce600000, 138412032) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3 [pid 5888] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5888] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5888] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5888] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5888] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5892] <... ioctl resumed>) = 0 [pid 5892] close(3) = 0 [pid 5892] close(4 [pid 5888] <... openat resumed>) = 5 [ 98.106336][ T5892] loop4: detected capacity change from 0 to 4096 [pid 5888] exit_group(0 [pid 5892] <... close resumed>) = 0 [pid 5888] <... exit_group resumed>) = ? [pid 5892] mkdir("./bus", 0777 [pid 5888] +++ exited with 0 +++ [pid 5892] <... mkdir resumed>) = 0 [pid 5892] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5838] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./8/binderfs") = 0 [pid 5838] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5889] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5889] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5889] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5889] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5889] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] <... umount2 resumed>) = 0 [pid 5838] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./8/bus", [pid 5892] <... mount resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5892] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5838] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5892] <... openat resumed>) = 3 [pid 5889] <... openat resumed>) = 5 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5892] chdir("./bus" [pid 5838] <... openat resumed>) = 4 [pid 5838] newfstatat(4, "", [pid 5892] <... chdir resumed>) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5889] exit_group(0) = ? [pid 5892] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5889] +++ exited with 0 +++ [pid 5838] getdents64(4, [pid 5892] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5838] getdents64(4, [pid 5840] <... restart_syscall resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5892] memfd_create("syzkaller", 0 [pid 5838] close(4 [pid 5892] <... memfd_create resumed>) = 4 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./8/bus" [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... rmdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5892] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] getdents64(3, [pid 5840] <... openat resumed>) = 3 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5892] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5840] newfstatat(3, "", [pid 5838] close(3 [pid 5892] <... write resumed>) = 32768 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5892] munmap(0x7f0fce600000, 138412032 [pid 5838] <... close resumed>) = 0 [pid 5892] <... munmap resumed>) = 0 [pid 5840] getdents64(3, [pid 5838] rmdir("./8" [pid 5892] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] <... rmdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5892] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5892] close(4 [pid 5840] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] mkdir("./9", 0777 [pid 5892] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... mkdir resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5892] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5892] <... prlimit64 resumed>NULL) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5892] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5840] unlink("./8/binderfs" [pid 5892] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... openat resumed>) = 3 [pid 5840] <... unlink resumed>) = 0 [pid 5892] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5892] sched_setscheduler(0, SCHED_RR, NULL [pid 5840] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5892] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5892] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5838] <... ioctl resumed>) = 0 [pid 5892] read(4, [pid 5840] <... umount2 resumed>) = 0 [pid 5838] close(3 [pid 5840] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5890] sched_setaffinity(0, 0, NULL [pid 5840] newfstatat(AT_FDCWD, "./8/bus", [pid 5838] <... close resumed>) = 0 [pid 5890] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5890] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5890] rename(NULL, NULL [pid 5840] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5890] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5890] <... openat resumed>) = 5 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5890] exit_group(0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./8/bus" [pid 5890] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5893 attached [pid 5893] set_robust_list(0x555579e09760, 24) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5893] chdir("./9" [pid 5890] +++ exited with 0 +++ [pid 5840] getdents64(3, [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5893] <... chdir resumed>) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5893 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] <... close resumed>) = 0 [pid 5839] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5893] <... prctl resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5893] setpgid(0, 0 [pid 5840] rmdir("./8" [pid 5839] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5893] <... setpgid resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5840] mkdir("./9", 0777 [pid 5839] newfstatat(3, "", [pid 5840] <... mkdir resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5893] <... openat resumed>) = 3 [pid 5839] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5893] write(3, "1000", 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5893] <... write resumed>) = 4 [pid 5839] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5893] close(3 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5893] <... close resumed>) = 0 [pid 5891] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] unlink("./8/binderfs" [pid 5893] symlink("/dev/binderfs", "./binderfs" [pid 5891] sched_setaffinity(0, 0, NULL [pid 5840] <... openat resumed>) = 3 [pid 5839] <... unlink resumed>) = 0 [pid 5891] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5893] <... symlink resumed>) = 0 [pid 5891] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] ioctl(3, LOOP_CLR_FDexecuting program [pid 5893] write(1, "executing program\n", 18 [pid 5891] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5893] <... write resumed>) = 18 [pid 5893] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5891] rename(NULL, NULL [pid 5840] <... ioctl resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5891] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] close(3 [pid 5893] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5891] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5893] memfd_create("syzkaller", 0 [pid 5839] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5893] <... memfd_create resumed>) = 3 [pid 5891] <... openat resumed>) = 5 [pid 5839] <... close resumed>) = 0 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5839] rmdir("./8/bus") = 0 [pid 5839] getdents64(3, [pid 5891] exit_group(0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5891] <... exit_group resumed>) = ? [pid 5839] close(3) = 0 [pid 5839] rmdir("./8") = 0 [pid 5839] mkdir("./9", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5891] +++ exited with 0 +++ [pid 5839] close(3 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./8/binderfs") = 0 [pid 5893] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5894 attached ) = 0 [pid 5894] set_robust_list(0x555579e09760, 24) = 0 [pid 5841] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5894 [pid 5839] <... close resumed>) = 0 [pid 5894] chdir("./9" [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./8/bus", [pid 5894] <... chdir resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached [pid 5894] <... prctl resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5894] setpgid(0, 0 [pid 5841] <... openat resumed>) = 4 [pid 5894] <... setpgid resumed>) = 0 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5895] set_robust_list(0x555579e09760, 24 [pid 5841] getdents64(4, [pid 5895] <... set_robust_list resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5895] chdir("./9" [pid 5841] getdents64(4, [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5895 [pid 5895] <... chdir resumed>) = 0 [pid 5841] close(4 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5894] <... openat resumed>) = 3 [pid 5841] <... close resumed>) = 0 [pid 5895] <... prctl resumed>) = 0 [pid 5894] write(3, "1000", 4 [pid 5841] rmdir("./8/bus" [pid 5895] setpgid(0, 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5895] <... setpgid resumed>) = 0 [pid 5894] <... write resumed>) = 4 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs" [pid 5841] getdents64(3, executing program [pid 5895] <... openat resumed>) = 3 [pid 5894] <... symlink resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5894] write(1, "executing program\n", 18) = 18 [pid 5894] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5841] close(3 [pid 5895] write(3, "1000", 4) = 4 [pid 5841] <... close resumed>) = 0 [pid 5895] close(3 [pid 5841] rmdir("./8" [pid 5894] memfd_create("syzkaller", 0 [pid 5895] <... close resumed>) = 0 [pid 5894] <... memfd_create resumed>) = 3 [pid 5841] <... rmdir resumed>) = 0 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5895] symlink("/dev/binderfs", "./binderfs" [pid 5894] <... mmap resumed>) = 0x7f0fce600000 [pid 5895] <... symlink resumed>) = 0 executing program [pid 5895] write(1, "executing program\n", 18 [pid 5841] mkdir("./9", 0777 [pid 5895] <... write resumed>) = 18 [pid 5841] <... mkdir resumed>) = 0 [pid 5895] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5895] memfd_create("syzkaller", 0 [pid 5893] <... write resumed>) = 2097152 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5895] <... memfd_create resumed>) = 3 [pid 5841] close(3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5893] munmap(0x7f0fce600000, 138412032 [pid 5892] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5892] sched_setaffinity(0, 0, NULL [pid 5893] <... munmap resumed>) = 0 [pid 5892] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5892] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5892] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5892] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5892] <... openat resumed>) = 5 [pid 5893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5892] exit_group(0) = ? [pid 5892] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5894] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5893] close(3 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5842] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5893] <... close resumed>) = 0 [pid 5842] newfstatat(3, "", [pid 5895] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5893] close(4 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5893] <... close resumed>) = 0 [pid 5842] getdents64(3, [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5893] mkdir("./bus", 0777 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5893] <... mkdir resumed>) = 0 [pid 5842] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5896 attached ) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5896] set_robust_list(0x555579e09760, 24 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./8/binderfs" [pid 5896] <... set_robust_list resumed>) = 0 [pid 5893] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5842] <... unlink resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5896 [pid 5842] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] chdir("./9") = 0 [ 98.740692][ T5893] loop0: detected capacity change from 0 to 4096 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5896] setpgid(0, 0) = 0 [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... umount2 resumed>) = 0 [pid 5896] <... openat resumed>) = 3 [pid 5896] write(3, "1000", 4) = 4 [pid 5896] close(3) = 0 [pid 5896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5894] <... write resumed>) = 2097152 [pid 5896] write(1, "executing program\n", 18 [pid 5842] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 executing program [pid 5896] <... write resumed>) = 18 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5896] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5896] memfd_create("syzkaller", 0 [pid 5894] munmap(0x7f0fce600000, 138412032 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 5896] <... memfd_create resumed>) = 3 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./8/bus") = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./8" [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5842] <... rmdir resumed>) = 0 [pid 5842] mkdir("./9", 0777) = 0 [pid 5895] <... write resumed>) = 2097152 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5895] munmap(0x7f0fce600000, 138412032 [pid 5894] <... munmap resumed>) = 0 [pid 5893] <... mount resumed>) = 0 [pid 5893] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] chdir("./bus") = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] <... ioctl resumed>) = 0 [pid 5893] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] close(3 [pid 5893] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5894] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3 [pid 5893] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5895] <... munmap resumed>) = 0 [pid 5893] memfd_create("syzkaller", 0) = 4 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5895] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5893] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5893] munmap(0x7f0fce600000, 138412032) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5894] <... ioctl resumed>) = 0 [pid 5893] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5895] <... openat resumed>) = 4 [pid 5894] close(3 [pid 5893] close(4 [pid 5894] <... close resumed>) = 0 [pid 5893] <... close resumed>) = 0 [pid 5894] close(4 [pid 5893] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5894] <... close resumed>) = 0 [pid 5893] <... prlimit64 resumed>NULL) = 0 [pid 5894] mkdir("./bus", 0777 [pid 5893] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5895] ioctl(4, LOOP_SET_FD, 3 [pid 5894] <... mkdir resumed>) = 0 [pid 5893] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5893] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5893] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5894] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5893] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5893] read(4, [pid 5842] <... close resumed>) = 0 [pid 5896] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5895] <... ioctl resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5895] close(3) = 0 [pid 5895] close(4./strace-static-x86_64: Process 5897 attached [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5897 [pid 5897] set_robust_list(0x555579e09760, 24) = 0 [pid 5897] chdir("./9" [pid 5895] <... close resumed>) = 0 [ 98.866709][ T5894] loop2: detected capacity change from 0 to 4096 [ 98.894572][ T5895] loop1: detected capacity change from 0 to 4096 [pid 5897] <... chdir resumed>) = 0 [pid 5895] mkdir("./bus", 0777) = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5897] setpgid(0, 0) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] write(3, "1000", 4) = 4 [pid 5897] close(3) = 0 [pid 5897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5897] write(1, "executing program\n", 18 [pid 5895] mount("/dev/loop1", "./bus", "ntfs3", 0, ""executing program [pid 5897] <... write resumed>) = 18 [pid 5897] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5897] memfd_create("syzkaller", 0) = 3 [pid 5894] <... mount resumed>) = 0 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5896] <... write resumed>) = 2097152 [pid 5897] <... mmap resumed>) = 0x7f0fce600000 [pid 5896] munmap(0x7f0fce600000, 138412032 [pid 5894] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] chdir("./bus") = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5894] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5894] memfd_create("syzkaller", 0) = 4 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5894] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5896] <... munmap resumed>) = 0 [pid 5894] munmap(0x7f0fce600000, 138412032) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5894] close(4) = 0 [pid 5895] <... mount resumed>) = 0 [pid 5895] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5894] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5895] <... openat resumed>) = 3 [pid 5894] <... prlimit64 resumed>NULL) = 0 [pid 5895] chdir("./bus" [pid 5894] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5895] <... chdir resumed>) = 0 [pid 5894] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5895] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5894] sched_setaffinity(0, 0, NULL [pid 5895] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5894] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5895] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5894] sched_setscheduler(0, SCHED_RR, NULL [pid 5895] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5894] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5895] memfd_create("syzkaller", 0 [pid 5894] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5895] <... memfd_create resumed>) = 4 [pid 5894] <... openat resumed>) = 4 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5894] read(4, [pid 5896] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5895] <... mmap resumed>) = 0x7f0fce600000 [pid 5895] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5895] munmap(0x7f0fce600000, 138412032) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5895] close(4) = 0 [pid 5897] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5896] <... openat resumed>) = 4 [pid 5896] ioctl(4, LOOP_SET_FD, 3 [pid 5895] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5895] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5895] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5895] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5895] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5895] read(4, [pid 5896] <... ioctl resumed>) = 0 [pid 5897] <... write resumed>) = 2097152 [pid 5896] close(3 [pid 5897] munmap(0x7f0fce600000, 138412032 [pid 5896] <... close resumed>) = 0 [pid 5896] close(4) = 0 [pid 5896] mkdir("./bus", 0777) = 0 [pid 5897] <... munmap resumed>) = 0 [pid 5896] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5897] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 99.070180][ T5896] loop3: detected capacity change from 0 to 4096 [pid 5897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5897] close(3) = 0 [pid 5897] close(4) = 0 [pid 5897] mkdir("./bus", 0777) = 0 [ 99.133458][ T5897] loop4: detected capacity change from 0 to 4096 [pid 5897] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5893] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5893] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5893] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5893] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5893] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5893] exit_group(0) = ? [pid 5897] <... mount resumed>) = 0 [pid 5896] <... mount resumed>) = 0 [pid 5896] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5897] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5896] chdir("./bus" [pid 5838] <... restart_syscall resumed>) = 0 [pid 5897] <... openat resumed>) = 3 [pid 5896] <... chdir resumed>) = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5897] chdir("./bus" [pid 5838] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] <... chdir resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5896] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5897] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5896] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] <... openat resumed>) = 3 [pid 5838] newfstatat(3, "", [pid 5896] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5897] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5896] memfd_create("syzkaller", 0 [pid 5838] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5897] memfd_create("syzkaller", 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5896] <... memfd_create resumed>) = 4 [pid 5897] <... memfd_create resumed>) = 4 [pid 5838] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./9/binderfs") = 0 [pid 5838] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] <... mmap resumed>) = 0x7f0fce600000 [pid 5897] <... mmap resumed>) = 0x7f0fce600000 [pid 5897] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5896] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5897] <... write resumed>) = 32768 [pid 5896] <... write resumed>) = 32768 [pid 5897] munmap(0x7f0fce600000, 138412032 [pid 5896] munmap(0x7f0fce600000, 138412032 [pid 5897] <... munmap resumed>) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5896] <... munmap resumed>) = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5897] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5896] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5897] close(4 [pid 5896] close(4 [pid 5838] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] <... close resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5896] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5838] newfstatat(AT_FDCWD, "./9/bus", [pid 5897] <... close resumed>) = 0 [pid 5896] <... prlimit64 resumed>NULL) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5897] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5896] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5838] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5896] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] sched_setaffinity(0, 0, NULL [pid 5896] sched_setaffinity(0, 0, NULL [pid 5838] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5897] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5896] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... openat resumed>) = 4 [pid 5897] sched_setscheduler(0, SCHED_RR, NULL [pid 5896] sched_setscheduler(0, SCHED_RR, NULL [pid 5838] newfstatat(4, "", [pid 5897] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5896] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5897] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5896] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5838] getdents64(4, [pid 5897] <... openat resumed>) = 4 [pid 5896] <... openat resumed>) = 4 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5897] read(4, [pid 5896] read(4, [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./9/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./9") = 0 [pid 5838] mkdir("./10", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5898 attached [pid 5898] set_robust_list(0x555579e09760, 24) = 0 [pid 5898] chdir("./10") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5898 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5898] write(1, "executing program\n", 18executing program ) = 18 [pid 5898] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5895] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5895] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5895] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5895] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5895] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5895] exit_group(0) = ? [pid 5895] +++ exited with 0 +++ [pid 5898] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./9/binderfs") = 0 [pid 5839] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] <... write resumed>) = 2097152 [pid 5839] <... umount2 resumed>) = 0 [pid 5898] munmap(0x7f0fce600000, 138412032 [pid 5839] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5894] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5894] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(4, "", [pid 5894] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5898] <... munmap resumed>) = 0 [pid 5894] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5894] rename(NULL, NULL [pid 5839] getdents64(4, [pid 5898] <... openat resumed>) = 4 [pid 5894] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5898] ioctl(4, LOOP_SET_FD, 3 [pid 5894] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./9/bus" [pid 5894] <... openat resumed>) = 5 [pid 5839] <... rmdir resumed>) = 0 [pid 5894] exit_group(0) = ? [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./9" [pid 5894] +++ exited with 0 +++ [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./10", 0777 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 5839] <... mkdir resumed>) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5897] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5897] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5897] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5898] <... ioctl resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5898] close(3 [pid 5840] unlink("./9/binderfs" [pid 5898] <... close resumed>) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5898] close(4) = 0 [pid 5840] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] mkdir("./bus", 0777 [pid 5897] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5897] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5897] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5898] <... mkdir resumed>) = 0 [pid 5898] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5897] <... openat resumed>) = 5 [pid 5840] <... umount2 resumed>) = 0 [ 99.756012][ T5898] loop0: detected capacity change from 0 to 4096 [pid 5897] exit_group(0) = ? [pid 5840] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5897] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5840] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... restart_syscall resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(4, "", [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./9/binderfs") = 0 [pid 5842] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] <... close resumed>) = 0 [pid 5840] close(4) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] rmdir("./9/bus"./strace-static-x86_64: Process 5899 attached [pid 5842] <... umount2 resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] getdents64(3, [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5899 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5899] set_robust_list(0x555579e09760, 24 [pid 5840] <... close resumed>) = 0 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5899] chdir("./10" [pid 5840] rmdir("./9" [pid 5899] <... chdir resumed>) = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5899] write(3, "1000", 4 [pid 5842] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5899] <... write resumed>) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... rmdir resumed>) = 0 [pid 5899] close(3 [pid 5842] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] <... close resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5840] mkdir("./10", 0777 [pid 5899] symlink("/dev/binderfs", "./binderfs" [pid 5896] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] newfstatat(4, "", [pid 5840] <... mkdir resumed>) = 0 [pid 5896] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5896] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5896] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5896] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5896] exit_group(0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 5899] <... symlink resumed>) = 0 [pid 5896] <... exit_group resumed>) = ? [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5899] write(1, "executing program\n", 18 [pid 5842] getdents64(4, [pid 5840] <... ioctl resumed>) = 0 executing program [pid 5840] close(3 [pid 5899] <... write resumed>) = 18 [pid 5898] <... mount resumed>) = 0 [pid 5896] +++ exited with 0 +++ [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5842] close(4 [pid 5899] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] <... close resumed>) = 0 [pid 5899] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5898] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5841] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] rmdir("./9/bus" [pid 5898] <... openat resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... rmdir resumed>) = 0 [pid 5898] chdir("./bus" [pid 5841] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] memfd_create("syzkaller", 0 [pid 5898] <... chdir resumed>) = 0 [pid 5842] getdents64(3, [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5899] <... memfd_create resumed>) = 3 [pid 5841] newfstatat(3, "", [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5898] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5899] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... close resumed>) = 0 [pid 5841] getdents64(3, [pid 5840] <... close resumed>) = 0 [pid 5898] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] rmdir("./9" [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... rmdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5898] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5898] memfd_create("syzkaller", 0 [pid 5842] mkdir("./10", 0777 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5898] <... memfd_create resumed>) = 4 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5841] unlink("./9/binderfs" [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5898] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... openat resumed>) = 3 [pid 5841] <... unlink resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5841] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5900 attached [pid 5898] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] close(3 [pid 5898] <... write resumed>) = 32768 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5900 [pid 5899] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5898] munmap(0x7f0fce600000, 138412032) = 0 [pid 5900] set_robust_list(0x555579e09760, 24 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5900] <... set_robust_list resumed>) = 0 [pid 5898] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5900] chdir("./10" [pid 5898] close(4 [pid 5900] <... chdir resumed>) = 0 [pid 5898] <... close resumed>) = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5898] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5900] <... prctl resumed>) = 0 [pid 5900] setpgid(0, 0 [pid 5898] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5900] <... setpgid resumed>) = 0 [pid 5898] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5898] sched_setaffinity(0, 0, NULL [pid 5841] <... umount2 resumed>) = 0 [pid 5898] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5898] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./9/bus", [pid 5898] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5900] <... openat resumed>) = 3 [pid 5898] <... openat resumed>) = 4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5900] write(3, "1000", 4 [pid 5898] read(4, [pid 5841] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5900] <... write resumed>) = 4 [pid 5900] close(3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5900] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5900] symlink("/dev/binderfs", "./binderfs" [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... openat resumed>) = 4 executing program ./strace-static-x86_64: Process 5901 attached [pid 5900] <... symlink resumed>) = 0 [pid 5841] newfstatat(4, "", [pid 5900] write(1, "executing program\n", 18 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5901 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5900] <... write resumed>) = 18 [pid 5841] getdents64(4, [pid 5901] set_robust_list(0x555579e09760, 24 [pid 5900] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5901] <... set_robust_list resumed>) = 0 [pid 5900] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] getdents64(4, [pid 5900] memfd_create("syzkaller", 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5901] chdir("./10" [pid 5841] rmdir("./9/bus" [pid 5901] <... chdir resumed>) = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... rmdir resumed>) = 0 [pid 5901] <... prctl resumed>) = 0 [pid 5901] setpgid(0, 0 [pid 5900] <... memfd_create resumed>) = 3 [pid 5841] getdents64(3, [pid 5901] <... setpgid resumed>) = 0 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5899] <... write resumed>) = 2097152 [pid 5841] close(3 [pid 5900] <... mmap resumed>) = 0x7f0fce600000 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5899] munmap(0x7f0fce600000, 138412032 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./9" [pid 5901] <... openat resumed>) = 3 [pid 5841] <... rmdir resumed>) = 0 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5899] <... munmap resumed>) = 0 [pid 5841] mkdir("./10", 0777) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs" [pid 5899] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5901] <... symlink resumed>) = 0 [pid 5899] <... openat resumed>) = 4 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5899] ioctl(4, LOOP_SET_FD, 3 [pid 5901] write(1, "executing program\n", 18executing program ) = 18 [pid 5901] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5901] memfd_create("syzkaller", 0 [pid 5899] <... ioctl resumed>) = 0 [pid 5899] close(3) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5899] close(4 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5899] <... close resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5899] mkdir("./bus", 0777 [pid 5841] close(3 [pid 5899] <... mkdir resumed>) = 0 [pid 5901] <... memfd_create resumed>) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [ 100.059921][ T5899] loop1: detected capacity change from 0 to 4096 [pid 5899] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5900] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5899] <... mount resumed>) = 0 [pid 5899] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5899] chdir("./bus") = 0 [pid 5841] <... close resumed>) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5902 attached [pid 5899] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5902] set_robust_list(0x555579e09760, 24 [pid 5899] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5902 [pid 5899] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5899] memfd_create("syzkaller", 0) = 4 [pid 5901] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5902] chdir("./10" [pid 5899] <... mmap resumed>) = 0x7f0fce600000 [pid 5902] <... chdir resumed>) = 0 [pid 5899] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5899] <... write resumed>) = 32768 [pid 5902] <... prctl resumed>) = 0 [pid 5902] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5899] munmap(0x7f0fce600000, 138412032 [pid 5902] <... openat resumed>) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5902] close(3) = 0 [pid 5902] symlink("/dev/binderfs", "./binderfs" [pid 5900] <... write resumed>) = 2097152 [pid 5899] <... munmap resumed>) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5902] <... symlink resumed>) = 0 [pid 5900] munmap(0x7f0fce600000, 138412032 [pid 5899] close(4executing program [pid 5902] write(1, "executing program\n", 18) = 18 [pid 5902] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5902] memfd_create("syzkaller", 0 [pid 5900] <... munmap resumed>) = 0 [pid 5899] <... close resumed>) = 0 [pid 5902] <... memfd_create resumed>) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5899] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5899] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5900] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5899] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5900] <... openat resumed>) = 4 [pid 5899] sched_setaffinity(0, 0, NULL [pid 5900] ioctl(4, LOOP_SET_FD, 3 [pid 5899] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5899] sched_setscheduler(0, SCHED_RR, NULL [pid 5901] <... write resumed>) = 2097152 [pid 5900] <... ioctl resumed>) = 0 [pid 5899] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5899] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5901] munmap(0x7f0fce600000, 138412032 [pid 5899] <... openat resumed>) = 4 [pid 5901] <... munmap resumed>) = 0 [pid 5900] close(3 [pid 5899] read(4, [pid 5901] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3 [pid 5900] <... close resumed>) = 0 [pid 5900] close(4 [pid 5902] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5900] <... close resumed>) = 0 [ 100.230941][ T5900] loop2: detected capacity change from 0 to 4096 [pid 5900] mkdir("./bus", 0777 [pid 5901] <... ioctl resumed>) = 0 [pid 5900] <... mkdir resumed>) = 0 [pid 5900] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [pid 5901] mkdir("./bus", 0777) = 0 [ 100.290927][ T5901] loop4: detected capacity change from 0 to 4096 [pid 5901] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5900] <... mount resumed>) = 0 [pid 5900] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5900] chdir("./bus") = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5900] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5900] memfd_create("syzkaller", 0) = 4 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5900] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5902] <... write resumed>) = 2097152 [pid 5900] <... write resumed>) = 32768 [pid 5902] munmap(0x7f0fce600000, 138412032 [pid 5900] munmap(0x7f0fce600000, 138412032) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5900] close(4) = 0 [pid 5900] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5900] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5902] <... munmap resumed>) = 0 [pid 5900] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5900] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5900] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5900] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5900] read(4, [pid 5901] <... mount resumed>) = 0 [pid 5901] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./bus") = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5901] memfd_create("syzkaller", 0) = 4 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5901] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5901] munmap(0x7f0fce600000, 138412032 [pid 5902] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5901] <... munmap resumed>) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] close(4 [pid 5902] <... openat resumed>) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3 [pid 5901] <... close resumed>) = 0 [pid 5901] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5901] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5901] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5901] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5901] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5901] read(4, [pid 5902] <... ioctl resumed>) = 0 [pid 5902] close(3) = 0 [pid 5902] close(4) = 0 [pid 5902] mkdir("./bus", 0777) = 0 [ 100.453718][ T5902] loop3: detected capacity change from 0 to 4096 [pid 5902] mount("/dev/loop3", "./bus", "ntfs3", 0, "") = 0 [pid 5902] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./bus") = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5902] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5902] memfd_create("syzkaller", 0) = 4 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5902] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5902] munmap(0x7f0fce600000, 138412032) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5902] close(4) = 0 [pid 5902] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5902] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5902] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5902] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5902] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5902] read(4, [pid 5899] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5899] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5899] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5899] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5899] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5899] exit_group(0) = ? [pid 5899] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5898] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5898] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5898] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5898] rename(NULL, NULL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5898] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5898] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5898] <... openat resumed>) = 5 [pid 5839] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./10/binderfs") = 0 [pid 5898] exit_group(0 [pid 5839] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] <... exit_group resumed>) = ? [pid 5900] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5898] +++ exited with 0 +++ [pid 5839] <... umount2 resumed>) = 0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- [pid 5900] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5900] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5900] rename(NULL, NULL [pid 5838] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5900] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5900] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5901] sched_setaffinity(0, 0, NULL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5901] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./10/bus", [pid 5838] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5901] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5901] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5901] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5901] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] newfstatat(3, "", [pid 5839] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5900] <... openat resumed>) = 5 [pid 5839] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] getdents64(3, [pid 5839] <... openat resumed>) = 4 [pid 5900] exit_group(0) = ? [pid 5901] <... openat resumed>) = 5 [pid 5839] newfstatat(4, "", [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] getdents64(4, [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5900] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5838] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5901] exit_group(0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5901] <... exit_group resumed>) = ? [pid 5838] unlink("./10/binderfs" [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] close(4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] rmdir("./10/bus" [pid 5840] <... openat resumed>) = 3 [pid 5839] <... rmdir resumed>) = 0 [pid 5838] <... unlink resumed>) = 0 [pid 5840] newfstatat(3, "", [pid 5839] getdents64(3, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(3, [pid 5839] close(3 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] rmdir("./10" [pid 5840] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5840] unlink("./10/binderfs" [pid 5839] mkdir("./11", 0777 [pid 5838] <... umount2 resumed>) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5840] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... mkdir resumed>) = 0 [pid 5901] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5838] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5838] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5838] <... openat resumed>) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] getdents64(4, [pid 5842] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./10/bus" [pid 5842] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5838] <... rmdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./10/binderfs") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] close(3) = 0 [pid 5838] rmdir("./10") = 0 [pid 5902] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] <... umount2 resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5838] mkdir("./11", 0777) = 0 [pid 5902] sched_setaffinity(0, 0, NULL [pid 5842] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5902] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5903 attached [pid 5902] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./10/bus", [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5903 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5902] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5902] rename(NULL, NULL [pid 5842] newfstatat(AT_FDCWD, "./10/bus", [pid 5840] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5902] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... openat resumed>) = 3 [pid 5902] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 4 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5903] set_robust_list(0x555579e09760, 24 [pid 5842] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] newfstatat(4, "", [pid 5903] <... set_robust_list resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... ioctl resumed>) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5903] chdir("./11" [pid 5842] newfstatat(4, "", [pid 5838] close(3 [pid 5903] <... chdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./10/bus" [pid 5842] getdents64(4, [pid 5840] <... rmdir resumed>) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5902] <... openat resumed>) = 5 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5903] <... prctl resumed>) = 0 [pid 5902] exit_group(0 [pid 5842] getdents64(4, [pid 5903] setpgid(0, 0 [pid 5902] <... exit_group resumed>) = ? [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5903] <... setpgid resumed>) = 0 [pid 5902] +++ exited with 0 +++ [pid 5840] <... close resumed>) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] close(4 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5842] <... close resumed>) = 0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5840] rmdir("./10" [pid 5903] <... openat resumed>) = 3 [pid 5842] rmdir("./10/bus" [pid 5840] <... rmdir resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5840] mkdir("./11", 0777 [pid 5842] getdents64(3, [pid 5840] <... mkdir resumed>) = 0 [pid 5903] write(3, "1000", 4 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5903] <... write resumed>) = 4 [pid 5842] close(3 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./10/binderfs") = 0 [pid 5840] <... openat resumed>) = 3 [pid 5841] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5903] close(3 [pid 5842] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5903] <... close resumed>) = 0 [pid 5842] rmdir("./10"executing program [pid 5903] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... rmdir resumed>) = 0 [pid 5903] <... symlink resumed>) = 0 [pid 5903] write(1, "executing program\n", 18) = 18 [pid 5903] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5903] memfd_create("syzkaller", 0 [pid 5842] mkdir("./11", 0777 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached [pid 5903] <... memfd_create resumed>) = 3 [pid 5842] <... mkdir resumed>) = 0 [pid 5904] set_robust_list(0x555579e09760, 24) = 0 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5904 [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5904] chdir("./11" [pid 5841] <... umount2 resumed>) = 0 [pid 5904] <... chdir resumed>) = 0 [pid 5841] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5904] <... prctl resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./10/bus", [pid 5904] setpgid(0, 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5904] <... setpgid resumed>) = 0 [pid 5841] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5904] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5904] write(3, "1000", 4 [pid 5841] <... openat resumed>) = 4 [pid 5904] <... write resumed>) = 4 [pid 5841] newfstatat(4, "", [pid 5840] <... close resumed>) = 0 [pid 5904] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5904] <... close resumed>) = 0 [pid 5841] getdents64(4, [pid 5904] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5904] <... symlink resumed>) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./10/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./10"./strace-static-x86_64: Process 5905 attached [pid 5904] write(1, "executing program\n", 18 [pid 5841] <... rmdir resumed>) = 0 executing program [pid 5905] set_robust_list(0x555579e09760, 24 [pid 5904] <... write resumed>) = 18 [pid 5841] mkdir("./11", 0777 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5905 [pid 5904] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5841] <... mkdir resumed>) = 0 [pid 5905] <... set_robust_list resumed>) = 0 [pid 5904] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5905] chdir("./11") = 0 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] setpgid(0, 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5905] <... setpgid resumed>) = 0 [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] <... openat resumed>) = 3 [pid 5905] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5905] write(3, "1000", 4 [pid 5841] <... ioctl resumed>) = 0 [pid 5905] <... write resumed>) = 4 [pid 5841] close(3 [pid 5905] close(3) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5905] write(1, "executing program\n", 18) = 18 [pid 5905] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5905] memfd_create("syzkaller", 0 [pid 5842] <... close resumed>) = 0 [pid 5905] <... memfd_create resumed>) = 3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5906] set_robust_list(0x555579e09760, 24) = 0 [pid 5906] chdir("./11" [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5906 [pid 5906] <... chdir resumed>) = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs" [pid 5903] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5906] <... symlink resumed>) = 0 executing program [pid 5906] write(1, "executing program\n", 18 [pid 5841] <... close resumed>) = 0 [pid 5906] <... write resumed>) = 18 [pid 5906] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5907] set_robust_list(0x555579e09760, 24) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5907 [pid 5907] chdir("./11") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0 [pid 5904] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5907] <... setpgid resumed>) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5907] write(1, "executing program\n", 18) = 18 [pid 5907] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5905] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5903] <... write resumed>) = 2097152 [pid 5903] munmap(0x7f0fce600000, 138412032 [pid 5906] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5903] <... munmap resumed>) = 0 [pid 5904] <... write resumed>) = 2097152 [pid 5907] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5905] <... write resumed>) = 2097152 [pid 5904] munmap(0x7f0fce600000, 138412032 [pid 5903] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5906] <... write resumed>) = 2097152 [pid 5906] munmap(0x7f0fce600000, 138412032) = 0 [pid 5903] <... openat resumed>) = 4 [pid 5905] munmap(0x7f0fce600000, 138412032 [pid 5906] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5904] <... munmap resumed>) = 0 [pid 5903] ioctl(4, LOOP_SET_FD, 3 [pid 5906] <... openat resumed>) = 4 [pid 5905] <... munmap resumed>) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5903] <... ioctl resumed>) = 0 [pid 5906] ioctl(4, LOOP_SET_FD, 3 [pid 5904] <... openat resumed>) = 4 [pid 5905] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3 [pid 5907] <... write resumed>) = 2097152 [pid 5906] <... ioctl resumed>) = 0 [pid 5904] ioctl(4, LOOP_SET_FD, 3 [pid 5903] close(3 [pid 5907] munmap(0x7f0fce600000, 138412032 [pid 5906] close(3) = 0 [pid 5906] close(4 [pid 5905] <... ioctl resumed>) = 0 [pid 5904] <... ioctl resumed>) = 0 [pid 5903] <... close resumed>) = 0 [pid 5907] <... munmap resumed>) = 0 [pid 5906] <... close resumed>) = 0 [pid 5905] close(3 [pid 5904] close(3 [pid 5903] close(4 [pid 5907] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5906] mkdir("./bus", 0777 [pid 5905] <... close resumed>) = 0 [pid 5904] <... close resumed>) = 0 [pid 5903] <... close resumed>) = 0 [pid 5907] <... openat resumed>) = 4 [pid 5905] close(4 [pid 5904] close(4 [pid 5906] <... mkdir resumed>) = 0 [pid 5905] <... close resumed>) = 0 [pid 5904] <... close resumed>) = 0 [pid 5903] mkdir("./bus", 0777 [pid 5907] ioctl(4, LOOP_SET_FD, 3 [pid 5905] mkdir("./bus", 0777 [pid 5904] mkdir("./bus", 0777 [pid 5906] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5905] <... mkdir resumed>) = 0 [pid 5903] <... mkdir resumed>) = 0 [pid 5904] <... mkdir resumed>) = 0 [pid 5903] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [ 101.441661][ T5903] loop1: detected capacity change from 0 to 4096 [ 101.452292][ T5906] loop4: detected capacity change from 0 to 4096 [ 101.453117][ T5905] loop2: detected capacity change from 0 to 4096 [ 101.461221][ T5904] loop0: detected capacity change from 0 to 4096 [pid 5904] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5905] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5907] <... ioctl resumed>) = 0 [pid 5907] close(3) = 0 [pid 5907] close(4) = 0 [ 101.488300][ T5907] loop3: detected capacity change from 0 to 4096 [pid 5907] mkdir("./bus", 0777) = 0 [pid 5907] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5904] <... mount resumed>) = 0 [pid 5904] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] <... mount resumed>) = 0 [pid 5905] <... mount resumed>) = 0 [pid 5904] chdir("./bus" [pid 5903] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5904] <... chdir resumed>) = 0 [pid 5903] <... openat resumed>) = 3 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5903] chdir("./bus" [pid 5904] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5903] <... chdir resumed>) = 0 [pid 5904] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5903] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5904] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5903] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5904] memfd_create("syzkaller", 0 [pid 5903] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5904] <... memfd_create resumed>) = 4 [pid 5903] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5903] memfd_create("syzkaller", 0 [pid 5904] <... mmap resumed>) = 0x7f0fce600000 [pid 5903] <... memfd_create resumed>) = 4 [pid 5904] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5905] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5903] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5904] <... write resumed>) = 32768 [pid 5903] <... write resumed>) = 32768 [pid 5905] <... openat resumed>) = 3 [pid 5903] munmap(0x7f0fce600000, 138412032 [pid 5907] <... mount resumed>) = 0 [pid 5906] <... mount resumed>) = 0 [pid 5905] chdir("./bus" [pid 5904] munmap(0x7f0fce600000, 138412032 [pid 5905] <... chdir resumed>) = 0 [pid 5906] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5905] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5905] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5903] <... munmap resumed>) = 0 [pid 5907] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5906] <... openat resumed>) = 3 [pid 5905] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5904] <... munmap resumed>) = 0 [pid 5907] <... openat resumed>) = 3 [pid 5906] chdir("./bus" [pid 5905] memfd_create("syzkaller", 0 [pid 5907] chdir("./bus" [pid 5905] <... memfd_create resumed>) = 4 [pid 5906] <... chdir resumed>) = 0 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5907] <... chdir resumed>) = 0 [pid 5905] <... mmap resumed>) = 0x7f0fce600000 [pid 5907] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5903] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5905] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5903] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5903] close(4 [pid 5904] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5903] <... close resumed>) = 0 [pid 5904] close(4 [pid 5903] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5904] <... close resumed>) = 0 [pid 5903] <... prlimit64 resumed>NULL) = 0 [pid 5904] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5903] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5907] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5904] <... prlimit64 resumed>NULL) = 0 [pid 5903] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5907] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5904] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5903] sched_setaffinity(0, 0, NULL [pid 5907] memfd_create("syzkaller", 0 [pid 5904] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5903] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5907] <... memfd_create resumed>) = 4 [pid 5904] sched_setaffinity(0, 0, NULL [pid 5903] sched_setscheduler(0, SCHED_RR, NULL [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5904] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5903] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5907] <... mmap resumed>) = 0x7f0fce600000 [pid 5904] sched_setscheduler(0, SCHED_RR, NULL [pid 5903] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5907] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5904] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5903] <... openat resumed>) = 4 [pid 5906] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5904] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5903] read(4, [pid 5905] <... write resumed>) = 32768 [pid 5906] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5904] <... openat resumed>) = 4 [pid 5904] read(4, [pid 5906] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5905] munmap(0x7f0fce600000, 138412032 [pid 5907] <... write resumed>) = 32768 [pid 5907] munmap(0x7f0fce600000, 138412032 [pid 5906] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5907] <... munmap resumed>) = 0 [pid 5906] memfd_create("syzkaller", 0 [pid 5905] <... munmap resumed>) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5906] <... memfd_create resumed>) = 4 [pid 5905] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5907] close(4 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5907] <... close resumed>) = 0 [pid 5905] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5907] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5906] <... mmap resumed>) = 0x7f0fce600000 [pid 5906] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5905] close(4 [pid 5907] <... prlimit64 resumed>NULL) = 0 [pid 5907] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5905] <... close resumed>) = 0 [pid 5907] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5906] <... write resumed>) = 32768 [pid 5905] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5907] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5907] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5907] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5907] read(4, [pid 5906] munmap(0x7f0fce600000, 138412032 [pid 5905] <... prlimit64 resumed>NULL) = 0 [pid 5906] <... munmap resumed>) = 0 [pid 5905] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5906] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5905] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5905] sched_setaffinity(0, 0, NULL [pid 5906] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5905] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5906] close(4 [pid 5905] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5906] <... close resumed>) = 0 [pid 5905] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5906] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5905] <... openat resumed>) = 4 [pid 5906] <... prlimit64 resumed>NULL) = 0 [pid 5905] read(4, [pid 5906] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5906] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5906] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5906] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5906] read(4, [pid 5904] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5904] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5904] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5904] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5904] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5904] exit_group(0) = ? [pid 5904] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5838] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5903] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5903] sched_setaffinity(0, 0, NULL [pid 5907] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5903] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5907] sched_setaffinity(0, 0, NULL [pid 5903] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5907] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5903] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] unlink("./11/binderfs" [pid 5907] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5903] rename(NULL, NULL [pid 5907] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5903] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5907] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5907] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5907] exit_group(0) = ? [pid 5903] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5906] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5907] +++ exited with 0 +++ [pid 5903] <... openat resumed>) = 5 [pid 5838] <... unlink resumed>) = 0 [pid 5906] sched_setaffinity(0, 0, NULL [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5906] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5903] exit_group(0 [pid 5906] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] rename(NULL, NULL [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5906] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5841] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5906] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5903] <... exit_group resumed>) = ? [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./11/binderfs") = 0 [pid 5841] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5906] <... openat resumed>) = 5 [pid 5905] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] <... umount2 resumed>) = 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5906] exit_group(0 [pid 5905] sched_setaffinity(0, 0, NULL [pid 5906] <... exit_group resumed>) = ? [pid 5905] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5905] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5841] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5906] +++ exited with 0 +++ [pid 5905] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] newfstatat(AT_FDCWD, "./11/bus", [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./11/bus", [pid 5905] rename(NULL, NULL [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5905] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5905] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [pid 5841] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... openat resumed>) = 3 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(3, "", [pid 5841] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5839] getdents64(3, [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5905] <... openat resumed>) = 5 [pid 5841] getdents64(4, [pid 5839] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... openat resumed>) = 4 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(4, "", [pid 5839] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5905] exit_group(0 [pid 5841] getdents64(4, [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5905] <... exit_group resumed>) = ? [pid 5842] <... restart_syscall resumed>) = 0 [pid 5839] unlink("./11/binderfs" [pid 5838] getdents64(4, [pid 5839] <... unlink resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5905] +++ exited with 0 +++ [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] getdents64(4, [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5841] close(4 [pid 5838] close(4 [pid 5842] newfstatat(3, "", [pid 5841] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] rmdir("./11/bus" [pid 5838] rmdir("./11/bus" [pid 5842] getdents64(3, [pid 5841] <... rmdir resumed>) = 0 [pid 5840] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = 0 [pid 5841] getdents64(3, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] close(3 [pid 5840] <... openat resumed>) = 3 [pid 5838] <... rmdir resumed>) = 0 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] <... close resumed>) = 0 [pid 5840] newfstatat(3, "", [pid 5839] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] rmdir("./11" [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5841] mkdir("./12", 0777 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5842] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] unlink("./11/binderfs" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] getdents64(3, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... unlink resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5839] newfstatat(AT_FDCWD, "./11/bus", [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5840] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./11/binderfs" [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5839] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] close(3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... unlink resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] rmdir("./11" [pid 5842] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] close(3 [pid 5839] <... openat resumed>) = 4 [pid 5838] <... rmdir resumed>) = 0 [pid 5839] newfstatat(4, "", [pid 5838] mkdir("./12", 0777 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 5839] getdents64(4, [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] <... openat resumed>) = 3 [pid 5839] getdents64(4, [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] <... ioctl resumed>) = 0 [pid 5839] close(4 [pid 5838] close(3 [pid 5842] <... umount2 resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./11/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./11/bus", [pid 5840] newfstatat(AT_FDCWD, "./11/bus", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] close(3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] rmdir("./11" [pid 5842] <... openat resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... rmdir resumed>) = 0 [pid 5842] newfstatat(4, "", [pid 5840] <... openat resumed>) = 4 [pid 5839] mkdir("./12", 0777 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] newfstatat(4, "", [pid 5842] getdents64(4, [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] getdents64(4, [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] getdents64(4, [pid 5839] <... openat resumed>) = 3 [pid 5842] close(4 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./11/bus" [pid 5840] <... close resumed>) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 5842] <... rmdir resumed>) = 0 [pid 5840] rmdir("./11/bus" [pid 5842] getdents64(3, ./strace-static-x86_64: Process 5909 attached [pid 5909] set_robust_list(0x555579e09760, 24) = 0 [pid 5909] chdir("./12" [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5842] close(3 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5909 [pid 5840] getdents64(3, [pid 5842] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] rmdir("./11" [pid 5840] close(3 [pid 5909] <... chdir resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5840] rmdir("./11" [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] <... rmdir resumed>) = 0 [pid 5909] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5910 attached [pid 5842] mkdir("./12", 0777 [pid 5840] mkdir("./12", 0777 [pid 5839] <... close resumed>) = 0 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3 [pid 5910] set_robust_list(0x555579e09760, 24 [pid 5909] <... close resumed>) = 0 [pid 5910] <... set_robust_list resumed>) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... mkdir resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5910 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5909] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 5911 attached [pid 5910] chdir("./12" [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... openat resumed>) = 3 [pid 5911] set_robust_list(0x555579e09760, 24) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5911] chdir("./12" [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5911 [pid 5911] <... chdir resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5840] <... ioctl resumed>) = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... ioctl resumed>) = 0 [pid 5911] <... prctl resumed>) = 0 executing program executing program [pid 5842] close(3 [pid 5840] close(3 [pid 5911] setpgid(0, 0 [pid 5910] <... chdir resumed>) = 0 [pid 5909] write(1, "executing program\n", 18 [pid 5911] <... setpgid resumed>) = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5909] <... write resumed>) = 18 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5910] <... prctl resumed>) = 0 [pid 5911] <... openat resumed>) = 3 [pid 5910] setpgid(0, 0 [pid 5909] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5911] write(3, "1000", 4 [pid 5910] <... setpgid resumed>) = 0 [pid 5909] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5911] <... write resumed>) = 4 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5909] memfd_create("syzkaller", 0 [pid 5911] close(3 [pid 5910] <... openat resumed>) = 3 [pid 5911] <... close resumed>) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs" [pid 5910] write(3, "1000", 4 [pid 5911] <... symlink resumed>) = 0 [pid 5911] write(1, "executing program\n", 18) = 18 [pid 5911] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5910] <... write resumed>) = 4 [pid 5911] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5910] close(3 [pid 5909] <... memfd_create resumed>) = 3 [pid 5911] memfd_create("syzkaller", 0 [pid 5910] <... close resumed>) = 0 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5911] <... memfd_create resumed>) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5910] symlink("/dev/binderfs", "./binderfs" [pid 5909] <... mmap resumed>) = 0x7f0fce600000 executing program [pid 5910] <... symlink resumed>) = 0 [pid 5910] write(1, "executing program\n", 18) = 18 [pid 5910] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5910] memfd_create("syzkaller", 0) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5842] <... close resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5912 attached ./strace-static-x86_64: Process 5913 attached [pid 5912] set_robust_list(0x555579e09760, 24 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5912 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5913 [pid 5912] <... set_robust_list resumed>) = 0 [pid 5913] set_robust_list(0x555579e09760, 24) = 0 [pid 5913] chdir("./12" [pid 5912] chdir("./12" [pid 5913] <... chdir resumed>) = 0 [pid 5912] <... chdir resumed>) = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5913] <... prctl resumed>) = 0 [pid 5912] <... prctl resumed>) = 0 [pid 5913] setpgid(0, 0 [pid 5912] setpgid(0, 0 [pid 5913] <... setpgid resumed>) = 0 [pid 5912] <... setpgid resumed>) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5913] <... openat resumed>) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3 [pid 5912] <... openat resumed>) = 3 [pid 5913] <... close resumed>) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5912] write(3, "1000", 4) = 4 executing program [pid 5913] write(1, "executing program\n", 18 [pid 5912] close(3 [pid 5913] <... write resumed>) = 18 [pid 5913] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5913] memfd_create("syzkaller", 0 [pid 5912] <... close resumed>) = 0 [pid 5911] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5912] symlink("/dev/binderfs", "./binderfs" [pid 5913] <... memfd_create resumed>) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5912] <... symlink resumed>) = 0 [pid 5913] <... mmap resumed>) = 0x7f0fce600000 executing program [pid 5912] write(1, "executing program\n", 18) = 18 [pid 5912] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5909] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5912] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5912] memfd_create("syzkaller", 0) = 3 [pid 5909] <... write resumed>) = 2097152 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5909] munmap(0x7f0fce600000, 138412032 [pid 5910] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5909] <... munmap resumed>) = 0 [pid 5911] <... write resumed>) = 2097152 [pid 5911] munmap(0x7f0fce600000, 138412032 [pid 5909] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_SET_FD, 3 [pid 5911] <... munmap resumed>) = 0 [pid 5913] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5911] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3 [pid 5912] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5910] <... write resumed>) = 2097152 [pid 5909] <... ioctl resumed>) = 0 [pid 5909] close(3) = 0 [pid 5910] munmap(0x7f0fce600000, 138412032 [pid 5909] close(4) = 0 [pid 5909] mkdir("./bus", 0777) = 0 [pid 5909] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5911] <... ioctl resumed>) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [ 102.700959][ T5909] loop3: detected capacity change from 0 to 4096 [ 102.738968][ T5911] loop1: detected capacity change from 0 to 4096 [pid 5911] mkdir("./bus", 0777) = 0 [pid 5910] <... munmap resumed>) = 0 [pid 5913] <... write resumed>) = 2097152 [pid 5913] munmap(0x7f0fce600000, 138412032 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5911] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5913] <... munmap resumed>) = 0 [pid 5910] <... openat resumed>) = 4 [pid 5913] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5910] ioctl(4, LOOP_SET_FD, 3 [pid 5913] <... openat resumed>) = 4 [pid 5912] <... write resumed>) = 2097152 [pid 5913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5913] close(3 [pid 5912] munmap(0x7f0fce600000, 138412032 [pid 5910] <... ioctl resumed>) = 0 [pid 5910] close(3 [pid 5913] <... close resumed>) = 0 [pid 5910] <... close resumed>) = 0 [pid 5913] close(4 [pid 5910] close(4) = 0 [pid 5910] mkdir("./bus", 0777) = 0 [pid 5910] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5913] <... close resumed>) = 0 [pid 5913] mkdir("./bus", 0777) = 0 [pid 5912] <... munmap resumed>) = 0 [pid 5913] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5912] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 102.803909][ T5910] loop0: detected capacity change from 0 to 4096 [ 102.820448][ T5913] loop2: detected capacity change from 0 to 4096 [pid 5912] ioctl(4, LOOP_SET_FD, 3 [pid 5909] <... mount resumed>) = 0 [pid 5909] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5911] <... mount resumed>) = 0 [pid 5909] <... openat resumed>) = 3 [pid 5911] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5909] chdir("./bus" [pid 5912] <... ioctl resumed>) = 0 [pid 5911] <... openat resumed>) = 3 [pid 5911] chdir("./bus") = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5912] close(3 [pid 5911] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5912] <... close resumed>) = 0 [pid 5911] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5912] close(4 [pid 5911] memfd_create("syzkaller", 0 [pid 5912] <... close resumed>) = 0 [pid 5911] <... memfd_create resumed>) = 4 [pid 5912] mkdir("./bus", 0777 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5912] <... mkdir resumed>) = 0 [pid 5911] <... mmap resumed>) = 0x7f0fce600000 [pid 5911] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5909] <... chdir resumed>) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5911] <... write resumed>) = 32768 [pid 5909] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5911] munmap(0x7f0fce600000, 138412032 [pid 5909] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5911] <... munmap resumed>) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5909] memfd_create("syzkaller", 0 [pid 5911] close(4 [pid 5909] <... memfd_create resumed>) = 4 [pid 5913] <... mount resumed>) = 0 [pid 5911] <... close resumed>) = 0 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5913] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5910] <... mount resumed>) = 0 [pid 5909] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5913] <... openat resumed>) = 3 [ 102.868199][ T5912] loop4: detected capacity change from 0 to 4096 [pid 5913] chdir("./bus" [pid 5911] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5910] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5909] <... write resumed>) = 32768 [pid 5913] <... chdir resumed>) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5911] <... prlimit64 resumed>NULL) = 0 [pid 5911] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5911] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5911] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5911] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5911] read(4, [pid 5910] <... openat resumed>) = 3 [pid 5913] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5910] chdir("./bus" [pid 5909] munmap(0x7f0fce600000, 138412032 [pid 5913] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5910] <... chdir resumed>) = 0 [pid 5913] memfd_create("syzkaller", 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5909] <... munmap resumed>) = 0 [pid 5913] <... memfd_create resumed>) = 4 [pid 5910] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5909] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5910] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5913] <... mmap resumed>) = 0x7f0fce600000 [pid 5910] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5909] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5910] memfd_create("syzkaller", 0 [pid 5909] close(4 [pid 5910] <... memfd_create resumed>) = 4 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5909] <... close resumed>) = 0 [pid 5913] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5910] <... mmap resumed>) = 0x7f0fce600000 [pid 5909] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5910] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5909] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5913] <... write resumed>) = 32768 [pid 5909] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5913] munmap(0x7f0fce600000, 138412032 [pid 5910] <... write resumed>) = 32768 [pid 5909] sched_setscheduler(0, SCHED_RR, NULL [pid 5913] <... munmap resumed>) = 0 [pid 5909] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5913] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5910] munmap(0x7f0fce600000, 138412032) = 0 [pid 5913] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5909] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5913] close(4 [pid 5910] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5909] <... openat resumed>) = 4 [pid 5913] <... close resumed>) = 0 [pid 5910] close(4 [pid 5909] read(4, [pid 5910] <... close resumed>) = 0 [pid 5910] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5913] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5910] <... prlimit64 resumed>NULL) = 0 [pid 5913] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5910] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5913] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5910] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5913] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5910] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5913] sched_setscheduler(0, SCHED_RR, NULL [pid 5910] sched_setscheduler(0, SCHED_RR, NULL [pid 5913] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5913] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5910] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5910] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5913] <... openat resumed>) = 4 [pid 5910] <... openat resumed>) = 4 [pid 5913] read(4, [pid 5912] <... mount resumed>) = 0 [pid 5910] read(4, [pid 5912] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./bus") = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5912] memfd_create("syzkaller", 0) = 4 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5912] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5912] munmap(0x7f0fce600000, 138412032) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] close(4) = 0 [pid 5912] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5912] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5912] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5912] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5912] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5912] read(4, [pid 5909] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5909] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5909] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5909] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5909] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5909] exit_group(0) = ? [pid 5909] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./12/binderfs") = 0 [pid 5841] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5841] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./12/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./12") = 0 [pid 5841] mkdir("./13", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5913] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5913] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5913] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5913] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5913] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5910] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5910] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5910] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5910] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5913] <... openat resumed>) = 5 [pid 5910] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5913] exit_group(0 [pid 5910] <... openat resumed>) = 5 [pid 5913] <... exit_group resumed>) = ? [pid 5910] exit_group(0 [pid 5913] +++ exited with 0 +++ [pid 5911] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5911] sched_setaffinity(0, 0, NULL [pid 5910] <... exit_group resumed>) = ? [pid 5911] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5910] +++ exited with 0 +++ [pid 5840] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5911] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- [pid 5911] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5911] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5841] <... close resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] unlink("./12/binderfs" [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5911] <... openat resumed>) = 5 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5911] exit_group(0) = ? [pid 5838] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5914 attached [pid 5912] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5911] +++ exited with 0 +++ [pid 5840] <... unlink resumed>) = 0 [pid 5838] newfstatat(3, "", [pid 5840] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5838] getdents64(3, [pid 5914] set_robust_list(0x555579e09760, 24 [pid 5912] sched_setaffinity(0, 0, NULL [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5912] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5912] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5914] <... set_robust_list resumed>) = 0 [pid 5912] rename(NULL, NULL [pid 5838] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5914] chdir("./13" [pid 5912] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] <... umount2 resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5912] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] unlink("./12/binderfs" [pid 5914] <... chdir resumed>) = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5914] setpgid(0, 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5914] <... setpgid resumed>) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... unlink resumed>) = 0 [pid 5914] <... openat resumed>) = 3 [pid 5840] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(AT_FDCWD, "./12/bus", [pid 5839] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5914] write(3, "1000", 4 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5914 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... write resumed>) = 4 [pid 5840] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5914] close(3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... openat resumed>) = 3 [pid 5914] symlink("/dev/binderfs", "./binderfs" [pid 5912] <... openat resumed>) = 5 [pid 5840] <... openat resumed>) = 4 [pid 5839] newfstatat(3, "", [pid 5912] exit_group(0 [pid 5914] <... symlink resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5912] <... exit_group resumed>) = ? executing program [pid 5839] getdents64(3, [pid 5914] write(1, "executing program\n", 18 [pid 5912] +++ exited with 0 +++ [pid 5840] newfstatat(4, "", [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] <... umount2 resumed>) = 0 [pid 5914] <... write resumed>) = 18 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./12/binderfs") = 0 [pid 5839] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5914] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5840] getdents64(4, [pid 5914] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5914] memfd_create("syzkaller", 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... memfd_create resumed>) = 3 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] newfstatat(AT_FDCWD, "./12/bus", [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] getdents64(4, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] newfstatat(AT_FDCWD, "./12/bus", [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(4 [pid 5839] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] rmdir("./12/bus" [pid 5839] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... openat resumed>) = 4 [pid 5842] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... rmdir resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5838] newfstatat(4, "", [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(3, [pid 5839] newfstatat(4, "", [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5839] getdents64(4, [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, [pid 5839] getdents64(4, [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4 [pid 5839] close(4 [pid 5838] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5838] rmdir("./12/bus" [pid 5842] <... openat resumed>) = 3 [pid 5840] close(3 [pid 5839] rmdir("./12/bus" [pid 5838] <... rmdir resumed>) = 0 [pid 5842] newfstatat(3, "", [pid 5840] <... close resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5838] getdents64(3, [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] rmdir("./12" [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./12" [pid 5842] getdents64(3, [pid 5840] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, [pid 5838] <... rmdir resumed>) = 0 [pid 5840] mkdir("./13", 0777 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5838] mkdir("./13", 0777 [pid 5840] <... mkdir resumed>) = 0 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] rmdir("./12" [pid 5838] <... mkdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5914] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 3 [pid 5839] mkdir("./13", 0777 [pid 5838] <... openat resumed>) = 3 [pid 5842] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] <... mkdir resumed>) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5842] unlink("./12/binderfs") = 0 [pid 5840] close(3 [pid 5838] <... ioctl resumed>) = 0 [pid 5842] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5914] <... write resumed>) = 2097152 [pid 5840] <... close resumed>) = 0 [pid 5838] close(3 [pid 5839] <... close resumed>) = 0 [pid 5914] munmap(0x7f0fce600000, 138412032 [pid 5842] <... umount2 resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5916 attached ./strace-static-x86_64: Process 5915 attached [pid 5914] <... munmap resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5915 [pid 5838] <... close resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5916] set_robust_list(0x555579e09760, 24 [pid 5915] set_robust_list(0x555579e09760, 24 [pid 5842] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5915] <... set_robust_list resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5915] chdir("./13" [pid 5842] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5917 attached [pid 5916] <... set_robust_list resumed>) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5917 [pid 5915] <... chdir resumed>) = 0 [pid 5842] newfstatat(4, "", [pid 5916] chdir("./13" [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5917] set_robust_list(0x555579e09760, 24 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5917] <... set_robust_list resumed>) = 0 [pid 5916] <... chdir resumed>) = 0 [pid 5917] chdir("./13" [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5915] <... prctl resumed>) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5842] getdents64(4, [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5916 [pid 5916] <... prctl resumed>) = 0 [pid 5916] setpgid(0, 0 [pid 5914] <... openat resumed>) = 4 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5917] <... chdir resumed>) = 0 [pid 5916] <... setpgid resumed>) = 0 [pid 5915] setpgid(0, 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5915] <... setpgid resumed>) = 0 [pid 5914] ioctl(4, LOOP_SET_FD, 3 [pid 5842] getdents64(4, [pid 5917] <... prctl resumed>) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5917] setpgid(0, 0 [pid 5916] <... openat resumed>) = 3 [pid 5915] <... openat resumed>) = 3 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5917] <... setpgid resumed>) = 0 [pid 5916] write(3, "1000", 4 [pid 5915] write(3, "1000", 4 [pid 5842] close(4 [pid 5916] <... write resumed>) = 4 [pid 5916] close(3) = 0 [pid 5915] <... write resumed>) = 4 [pid 5842] <... close resumed>) = 0 [pid 5915] close(3 [pid 5842] rmdir("./12/bus" [pid 5915] <... close resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs" [pid 5842] getdents64(3, [pid 5915] <... symlink resumed>) = 0 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3executing program ) = 0 [pid 5915] write(1, "executing program\n", 18 [pid 5842] rmdir("./12" [pid 5915] <... write resumed>) = 18 [pid 5842] <... rmdir resumed>) = 0 executing program [pid 5915] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] mkdir("./13", 0777 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5916] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... mkdir resumed>) = 0 [pid 5915] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5917] <... openat resumed>) = 3 [pid 5916] <... symlink resumed>) = 0 [pid 5915] memfd_create("syzkaller", 0 [pid 5917] write(3, "1000", 4) = 4 [pid 5916] write(1, "executing program\n", 18 [pid 5917] close(3 [pid 5916] <... write resumed>) = 18 [pid 5917] <... close resumed>) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs" [pid 5916] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16executing program [pid 5917] <... symlink resumed>) = 0 [pid 5916] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5917] write(1, "executing program\n", 18) = 18 [pid 5915] <... memfd_create resumed>) = 3 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5917] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5916] memfd_create("syzkaller", 0 [pid 5917] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... openat resumed>) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5917] memfd_create("syzkaller", 0 [pid 5915] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 5917] <... memfd_create resumed>) = 3 [pid 5916] <... memfd_create resumed>) = 3 [pid 5914] <... ioctl resumed>) = 0 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5914] close(3) = 0 [pid 5914] close(4) = 0 [pid 5914] mkdir("./bus", 0777) = 0 [pid 5914] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5917] <... mmap resumed>) = 0x7f0fce600000 [ 103.899708][ T5914] loop3: detected capacity change from 0 to 4096 [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5918 attached [pid 5918] set_robust_list(0x555579e09760, 24 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5918 [pid 5918] <... set_robust_list resumed>) = 0 [pid 5918] chdir("./13" [pid 5915] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5918] <... chdir resumed>) = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5914] <... mount resumed>) = 0 executing program [pid 5918] write(1, "executing program\n", 18 [pid 5914] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5914] chdir("./bus" [pid 5918] <... write resumed>) = 18 [pid 5914] <... chdir resumed>) = 0 [pid 5918] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5914] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5918] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5914] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5918] memfd_create("syzkaller", 0 [pid 5914] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5914] memfd_create("syzkaller", 0 [pid 5918] <... memfd_create resumed>) = 3 [pid 5914] <... memfd_create resumed>) = 4 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5915] <... write resumed>) = 2097152 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5918] <... mmap resumed>) = 0x7f0fce600000 [pid 5914] <... mmap resumed>) = 0x7f0fce600000 [pid 5914] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5914] munmap(0x7f0fce600000, 138412032) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5914] close(4 [pid 5915] munmap(0x7f0fce600000, 138412032 [pid 5914] <... close resumed>) = 0 [pid 5914] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5914] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5914] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5914] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5914] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5916] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5914] <... openat resumed>) = 4 [pid 5914] read(4, [pid 5917] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5915] <... munmap resumed>) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4) = 0 [pid 5915] mkdir("./bus", 0777) = 0 [ 104.092823][ T5915] loop2: detected capacity change from 0 to 4096 [pid 5915] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5916] <... write resumed>) = 2097152 [pid 5916] munmap(0x7f0fce600000, 138412032 [pid 5918] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5917] <... write resumed>) = 2097152 [pid 5917] munmap(0x7f0fce600000, 138412032 [pid 5916] <... munmap resumed>) = 0 [pid 5917] <... munmap resumed>) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5916] ioctl(4, LOOP_SET_FD, 3 [pid 5915] <... mount resumed>) = 0 [pid 5915] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] chdir("./bus") = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5915] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5915] memfd_create("syzkaller", 0) = 4 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5916] <... ioctl resumed>) = 0 [pid 5915] <... mmap resumed>) = 0x7f0fce600000 [pid 5917] <... openat resumed>) = 4 [pid 5916] close(3 [pid 5917] ioctl(4, LOOP_SET_FD, 3 [pid 5916] <... close resumed>) = 0 [pid 5915] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5917] <... ioctl resumed>) = 0 [pid 5916] close(4 [pid 5917] close(3) = 0 [pid 5916] <... close resumed>) = 0 [pid 5915] <... write resumed>) = 32768 [pid 5917] close(4 [pid 5916] mkdir("./bus", 0777 [pid 5915] munmap(0x7f0fce600000, 138412032 [pid 5917] <... close resumed>) = 0 [pid 5915] <... munmap resumed>) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5915] close(4) = 0 [pid 5915] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5918] <... write resumed>) = 2097152 [pid 5917] mkdir("./bus", 0777 [pid 5915] <... prlimit64 resumed>NULL) = 0 [pid 5916] <... mkdir resumed>) = 0 [pid 5915] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5917] <... mkdir resumed>) = 0 [pid 5916] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5915] sched_setaffinity(0, 0, NULL [pid 5917] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5915] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5915] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5915] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5915] read(4, [ 104.191420][ T5916] loop1: detected capacity change from 0 to 4096 [ 104.211524][ T5917] loop0: detected capacity change from 0 to 4096 [pid 5918] munmap(0x7f0fce600000, 138412032) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5918] close(3) = 0 [pid 5918] close(4) = 0 [pid 5918] mkdir("./bus", 0777) = 0 [ 104.296663][ T5918] loop4: detected capacity change from 0 to 4096 [pid 5918] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5917] <... mount resumed>) = 0 [pid 5916] <... mount resumed>) = 0 [pid 5916] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5917] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5916] <... openat resumed>) = 3 [pid 5917] <... openat resumed>) = 3 [pid 5916] chdir("./bus" [pid 5917] chdir("./bus" [pid 5916] <... chdir resumed>) = 0 [pid 5917] <... chdir resumed>) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5916] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5917] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5916] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5917] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5916] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5917] memfd_create("syzkaller", 0 [pid 5916] memfd_create("syzkaller", 0 [pid 5917] <... memfd_create resumed>) = 4 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5916] <... memfd_create resumed>) = 4 [pid 5917] <... mmap resumed>) = 0x7f0fce600000 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5917] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5916] <... mmap resumed>) = 0x7f0fce600000 [pid 5916] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5917] <... write resumed>) = 32768 [pid 5917] munmap(0x7f0fce600000, 138412032) = 0 [pid 5916] <... write resumed>) = 32768 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5916] munmap(0x7f0fce600000, 138412032 [pid 5917] close(4) = 0 [pid 5917] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5916] <... munmap resumed>) = 0 [pid 5917] <... prlimit64 resumed>NULL) = 0 [pid 5917] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5916] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5917] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5917] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5916] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5917] sched_setscheduler(0, SCHED_RR, NULL [pid 5916] close(4 [pid 5917] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5917] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5916] <... close resumed>) = 0 [pid 5918] <... mount resumed>) = 0 [pid 5917] read(4, [pid 5916] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5918] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5916] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5918] <... openat resumed>) = 3 [pid 5916] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5916] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5918] chdir("./bus" [pid 5916] sched_setscheduler(0, SCHED_RR, NULL [pid 5918] <... chdir resumed>) = 0 [pid 5916] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5918] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5916] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5918] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5916] <... openat resumed>) = 4 [pid 5916] read(4, [pid 5918] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5918] memfd_create("syzkaller", 0) = 4 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5918] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5918] munmap(0x7f0fce600000, 138412032) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5918] close(4) = 0 [pid 5918] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5918] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5918] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5918] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5918] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5918] read(4, [pid 5914] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5914] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5914] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5914] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5914] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5914] exit_group(0) = ? [pid 5914] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./13/binderfs") = 0 [pid 5841] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5841] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./13/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5916] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5916] sched_setaffinity(0, 0, NULL [pid 5841] rmdir("./13" [pid 5916] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... rmdir resumed>) = 0 [pid 5916] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5916] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5916] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] mkdir("./14", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5916] <... openat resumed>) = 5 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5916] exit_group(0 [pid 5841] close(3 [pid 5916] <... exit_group resumed>) = ? [pid 5916] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5915] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5915] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5915] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5915] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5915] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5915] exit_group(0) = ? [pid 5915] +++ exited with 0 +++ [pid 5839] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5839] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... restart_syscall resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./13/binderfs" [pid 5841] <... close resumed>) = 0 [pid 5840] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... unlink resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./13/binderfs") = 0 [pid 5840] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5917] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... umount2 resumed>) = 0 [pid 5917] sched_setaffinity(0, 0, NULL./strace-static-x86_64: Process 5919 attached ) = -1 EINVAL (Invalid argument) [pid 5917] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5919] set_robust_list(0x555579e09760, 24 [pid 5917] rename(NULL, NULL [pid 5919] <... set_robust_list resumed>) = 0 [pid 5917] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5919 [pid 5917] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5919] chdir("./14") = 0 [pid 5839] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5919] <... prctl resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./13/bus", [pid 5919] setpgid(0, 0 [pid 5917] <... openat resumed>) = 5 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5919] <... setpgid resumed>) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5917] exit_group(0 [pid 5840] <... umount2 resumed>) = 0 [pid 5839] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] <... openat resumed>) = 3 [pid 5917] <... exit_group resumed>) = ? [pid 5919] write(3, "1000", 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5919] <... write resumed>) = 4 [pid 5840] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5919] close(3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... openat resumed>) = 4 [pid 5919] <... close resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./13/bus", [pid 5839] newfstatat(4, "", [pid 5919] symlink("/dev/binderfs", "./binderfs" [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5919] <... symlink resumed>) = 0 [pid 5917] +++ exited with 0 +++ [pid 5839] getdents64(4, [pid 5840] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 executing program [pid 5919] write(1, "executing program\n", 18 [pid 5840] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] getdents64(4, [pid 5919] <... write resumed>) = 18 [pid 5840] <... openat resumed>) = 4 [pid 5919] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5840] newfstatat(4, "", [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] close(4 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5919] memfd_create("syzkaller", 0 [pid 5839] <... close resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] rmdir("./13/bus" [pid 5838] <... openat resumed>) = 3 [pid 5840] getdents64(4, [pid 5838] newfstatat(3, "", [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] close(4) = 0 [pid 5838] getdents64(3, [pid 5840] rmdir("./13/bus" [pid 5919] <... memfd_create resumed>) = 3 [pid 5840] <... rmdir resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] getdents64(3, [pid 5838] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] close(3 [pid 5838] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5839] <... close resumed>) = 0 [pid 5840] getdents64(3, [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] unlink("./13/binderfs" [pid 5840] close(3 [pid 5918] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] <... close resumed>) = 0 [pid 5839] rmdir("./13" [pid 5838] <... unlink resumed>) = 0 [pid 5840] rmdir("./13" [pid 5918] sched_setaffinity(0, 0, NULL [pid 5840] <... rmdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5838] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5918] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] mkdir("./14", 0777) = 0 [pid 5839] mkdir("./14", 0777 [pid 5918] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] <... mkdir resumed>) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5918] rename(NULL, NULL [pid 5838] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] <... openat resumed>) = 3 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] <... openat resumed>) = 3 [pid 5838] newfstatat(AT_FDCWD, "./13/bus", [pid 5840] <... ioctl resumed>) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] close(3 [pid 5839] <... ioctl resumed>) = 0 [pid 5838] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] <... openat resumed>) = 5 [pid 5839] close(3 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] exit_group(0 [pid 5838] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5918] <... exit_group resumed>) = ? [pid 5918] +++ exited with 0 +++ [pid 5838] newfstatat(4, "", [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] unlink("./13/binderfs" [pid 5840] <... close resumed>) = 0 [pid 5838] getdents64(4, [pid 5842] <... unlink resumed>) = 0 [pid 5842] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./13/bus" [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5920 attached [pid 5838] <... rmdir resumed>) = 0 [pid 5919] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... umount2 resumed>) = 0 [pid 5838] getdents64(3, ./strace-static-x86_64: Process 5921 attached [pid 5842] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] newfstatat(AT_FDCWD, "./13/bus", [pid 5920] set_robust_list(0x555579e09760, 24 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] close(3 [pid 5921] set_robust_list(0x555579e09760, 24 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5842] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... close resumed>) = 0 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5920] chdir("./14" [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5920 [pid 5838] rmdir("./13" [pid 5921] chdir("./14" [pid 5842] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5921 [pid 5921] <... chdir resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5838] <... rmdir resumed>) = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] newfstatat(4, "", [pid 5838] mkdir("./14", 0777 [pid 5921] <... prctl resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5921] setpgid(0, 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5921] <... setpgid resumed>) = 0 [pid 5920] <... chdir resumed>) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5920] <... prctl resumed>) = 0 [pid 5842] getdents64(4, [pid 5838] <... openat resumed>) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5920] setpgid(0, 0 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] <... ioctl resumed>) = 0 executing program [pid 5921] <... openat resumed>) = 3 [pid 5920] <... setpgid resumed>) = 0 [pid 5842] close(4 [pid 5838] close(3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5921] <... close resumed>) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5921] write(1, "executing program\n", 18) = 18 [pid 5921] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5921] memfd_create("syzkaller", 0 [pid 5920] <... openat resumed>) = 3 [pid 5919] <... write resumed>) = 2097152 [pid 5842] <... close resumed>) = 0 [pid 5920] write(3, "1000", 4 [pid 5842] rmdir("./13/bus" [pid 5920] <... write resumed>) = 4 [pid 5921] <... memfd_create resumed>) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5921] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] getdents64(3, [pid 5920] close(3 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5919] munmap(0x7f0fce600000, 138412032 [pid 5920] <... close resumed>) = 0 [pid 5919] <... munmap resumed>) = 0 [pid 5842] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] rmdir("./13" [pid 5919] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3 [pid 5920] write(1, "executing program\n", 18 [pid 5842] <... rmdir resumed>) = 0 executing program [pid 5842] mkdir("./14", 0777 [pid 5920] <... write resumed>) = 18 [pid 5920] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] <... mkdir resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5920] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5920] memfd_create("syzkaller", 0 [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5922 ./strace-static-x86_64: Process 5922 attached [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 5919] <... ioctl resumed>) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./bus", 0777) = 0 [pid 5919] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5922] set_robust_list(0x555579e09760, 24) = 0 [pid 5922] chdir("./14" [pid 5920] <... memfd_create resumed>) = 3 [pid 5922] <... chdir resumed>) = 0 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5920] <... mmap resumed>) = 0x7f0fce600000 [pid 5922] <... prctl resumed>) = 0 [pid 5922] setpgid(0, 0) = 0 [ 105.248647][ T5919] loop3: detected capacity change from 0 to 4096 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5921] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5922] <... openat resumed>) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5919] <... mount resumed>) = 0 [pid 5922] write(1, "executing program\n", 18 [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5922] <... write resumed>) = 18 [pid 5922] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16./strace-static-x86_64: Process 5923 attached [pid 5919] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5922] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5919] <... openat resumed>) = 3 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5923 [pid 5923] set_robust_list(0x555579e09760, 24 [pid 5919] chdir("./bus") = 0 [pid 5923] <... set_robust_list resumed>) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5923] chdir("./14" [pid 5922] memfd_create("syzkaller", 0 [pid 5919] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5923] <... chdir resumed>) = 0 [pid 5919] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5919] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5923] <... prctl resumed>) = 0 [pid 5919] memfd_create("syzkaller", 0 [pid 5923] setpgid(0, 0 [pid 5919] <... memfd_create resumed>) = 4 [pid 5923] <... setpgid resumed>) = 0 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5919] <... mmap resumed>) = 0x7f0fce600000 [pid 5919] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5923] <... openat resumed>) = 3 [pid 5919] <... write resumed>) = 32768 [pid 5923] write(3, "1000", 4) = 4 [pid 5922] <... memfd_create resumed>) = 3 [pid 5923] close(3 [pid 5919] munmap(0x7f0fce600000, 138412032 [pid 5923] <... close resumed>) = 0 [pid 5919] <... munmap resumed>) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs" [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5921] <... write resumed>) = 2097152 [pid 5923] <... symlink resumed>) = 0 [pid 5922] <... mmap resumed>) = 0x7f0fce600000 executing program [pid 5923] write(1, "executing program\n", 18) = 18 [pid 5921] munmap(0x7f0fce600000, 138412032 [pid 5919] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5923] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5919] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5923] memfd_create("syzkaller", 0 [pid 5921] <... munmap resumed>) = 0 [pid 5919] close(4 [pid 5920] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5919] <... close resumed>) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5923] <... memfd_create resumed>) = 3 [pid 5921] ioctl(4, LOOP_SET_FD, 3 [pid 5919] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5921] <... ioctl resumed>) = 0 [pid 5919] <... prlimit64 resumed>NULL) = 0 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5919] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5919] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5919] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5919] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5921] close(3 [pid 5919] read(4, [pid 5921] <... close resumed>) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./bus", 0777) = 0 [ 105.390955][ T5921] loop1: detected capacity change from 0 to 4096 [pid 5921] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5922] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5920] <... write resumed>) = 2097152 [pid 5921] <... mount resumed>) = 0 [pid 5920] munmap(0x7f0fce600000, 138412032 [pid 5921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./bus") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5923] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5921] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5921] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5920] <... munmap resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5920] ioctl(4, LOOP_SET_FD, 3 [pid 5922] <... write resumed>) = 2097152 [pid 5921] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5921] memfd_create("syzkaller", 0) = 4 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5923] <... write resumed>) = 2097152 [pid 5922] munmap(0x7f0fce600000, 138412032 [pid 5921] <... mmap resumed>) = 0x7f0fce600000 [pid 5923] munmap(0x7f0fce600000, 138412032) = 0 [pid 5921] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5920] <... ioctl resumed>) = 0 [pid 5920] close(3) = 0 [pid 5920] close(4) = 0 [pid 5920] mkdir("./bus", 0777) = 0 [pid 5920] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5921] <... write resumed>) = 32768 [pid 5921] munmap(0x7f0fce600000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5922] <... munmap resumed>) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5921] close(4 [pid 5923] <... openat resumed>) = 4 [pid 5922] <... openat resumed>) = 4 [pid 5921] <... close resumed>) = 0 [pid 5923] ioctl(4, LOOP_SET_FD, 3 [pid 5922] ioctl(4, LOOP_SET_FD, 3 [ 105.521482][ T5920] loop2: detected capacity change from 0 to 4096 [pid 5921] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5921] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5921] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5921] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5921] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5921] read(4, [pid 5923] <... ioctl resumed>) = 0 [pid 5922] <... ioctl resumed>) = 0 [pid 5923] close(3 [pid 5922] close(3 [pid 5923] <... close resumed>) = 0 [pid 5922] <... close resumed>) = 0 [pid 5923] close(4 [ 105.566683][ T5923] loop4: detected capacity change from 0 to 4096 [ 105.574414][ T5922] loop0: detected capacity change from 0 to 4096 [pid 5922] close(4 [pid 5923] <... close resumed>) = 0 [pid 5922] <... close resumed>) = 0 [pid 5923] mkdir("./bus", 0777 [pid 5922] mkdir("./bus", 0777 [pid 5920] <... mount resumed>) = 0 [pid 5923] <... mkdir resumed>) = 0 [pid 5923] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5922] <... mkdir resumed>) = 0 [pid 5920] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5922] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5920] <... openat resumed>) = 3 [pid 5920] chdir("./bus") = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5920] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5920] memfd_create("syzkaller", 0) = 4 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5920] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5920] munmap(0x7f0fce600000, 138412032) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5920] close(4) = 0 [pid 5920] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5920] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5920] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5920] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5920] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5923] <... mount resumed>) = 0 [pid 5920] read(4, [pid 5923] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./bus") = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5923] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5923] memfd_create("syzkaller", 0) = 4 [pid 5922] <... mount resumed>) = 0 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5922] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5923] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5922] <... openat resumed>) = 3 [pid 5923] munmap(0x7f0fce600000, 138412032) = 0 [pid 5922] chdir("./bus" [pid 5923] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5922] <... chdir resumed>) = 0 [pid 5923] close(4) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5923] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5923] <... prlimit64 resumed>NULL) = 0 [pid 5922] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5923] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5922] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5922] memfd_create("syzkaller", 0 [pid 5923] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5923] sched_setaffinity(0, 0, NULL [pid 5922] <... memfd_create resumed>) = 4 [pid 5923] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5923] sched_setscheduler(0, SCHED_RR, NULL [pid 5922] <... mmap resumed>) = 0x7f0fce600000 [pid 5923] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5923] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5922] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5923] <... openat resumed>) = 4 [pid 5922] <... write resumed>) = 32768 [pid 5923] read(4, [pid 5922] munmap(0x7f0fce600000, 138412032) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5922] close(4) = 0 [pid 5922] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5922] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5922] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5922] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5922] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5922] read(4, [pid 5919] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5919] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5919] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5919] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5919] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5919] exit_group(0) = ? [pid 5919] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./14/binderfs") = 0 [pid 5841] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5921] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5921] sched_setaffinity(0, 0, NULL [pid 5841] <... umount2 resumed>) = 0 [pid 5921] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5921] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5841] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5921] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] newfstatat(AT_FDCWD, "./14/bus", [pid 5921] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5921] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5921] <... openat resumed>) = 5 [pid 5841] <... openat resumed>) = 4 [pid 5921] exit_group(0 [pid 5841] newfstatat(4, "", [pid 5921] <... exit_group resumed>) = ? [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5921] +++ exited with 0 +++ [pid 5841] getdents64(4, [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5839] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] rmdir("./14/bus" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... rmdir resumed>) = 0 [pid 5841] getdents64(3, [pid 5839] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5841] close(3 [pid 5839] newfstatat(3, "", [pid 5841] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] rmdir("./14" [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./14/binderfs") = 0 [pid 5839] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... rmdir resumed>) = 0 [pid 5841] mkdir("./15", 0777) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5839] newfstatat(AT_FDCWD, "./14/bus", [pid 5841] <... ioctl resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] close(3 [pid 5839] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./14/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5923] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] <... close resumed>) = 0 [pid 5839] close(3 [pid 5923] sched_setaffinity(0, 0, NULL [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... close resumed>) = 0 [pid 5923] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5920] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] rmdir("./14" [pid 5923] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5920] sched_setaffinity(0, 0, NULL [pid 5923] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5924 [pid 5923] rename(NULL, NULL) = -1 EFAULT (Bad address) ./strace-static-x86_64: Process 5924 attached [pid 5923] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5920] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5924] set_robust_list(0x555579e09760, 24 [pid 5923] <... openat resumed>) = 5 [pid 5920] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] <... rmdir resumed>) = 0 [pid 5920] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5924] <... set_robust_list resumed>) = 0 [pid 5920] rename(NULL, NULL [pid 5924] chdir("./15" [pid 5920] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5924] <... chdir resumed>) = 0 [pid 5839] mkdir("./15", 0777 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5923] exit_group(0 [pid 5839] <... mkdir resumed>) = 0 [pid 5924] <... prctl resumed>) = 0 [pid 5924] setpgid(0, 0 [pid 5923] <... exit_group resumed>) = ? [pid 5924] <... setpgid resumed>) = 0 [pid 5920] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5923] +++ exited with 0 +++ [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5924] <... openat resumed>) = 3 [pid 5924] write(3, "1000", 4 [pid 5839] <... openat resumed>) = 3 [pid 5924] <... write resumed>) = 4 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5924] close(3 [pid 5920] <... openat resumed>) = 5 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5839] <... ioctl resumed>) = 0 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5924] <... close resumed>) = 0 [pid 5839] close(3executing program [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5924] write(1, "executing program\n", 18) = 18 [pid 5924] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5920] exit_group(0 [pid 5842] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5920] <... exit_group resumed>) = ? [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5924] memfd_create("syzkaller", 0 [pid 5920] +++ exited with 0 +++ [pid 5842] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5924] <... memfd_create resumed>) = 3 [pid 5842] <... openat resumed>) = 3 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] newfstatat(3, "", [pid 5924] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 5840] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(3, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] unlink("./14/binderfs" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5842] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] unlink("./14/binderfs") = 0 [pid 5840] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5925 attached [pid 5925] set_robust_list(0x555579e09760, 24) = 0 [pid 5925] chdir("./15") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5925 [pid 5925] <... write resumed>) = 4 [pid 5925] close(3 [pid 5924] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5925] <... close resumed>) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5925] write(1, "executing program\n", 18) = 18 [pid 5925] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5840] <... umount2 resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5840] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./14/bus", [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] newfstatat(AT_FDCWD, "./14/bus", [pid 5840] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 4 [pid 5842] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] newfstatat(4, "", [pid 5840] getdents64(4, [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5842] getdents64(4, [pid 5840] <... close resumed>) = 0 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] rmdir("./14/bus") = 0 [pid 5842] getdents64(4, [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5842] close(4 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./14" [pid 5842] <... close resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5842] rmdir("./14/bus" [pid 5840] mkdir("./15", 0777 [pid 5842] <... rmdir resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5842] getdents64(3, [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5842] close(3 [pid 5924] <... write resumed>) = 2097152 [pid 5842] <... close resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5842] rmdir("./14" [pid 5840] close(3 [pid 5842] <... rmdir resumed>) = 0 [pid 5925] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5924] munmap(0x7f0fce600000, 138412032 [pid 5842] mkdir("./15", 0777 [pid 5924] <... munmap resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5924] <... openat resumed>) = 4 [pid 5842] <... openat resumed>) = 3 [pid 5924] ioctl(4, LOOP_SET_FD, 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5924] <... ioctl resumed>) = 0 [pid 5924] close(3) = 0 [pid 5924] close(4) = 0 [pid 5924] mkdir("./bus", 0777) = 0 [pid 5924] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5840] <... close resumed>) = 0 [ 106.606978][ T5924] loop3: detected capacity change from 0 to 4096 [pid 5925] <... write resumed>) = 2097152 [pid 5924] <... mount resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5925] munmap(0x7f0fce600000, 138412032./strace-static-x86_64: Process 5926 attached [pid 5924] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5926 [pid 5926] set_robust_list(0x555579e09760, 24 [pid 5924] <... openat resumed>) = 3 [pid 5924] chdir("./bus") = 0 [pid 5926] <... set_robust_list resumed>) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5926] chdir("./15" [pid 5924] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5926] <... chdir resumed>) = 0 [pid 5924] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] memfd_create("syzkaller", 0 [pid 5926] setpgid(0, 0 [pid 5924] <... memfd_create resumed>) = 4 [pid 5926] <... setpgid resumed>) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5926] <... openat resumed>) = 3 [pid 5925] <... munmap resumed>) = 0 [pid 5924] <... mmap resumed>) = 0x7f0fce600000 [pid 5926] write(3, "1000", 4 [pid 5842] <... close resumed>) = 0 [pid 5926] <... write resumed>) = 4 [pid 5924] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs" [pid 5924] <... write resumed>) = 32768 ./strace-static-x86_64: Process 5927 attached [pid 5926] <... symlink resumed>) = 0 [pid 5924] munmap(0x7f0fce600000, 138412032) = 0 [pid 5926] write(1, "executing program\n", 18 [pid 5924] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5927] set_robust_list(0x555579e09760, 24 [pid 5924] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5922] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 executing program [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5927 [pid 5927] <... set_robust_list resumed>) = 0 [pid 5926] <... write resumed>) = 18 [pid 5925] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5924] close(4 [pid 5922] sched_setaffinity(0, 0, NULL [pid 5927] chdir("./15" [pid 5926] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5925] <... openat resumed>) = 4 [pid 5927] <... chdir resumed>) = 0 [pid 5926] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5924] <... close resumed>) = 0 [pid 5922] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5925] ioctl(4, LOOP_SET_FD, 3 [pid 5922] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5927] <... prctl resumed>) = 0 [pid 5926] memfd_create("syzkaller", 0 [pid 5922] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5924] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5924] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5927] setpgid(0, 0 [pid 5924] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5922] rename(NULL, NULL [pid 5927] <... setpgid resumed>) = 0 [pid 5924] sched_setaffinity(0, 0, NULL [pid 5922] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5924] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5922] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5927] <... openat resumed>) = 3 [pid 5926] <... memfd_create resumed>) = 3 [pid 5924] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5924] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5924] read(4, [pid 5927] write(3, "1000", 4 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5927] <... write resumed>) = 4 [pid 5926] <... mmap resumed>) = 0x7f0fce600000 [pid 5922] <... openat resumed>) = 5 [pid 5927] close(3 [pid 5922] exit_group(0 [pid 5927] <... close resumed>) = 0 [pid 5922] <... exit_group resumed>) = ? [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5927] write(1, "executing program\n", 18executing program ) = 18 [pid 5922] +++ exited with 0 +++ [pid 5927] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 5927] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5927] memfd_create("syzkaller", 0 [pid 5925] <... ioctl resumed>) = 0 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5925] close(3) = 0 [pid 5838] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5925] close(4 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5927] <... memfd_create resumed>) = 3 [pid 5925] <... close resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5925] mkdir("./bus", 0777 [pid 5838] <... openat resumed>) = 3 [pid 5925] <... mkdir resumed>) = 0 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5925] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [ 106.712693][ T5925] loop1: detected capacity change from 0 to 4096 [pid 5838] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./14/binderfs" [pid 5927] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] <... unlink resumed>) = 0 [pid 5838] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5838] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./14/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./14") = 0 [pid 5838] mkdir("./15", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5926] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5925] <... mount resumed>) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5925] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] chdir("./bus") = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5925] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5925] memfd_create("syzkaller", 0) = 4 [pid 5838] <... close resumed>) = 0 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5925] <... mmap resumed>) = 0x7f0fce600000 [pid 5925] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5928 [pid 5925] <... write resumed>) = 32768 ./strace-static-x86_64: Process 5928 attached [pid 5925] munmap(0x7f0fce600000, 138412032) = 0 [pid 5926] <... write resumed>) = 2097152 [pid 5928] set_robust_list(0x555579e09760, 24 [pid 5925] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5928] <... set_robust_list resumed>) = 0 [pid 5926] munmap(0x7f0fce600000, 138412032 [pid 5925] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5928] chdir("./15") = 0 [pid 5926] <... munmap resumed>) = 0 [pid 5925] close(4 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5925] <... close resumed>) = 0 [pid 5927] <... write resumed>) = 2097152 [pid 5928] <... prctl resumed>) = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5925] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5928] setpgid(0, 0 [pid 5927] munmap(0x7f0fce600000, 138412032 [pid 5928] <... setpgid resumed>) = 0 [pid 5925] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5926] <... openat resumed>) = 4 [pid 5925] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5925] sched_setaffinity(0, 0, NULL [pid 5926] ioctl(4, LOOP_SET_FD, 3 [pid 5928] <... openat resumed>) = 3 [pid 5926] <... ioctl resumed>) = 0 [pid 5925] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5925] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5925] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5928] write(3, "1000", 4 [pid 5927] <... munmap resumed>) = 0 [pid 5926] close(3 [pid 5925] <... openat resumed>) = 4 [pid 5928] <... write resumed>) = 4 [pid 5927] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5928] close(3 [pid 5927] <... openat resumed>) = 4 [pid 5926] <... close resumed>) = 0 [pid 5925] read(4, [pid 5928] <... close resumed>) = 0 [pid 5927] ioctl(4, LOOP_SET_FD, 3 [pid 5926] close(4 [pid 5928] symlink("/dev/binderfs", "./binderfs" [pid 5926] <... close resumed>) = 0 [pid 5928] <... symlink resumed>) = 0 [pid 5926] mkdir("./bus", 0777) = 0 [pid 5926] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5927] <... ioctl resumed>) = 0 [pid 5928] write(1, "executing program\n", 18executing program ) = 18 [pid 5928] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5927] close(3 [pid 5928] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5927] <... close resumed>) = 0 [pid 5927] close(4) = 0 [pid 5928] memfd_create("syzkaller", 0 [pid 5927] mkdir("./bus", 0777) = 0 [pid 5928] <... memfd_create resumed>) = 3 [pid 5927] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [ 106.979937][ T5926] loop2: detected capacity change from 0 to 4096 [ 107.002454][ T5927] loop4: detected capacity change from 0 to 4096 [pid 5926] <... mount resumed>) = 0 [pid 5926] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5926] chdir("./bus") = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5926] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5926] memfd_create("syzkaller", 0) = 4 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5926] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5926] munmap(0x7f0fce600000, 138412032) = 0 [pid 5927] <... mount resumed>) = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5926] close(4 [pid 5927] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5926] <... close resumed>) = 0 [pid 5927] <... openat resumed>) = 3 [pid 5926] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5927] chdir("./bus" [pid 5926] <... prlimit64 resumed>NULL) = 0 [pid 5927] <... chdir resumed>) = 0 [pid 5926] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5927] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5926] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5927] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5926] sched_setaffinity(0, 0, NULL [pid 5927] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5926] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5927] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5926] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5927] memfd_create("syzkaller", 0 [pid 5926] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5927] <... memfd_create resumed>) = 4 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5926] <... openat resumed>) = 4 [pid 5927] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5926] read(4, [pid 5927] <... write resumed>) = 32768 [pid 5927] munmap(0x7f0fce600000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] close(4) = 0 [pid 5927] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5928] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5927] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5927] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5927] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5927] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5927] read(4, [pid 5924] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5924] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5924] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5924] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5924] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5924] exit_group(0) = ? [pid 5928] <... write resumed>) = 2097152 [pid 5928] munmap(0x7f0fce600000, 138412032 [pid 5924] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5841] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5928] <... munmap resumed>) = 0 [pid 5841] getdents64(3, [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5928] <... openat resumed>) = 4 [pid 5841] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5928] ioctl(4, LOOP_SET_FD, 3 [pid 5841] unlink("./15/binderfs" [pid 5928] <... ioctl resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5841] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5928] close(3) = 0 [pid 5928] close(4) = 0 [pid 5928] mkdir("./bus", 0777) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5928] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5841] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 107.341510][ T5928] loop0: detected capacity change from 0 to 4096 [pid 5841] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./15/bus") = 0 [pid 5928] <... mount resumed>) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 5928] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5841] <... close resumed>) = 0 [pid 5928] <... openat resumed>) = 3 [pid 5841] rmdir("./15" [pid 5928] chdir("./bus" [pid 5841] <... rmdir resumed>) = 0 [pid 5928] <... chdir resumed>) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5928] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5928] memfd_create("syzkaller", 0 [pid 5841] mkdir("./16", 0777 [pid 5928] <... memfd_create resumed>) = 4 [pid 5841] <... mkdir resumed>) = 0 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5928] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5928] munmap(0x7f0fce600000, 138412032 [pid 5841] <... ioctl resumed>) = 0 [pid 5928] <... munmap resumed>) = 0 [pid 5841] close(3 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5928] close(4) = 0 [pid 5928] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5928] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5928] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5928] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5928] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5928] read(4, [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached [pid 5929] set_robust_list(0x555579e09760, 24) = 0 [pid 5929] chdir("./16" [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5929 [pid 5929] <... chdir resumed>) = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5929] write(1, "executing program\n", 18) = 18 [pid 5929] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5929] memfd_create("syzkaller", 0) = 3 [pid 5926] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5926] sched_setaffinity(0, 0, NULL [pid 5929] <... mmap resumed>) = 0x7f0fce600000 [pid 5926] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5926] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5926] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5926] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5926] exit_group(0) = ? [pid 5926] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./15/binderfs") = 0 [pid 5840] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5840] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5929] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./15/bus") = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./15") = 0 [pid 5840] mkdir("./16", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5929] <... write resumed>) = 2097152 [pid 5929] munmap(0x7f0fce600000, 138412032 [pid 5840] <... close resumed>) = 0 [pid 5925] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5925] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5930 attached [pid 5925] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5930] set_robust_list(0x555579e09760, 24 [pid 5925] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5930 [pid 5930] <... set_robust_list resumed>) = 0 [pid 5925] rename(NULL, NULL [pid 5930] chdir("./16" [pid 5925] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5930] <... chdir resumed>) = 0 [pid 5925] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] <... munmap resumed>) = 0 [pid 5930] write(3, "1000", 4 [pid 5925] <... openat resumed>) = 5 [pid 5930] <... write resumed>) = 4 [pid 5929] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5930] close(3 [pid 5929] <... openat resumed>) = 4 [pid 5927] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5925] exit_group(0 [pid 5930] <... close resumed>) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs" [pid 5929] ioctl(4, LOOP_SET_FD, 3 [pid 5930] <... symlink resumed>) = 0 [pid 5929] <... ioctl resumed>) = 0 [pid 5927] sched_setaffinity(0, 0, NULL [pid 5925] <... exit_group resumed>) = ? [pid 5927] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5929] close(3executing program [pid 5930] write(1, "executing program\n", 18 [pid 5927] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5925] +++ exited with 0 +++ [pid 5930] <... write resumed>) = 18 [pid 5927] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5927] rename(NULL, NULL [pid 5930] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5927] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5930] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5929] <... close resumed>) = 0 [pid 5927] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5929] close(4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5930] memfd_create("syzkaller", 0 [pid 5929] <... close resumed>) = 0 [pid 5927] <... openat resumed>) = 5 [pid 5839] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5929] mkdir("./bus", 0777 [pid 5927] exit_group(0 [pid 5839] <... openat resumed>) = 3 [pid 5927] <... exit_group resumed>) = ? [pid 5929] <... mkdir resumed>) = 0 [pid 5927] +++ exited with 0 +++ [pid 5839] newfstatat(3, "", [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5930] <... memfd_create resumed>) = 3 [pid 5839] getdents64(3, [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5842] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5929] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... openat resumed>) = 3 [pid 5839] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] getdents64(3, [pid 5839] unlink("./15/binderfs" [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] <... unlink resumed>) = 0 [pid 5842] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [ 107.948563][ T5929] loop3: detected capacity change from 0 to 4096 [pid 5839] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./15/binderfs") = 0 [pid 5842] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./15/bus", [pid 5839] newfstatat(AT_FDCWD, "./15/bus", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5929] <... mount resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5929] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5929] chdir("./bus" [pid 5839] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5929] <... chdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5929] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5929] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... openat resumed>) = 4 [pid 5929] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] newfstatat(4, "", [pid 5929] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5929] memfd_create("syzkaller", 0 [pid 5839] getdents64(4, [pid 5929] <... memfd_create resumed>) = 4 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] getdents64(4, [pid 5929] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5929] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] close(4 [pid 5929] <... write resumed>) = 32768 [pid 5842] <... openat resumed>) = 4 [pid 5839] <... close resumed>) = 0 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] rmdir("./15/bus" [pid 5929] munmap(0x7f0fce600000, 138412032 [pid 5839] <... rmdir resumed>) = 0 [pid 5929] <... munmap resumed>) = 0 [pid 5842] getdents64(4, [pid 5929] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5929] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] getdents64(4, [pid 5929] close(4 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 5839] getdents64(3, [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./15/bus") = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] <... close resumed>) = 0 [pid 5930] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] close(3 [pid 5839] rmdir("./15" [pid 5929] <... close resumed>) = 0 [pid 5929] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5929] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] <... close resumed>) = 0 [pid 5929] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] rmdir("./15" [pid 5929] sched_setaffinity(0, 0, NULL [pid 5842] <... rmdir resumed>) = 0 [pid 5929] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... rmdir resumed>) = 0 [pid 5929] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5929] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5929] read(4, [pid 5839] mkdir("./16", 0777 [pid 5842] mkdir("./16", 0777) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] close(3 [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5842] <... close resumed>) = 0 [pid 5930] <... write resumed>) = 2097152 [pid 5930] munmap(0x7f0fce600000, 138412032 [pid 5839] <... close resumed>) = 0 [pid 5930] <... munmap resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555579e09750) = 5931 ./strace-static-x86_64: Process 5931 attached [pid 5930] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5930] <... openat resumed>) = 4 [pid 5931] set_robust_list(0x555579e09760, 24 [pid 5930] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5932 attached [pid 5931] <... set_robust_list resumed>) = 0 [pid 5931] chdir("./16" [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5932 [pid 5931] <... chdir resumed>) = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5932] set_robust_list(0x555579e09760, 24) = 0 [pid 5932] chdir("./16" [pid 5931] <... openat resumed>) = 3 [pid 5931] write(3, "1000", 4executing program [pid 5932] <... chdir resumed>) = 0 [pid 5931] <... write resumed>) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] write(1, "executing program\n", 18) = 18 [pid 5931] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5931] memfd_create("syzkaller", 0 [pid 5932] <... prctl resumed>) = 0 [pid 5931] <... memfd_create resumed>) = 3 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5932] setpgid(0, 0) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5930] <... ioctl resumed>) = 0 [pid 5930] close(3) = 0 [pid 5930] close(4) = 0 [pid 5930] mkdir("./bus", 0777) = 0 [pid 5930] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5932] <... openat resumed>) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5932] write(1, "executing program\n", 18executing program [ 108.187870][ T5930] loop2: detected capacity change from 0 to 4096 ) = 18 [pid 5932] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5932] memfd_create("syzkaller", 0) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5930] <... mount resumed>) = 0 [pid 5930] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5931] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5930] chdir("./bus") = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5930] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5930] memfd_create("syzkaller", 0) = 4 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5930] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5930] munmap(0x7f0fce600000, 138412032) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5930] close(4 [pid 5932] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5930] <... close resumed>) = 0 [pid 5930] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5930] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5930] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5930] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5930] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5930] read(4, [pid 5931] <... write resumed>) = 2097152 [pid 5932] <... write resumed>) = 2097152 [pid 5932] munmap(0x7f0fce600000, 138412032 [pid 5931] munmap(0x7f0fce600000, 138412032 [pid 5932] <... munmap resumed>) = 0 [pid 5931] <... munmap resumed>) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5931] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5932] <... openat resumed>) = 4 [pid 5931] <... openat resumed>) = 4 [pid 5931] ioctl(4, LOOP_SET_FD, 3 [pid 5932] ioctl(4, LOOP_SET_FD, 3 [pid 5929] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5929] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5929] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5929] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5929] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5932] <... ioctl resumed>) = 0 [pid 5931] <... ioctl resumed>) = 0 [pid 5928] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5932] close(3 [pid 5931] close(3 [pid 5928] sched_setaffinity(0, 0, NULL [pid 5932] <... close resumed>) = 0 [pid 5931] <... close resumed>) = 0 [pid 5931] close(4 [pid 5928] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5932] close(4 [pid 5929] exit_group(0) = ? [pid 5929] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5932] <... close resumed>) = 0 [pid 5931] <... close resumed>) = 0 [pid 5928] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5932] mkdir("./bus", 0777) = 0 [pid 5928] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5931] mkdir("./bus", 0777 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5931] <... mkdir resumed>) = 0 [pid 5928] rename(NULL, NULL [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", [pid 5928] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 5928] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./16/binderfs" [pid 5932] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5931] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5841] <... unlink resumed>) = 0 [pid 5841] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5928] <... openat resumed>) = 5 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5928] exit_group(0) = ? [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./16/bus") = 0 [pid 5841] getdents64(3, [pid 5928] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [ 108.449966][ T5931] loop4: detected capacity change from 0 to 4096 [ 108.456885][ T5932] loop1: detected capacity change from 0 to 4096 [pid 5841] close(3) = 0 [pid 5841] rmdir("./16") = 0 [pid 5841] mkdir("./17", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... openat resumed>) = 3 [pid 5838] <... openat resumed>) = 3 [pid 5838] newfstatat(3, "", [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./15/binderfs") = 0 [pid 5838] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5838] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4 [pid 5841] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./15/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./15") = 0 [pid 5838] mkdir("./16", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 5933 attached [pid 5838] close(3executing program [pid 5932] <... mount resumed>) = 0 [pid 5931] <... mount resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5933 [pid 5933] set_robust_list(0x555579e09760, 24) = 0 [pid 5933] chdir("./17") = 0 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] setpgid(0, 0) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5933] write(3, "1000", 4) = 4 [pid 5933] close(3) = 0 [pid 5933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5933] write(1, "executing program\n", 18) = 18 [pid 5933] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5933] memfd_create("syzkaller", 0 [pid 5932] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5931] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5933] <... memfd_create resumed>) = 3 [pid 5932] <... openat resumed>) = 3 [pid 5931] <... openat resumed>) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5932] chdir("./bus" [pid 5931] chdir("./bus" [pid 5933] <... mmap resumed>) = 0x7f0fce600000 [pid 5932] <... chdir resumed>) = 0 [pid 5931] <... chdir resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5931] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5932] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5931] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5932] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5931] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5932] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5931] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5932] memfd_create("syzkaller", 0 [pid 5931] memfd_create("syzkaller", 0 [pid 5932] <... memfd_create resumed>) = 4 [pid 5931] <... memfd_create resumed>) = 4 ./strace-static-x86_64: Process 5934 attached [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5932] <... mmap resumed>) = 0x7f0fce600000 [pid 5931] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5934 [pid 5934] set_robust_list(0x555579e09760, 24 [pid 5932] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5931] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5934] <... set_robust_list resumed>) = 0 [pid 5932] <... write resumed>) = 32768 [pid 5931] munmap(0x7f0fce600000, 138412032 [pid 5934] chdir("./16" [pid 5931] <... munmap resumed>) = 0 [pid 5932] munmap(0x7f0fce600000, 138412032 [pid 5934] <... chdir resumed>) = 0 [pid 5932] <... munmap resumed>) = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5934] setpgid(0, 0) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5931] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5934] <... openat resumed>) = 3 [pid 5934] write(3, "1000", 4) = 4 [pid 5934] close(3 [pid 5931] close(4 [pid 5934] <... close resumed>) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs"executing program [pid 5932] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5931] <... close resumed>) = 0 [pid 5934] <... symlink resumed>) = 0 [pid 5934] write(1, "executing program\n", 18 [pid 5932] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5931] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5934] <... write resumed>) = 18 [pid 5934] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5934] memfd_create("syzkaller", 0 [pid 5932] close(4 [pid 5931] <... prlimit64 resumed>NULL) = 0 [pid 5931] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5932] <... close resumed>) = 0 [pid 5931] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5931] sched_setaffinity(0, 0, NULL [pid 5934] <... memfd_create resumed>) = 3 [pid 5931] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5931] sched_setscheduler(0, SCHED_RR, NULL [pid 5932] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5931] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5930] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5932] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5931] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5932] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5931] <... openat resumed>) = 4 [pid 5932] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5932] sched_setscheduler(0, SCHED_RR, NULL [pid 5931] read(4, [pid 5930] sched_setaffinity(0, 0, NULL [pid 5932] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5932] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5930] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5930] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5932] <... openat resumed>) = 4 [pid 5930] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5932] read(4, [pid 5930] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5930] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5934] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5930] exit_group(0 [pid 5933] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5930] <... exit_group resumed>) = ? [pid 5930] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 5840] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./16/binderfs") = 0 [pid 5840] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... write resumed>) = 2097152 [pid 5934] munmap(0x7f0fce600000, 138412032 [pid 5933] <... write resumed>) = 2097152 [pid 5840] <... umount2 resumed>) = 0 [pid 5933] munmap(0x7f0fce600000, 138412032 [pid 5840] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./16/bus", [pid 5934] <... munmap resumed>) = 0 [pid 5933] <... munmap resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 5933] <... openat resumed>) = 4 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5933] ioctl(4, LOOP_SET_FD, 3 [pid 5840] getdents64(4, [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5933] <... ioctl resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./16/bus" [pid 5934] <... openat resumed>) = 4 [pid 5934] ioctl(4, LOOP_SET_FD, 3 [pid 5933] close(3 [pid 5840] <... rmdir resumed>) = 0 [pid 5933] <... close resumed>) = 0 [pid 5840] getdents64(3, [pid 5933] close(4 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5933] <... close resumed>) = 0 [pid 5840] close(3 [pid 5934] <... ioctl resumed>) = 0 [pid 5933] mkdir("./bus", 0777 [pid 5840] <... close resumed>) = 0 [pid 5934] close(3 [pid 5933] <... mkdir resumed>) = 0 [pid 5840] rmdir("./16" [pid 5934] <... close resumed>) = 0 [pid 5933] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5840] <... rmdir resumed>) = 0 [pid 5934] close(4) = 0 [pid 5840] mkdir("./17", 0777 [pid 5934] mkdir("./bus", 0777 [pid 5840] <... mkdir resumed>) = 0 [pid 5934] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5934] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [ 108.800399][ T5933] loop3: detected capacity change from 0 to 4096 [ 108.812413][ T5934] loop0: detected capacity change from 0 to 4096 [pid 5840] close(3) = 0 [pid 5934] <... mount resumed>) = 0 [pid 5933] <... mount resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5935 attached [pid 5933] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5935 [pid 5935] set_robust_list(0x555579e09760, 24 [pid 5933] chdir("./bus" [pid 5935] <... set_robust_list resumed>) = 0 [pid 5933] <... chdir resumed>) = 0 [pid 5935] chdir("./17" [pid 5933] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5935] <... chdir resumed>) = 0 [pid 5933] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5933] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5935] <... prctl resumed>) = 0 [pid 5933] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5933] memfd_create("syzkaller", 0 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5934] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5935] <... openat resumed>) = 3 [pid 5934] <... openat resumed>) = 3 [pid 5933] <... memfd_create resumed>) = 4 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5935] write(3, "1000", 4 [pid 5934] chdir("./bus" [pid 5935] <... write resumed>) = 4 executing program [pid 5935] close(3 [pid 5934] <... chdir resumed>) = 0 [pid 5935] <... close resumed>) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5935] symlink("/dev/binderfs", "./binderfs" [pid 5934] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5934] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5935] <... symlink resumed>) = 0 [pid 5934] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5933] <... mmap resumed>) = 0x7f0fce600000 [pid 5935] write(1, "executing program\n", 18 [pid 5934] memfd_create("syzkaller", 0 [pid 5933] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5935] <... write resumed>) = 18 [pid 5935] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5934] <... memfd_create resumed>) = 4 [pid 5935] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5935] memfd_create("syzkaller", 0 [pid 5933] <... write resumed>) = 32768 [pid 5934] <... mmap resumed>) = 0x7f0fce600000 [pid 5933] munmap(0x7f0fce600000, 138412032) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5935] <... memfd_create resumed>) = 3 [pid 5934] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5933] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5933] close(4 [pid 5935] <... mmap resumed>) = 0x7f0fce600000 [pid 5933] <... close resumed>) = 0 [pid 5934] <... write resumed>) = 32768 [pid 5933] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5933] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5934] munmap(0x7f0fce600000, 138412032 [pid 5933] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5933] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5933] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5934] <... munmap resumed>) = 0 [pid 5933] <... openat resumed>) = 4 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5934] close(4) = 0 [pid 5933] read(4, [pid 5934] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5934] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5934] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5934] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5934] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5934] read(4, [pid 5935] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5931] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5931] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5931] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5931] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5931] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5935] <... write resumed>) = 2097152 [pid 5931] exit_group(0) = ? [pid 5935] munmap(0x7f0fce600000, 138412032) = 0 [pid 5931] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5842] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./16/binderfs") = 0 [pid 5842] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5935] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5935] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... umount2 resumed>) = 0 [pid 5935] <... ioctl resumed>) = 0 [pid 5842] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5935] close(3) = 0 [pid 5935] close(4) = 0 [pid 5935] mkdir("./bus", 0777) = 0 [pid 5935] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5842] newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./16/bus") = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [ 109.163356][ T5935] loop2: detected capacity change from 0 to 4096 [pid 5842] rmdir("./16") = 0 [pid 5842] mkdir("./17", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5932] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5932] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5932] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5932] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5932] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5934] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5932] <... openat resumed>) = 5 [pid 5932] exit_group(0 [pid 5934] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5932] <... exit_group resumed>) = ? [pid 5934] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5932] +++ exited with 0 +++ [pid 5842] <... close resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5934] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] rename(NULL, NULL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", [pid 5934] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5934] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] unlink("./16/binderfs") = 0 [pid 5839] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5936 attached [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5936 [pid 5934] <... openat resumed>) = 5 [pid 5935] <... mount resumed>) = 0 [pid 5934] exit_group(0) = ? [pid 5936] set_robust_list(0x555579e09760, 24 [pid 5935] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5934] +++ exited with 0 +++ [pid 5839] <... umount2 resumed>) = 0 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5935] <... openat resumed>) = 3 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5838] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5936] chdir("./17" [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5936] <... chdir resumed>) = 0 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5838] <... openat resumed>) = 3 [pid 5936] <... prctl resumed>) = 0 [pid 5935] chdir("./bus" [pid 5838] newfstatat(3, "", [pid 5936] setpgid(0, 0 [pid 5935] <... chdir resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5936] <... setpgid resumed>) = 0 [pid 5838] getdents64(3, [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5935] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5936] <... openat resumed>) = 3 [pid 5935] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5936] write(3, "1000", 4 [pid 5839] newfstatat(AT_FDCWD, "./16/bus", [pid 5936] <... write resumed>) = 4 [pid 5936] close(3 [pid 5935] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5936] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs" [pid 5935] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5838] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5936] <... symlink resumed>) = 0 [pid 5935] memfd_create("syzkaller", 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5935] <... memfd_create resumed>) = 4 [pid 5838] unlink("./16/binderfs" [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... unlink resumed>) = 0 [pid 5935] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5936] write(1, "executing program\n", 18 [pid 5935] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5936] <... write resumed>) = 18 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5936] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5839] <... openat resumed>) = 4 [pid 5935] <... write resumed>) = 32768 [pid 5935] munmap(0x7f0fce600000, 138412032) = 0 [pid 5936] memfd_create("syzkaller", 0 [pid 5935] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5936] <... memfd_create resumed>) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] getdents64(4, [pid 5936] <... mmap resumed>) = 0x7f0fce600000 [pid 5935] close(4) = 0 [pid 5935] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5935] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5935] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] <... umount2 resumed>) = 0 [pid 5935] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5935] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5935] read(4, [pid 5839] getdents64(4, [pid 5838] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] close(4 [pid 5838] newfstatat(4, "", [pid 5839] <... close resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] rmdir("./16/bus" [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] <... rmdir resumed>) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./16/bus") = 0 [pid 5838] getdents64(3, [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./16" [pid 5839] close(3 [pid 5838] <... rmdir resumed>) = 0 [pid 5838] mkdir("./17", 0777) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./16" [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./17", 0777 [pid 5838] close(3 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5838] <... close resumed>) = 0 [pid 5936] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555579e09750) = 5937 ./strace-static-x86_64: Process 5937 attached [pid 5937] set_robust_list(0x555579e09760, 24) = 0 [pid 5937] chdir("./17") = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5937] setpgid(0, 0) = 0 [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5937] write(3, "1000", 4) = 4 [pid 5937] close(3) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5937] write(1, "executing program\n", 18) = 18 [pid 5937] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5937] memfd_create("syzkaller", 0 [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5937] <... memfd_create resumed>) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5938 ./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x555579e09760, 24) = 0 [pid 5938] chdir("./17") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5936] <... write resumed>) = 2097152 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] write(1, "executing program\n", 18 [pid 5936] munmap(0x7f0fce600000, 138412032executing program [pid 5938] <... write resumed>) = 18 [pid 5936] <... munmap resumed>) = 0 [pid 5938] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5938] memfd_create("syzkaller", 0 [pid 5936] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5938] <... memfd_create resumed>) = 3 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5937] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5936] <... openat resumed>) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] close(4) = 0 [pid 5936] mkdir("./bus", 0777) = 0 [ 109.581062][ T5936] loop4: detected capacity change from 0 to 4096 [pid 5936] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5937] <... write resumed>) = 2097152 [pid 5935] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5937] munmap(0x7f0fce600000, 138412032) = 0 [pid 5935] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5935] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5938] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5935] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5935] rename(NULL, NULL [pid 5937] <... openat resumed>) = 4 [pid 5935] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5937] ioctl(4, LOOP_SET_FD, 3 [pid 5935] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5935] exit_group(0) = ? [pid 5937] <... ioctl resumed>) = 0 [pid 5936] <... mount resumed>) = 0 [pid 5935] +++ exited with 0 +++ [pid 5936] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 5936] <... openat resumed>) = 3 [pid 5936] chdir("./bus") = 0 [pid 5840] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5937] close(3 [pid 5936] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5937] <... close resumed>) = 0 [pid 5936] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5937] close(4 [pid 5936] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5840] <... openat resumed>) = 3 [pid 5937] <... close resumed>) = 0 [pid 5936] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5840] newfstatat(3, "", [pid 5937] mkdir("./bus", 0777 [pid 5936] memfd_create("syzkaller", 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5937] <... mkdir resumed>) = 0 [pid 5936] <... memfd_create resumed>) = 4 [pid 5938] <... write resumed>) = 2097152 [pid 5937] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] getdents64(3, [pid 5938] munmap(0x7f0fce600000, 138412032 [pid 5936] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [ 109.678049][ T5937] loop0: detected capacity change from 0 to 4096 [pid 5936] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./17/binderfs" [pid 5936] <... write resumed>) = 32768 [pid 5840] <... unlink resumed>) = 0 [pid 5936] munmap(0x7f0fce600000, 138412032 [pid 5840] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5936] <... munmap resumed>) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5936] close(4) = 0 [pid 5936] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5938] <... munmap resumed>) = 0 [pid 5936] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5840] <... umount2 resumed>) = 0 [pid 5936] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5936] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5936] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5936] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5938] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5936] <... openat resumed>) = 4 [pid 5938] <... openat resumed>) = 4 [pid 5936] read(4, [pid 5840] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./17/bus", [pid 5938] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./17/bus") = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./17" [pid 5937] <... mount resumed>) = 0 [pid 5938] <... ioctl resumed>) = 0 [pid 5937] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] <... rmdir resumed>) = 0 [pid 5938] close(3 [pid 5937] <... openat resumed>) = 3 [ 109.765768][ T5938] loop1: detected capacity change from 0 to 4096 [pid 5938] <... close resumed>) = 0 [pid 5937] chdir("./bus" [pid 5840] mkdir("./18", 0777 [pid 5938] close(4 [pid 5937] <... chdir resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5938] <... close resumed>) = 0 [pid 5938] mkdir("./bus", 0777 [pid 5937] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5938] <... mkdir resumed>) = 0 [pid 5937] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5840] <... openat resumed>) = 3 [pid 5937] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5938] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5937] memfd_create("syzkaller", 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5937] <... memfd_create resumed>) = 4 [pid 5933] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] close(3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5937] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5937] munmap(0x7f0fce600000, 138412032) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5937] close(4) = 0 [pid 5937] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5937] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5937] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5937] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5937] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5937] read(4, [pid 5933] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5933] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5933] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5933] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5933] exit_group(0) = ? [pid 5933] +++ exited with 0 +++ [pid 5840] <... close resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5841] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./17/binderfs") = 0 [pid 5841] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5939 attached , child_tidptr=0x555579e09750) = 5939 [pid 5939] set_robust_list(0x555579e09760, 24 [pid 5938] <... mount resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5939] chdir("./18") = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5939] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5938] <... openat resumed>) = 3 [pid 5939] <... openat resumed>) = 3 [pid 5939] write(3, "1000", 4 [pid 5841] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5939] <... write resumed>) = 4 [pid 5939] close(3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5939] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5939] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... openat resumed>) = 4 [pid 5939] <... symlink resumed>) = 0 [pid 5938] chdir("./bus" [pid 5939] write(1, "executing program\n", 18 [pid 5938] <... chdir resumed>) = 0 executing program [pid 5841] newfstatat(4, "", [pid 5939] <... write resumed>) = 18 [pid 5938] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5939] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5938] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] getdents64(4, [pid 5939] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5939] memfd_create("syzkaller", 0 [pid 5938] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5938] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5841] close(4 [pid 5938] memfd_create("syzkaller", 0 [pid 5841] <... close resumed>) = 0 [pid 5938] <... memfd_create resumed>) = 4 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] rmdir("./17/bus" [pid 5938] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] <... rmdir resumed>) = 0 [pid 5939] <... memfd_create resumed>) = 3 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5938] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5841] getdents64(3, [pid 5939] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./17" [pid 5938] <... write resumed>) = 32768 [pid 5841] <... rmdir resumed>) = 0 [pid 5938] munmap(0x7f0fce600000, 138412032 [pid 5841] mkdir("./18", 0777 [pid 5938] <... munmap resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5938] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5938] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... openat resumed>) = 3 [pid 5938] close(4 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5938] <... close resumed>) = 0 [pid 5938] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5938] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] <... close resumed>) = 0 [pid 5939] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5938] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5936] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5940 attached [pid 5938] sched_setaffinity(0, 0, NULL [pid 5936] sched_setaffinity(0, 0, NULL [pid 5938] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5940] set_robust_list(0x555579e09760, 24 [pid 5938] sched_setscheduler(0, SCHED_RR, NULL [pid 5936] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5940 [pid 5938] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5936] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5938] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5936] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5940] <... set_robust_list resumed>) = 0 [pid 5938] <... openat resumed>) = 4 [pid 5936] rename(NULL, NULL [pid 5940] chdir("./18" [pid 5938] read(4, [pid 5936] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5940] <... chdir resumed>) = 0 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5940] setpgid(0, 0) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5940] write(3, "1000", 4 [pid 5936] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5940] <... write resumed>) = 4 [pid 5940] close(3) = 0 [pid 5940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5940] write(1, "executing program\n", 18) = 18 [pid 5940] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5940] memfd_create("syzkaller", 0 [pid 5936] <... openat resumed>) = 5 executing program [pid 5940] <... memfd_create resumed>) = 3 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5936] exit_group(0) = ? [pid 5936] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 5842] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5939] <... write resumed>) = 2097152 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5939] munmap(0x7f0fce600000, 138412032) = 0 [pid 5940] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] getdents64(3, [pid 5939] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5939] ioctl(4, LOOP_SET_FD, 3 [pid 5842] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5939] <... ioctl resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./17/binderfs" [pid 5939] close(3 [pid 5842] <... unlink resumed>) = 0 [pid 5842] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5939] <... close resumed>) = 0 [pid 5939] close(4) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./17/bus", [pid 5939] mkdir("./bus", 0777) = 0 [pid 5939] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5940] <... write resumed>) = 2097152 [pid 5842] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5940] munmap(0x7f0fce600000, 138412032 [pid 5842] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 110.170686][ T5939] loop2: detected capacity change from 0 to 4096 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./17/bus") = 0 [pid 5940] <... munmap resumed>) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5842] close(3 [pid 5940] <... openat resumed>) = 4 [pid 5940] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./17") = 0 [pid 5940] <... ioctl resumed>) = 0 [pid 5842] mkdir("./18", 0777) = 0 [pid 5940] close(3) = 0 [pid 5940] close(4) = 0 [pid 5939] <... mount resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5940] mkdir("./bus", 0777 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5940] <... mkdir resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 5939] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5939] chdir("./bus") = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [ 110.251100][ T5940] loop3: detected capacity change from 0 to 4096 [pid 5939] memfd_create("syzkaller", 0) = 4 [pid 5940] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5939] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5939] munmap(0x7f0fce600000, 138412032) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] close(4) = 0 [pid 5939] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5939] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5939] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5939] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5939] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5939] read(4, [pid 5938] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5938] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5938] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5938] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5842] <... close resumed>) = 0 [pid 5938] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached [pid 5941] set_robust_list(0x555579e09760, 24 [pid 5938] <... openat resumed>) = 5 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5941 [pid 5941] <... set_robust_list resumed>) = 0 [pid 5941] chdir("./18") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5938] exit_group(0 [pid 5941] <... prctl resumed>) = 0 [pid 5941] setpgid(0, 0 [pid 5938] <... exit_group resumed>) = ? [pid 5941] <... setpgid resumed>) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4 [pid 5940] <... mount resumed>) = 0 [pid 5940] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5941] <... write resumed>) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs" [pid 5938] +++ exited with 0 +++ [pid 5941] <... symlink resumed>) = 0 [pid 5940] <... openat resumed>) = 3 [pid 5940] chdir("./bus" [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- executing program [pid 5940] <... chdir resumed>) = 0 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5940] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5941] write(1, "executing program\n", 18) = 18 [pid 5941] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5940] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5940] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5940] memfd_create("syzkaller", 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5940] <... memfd_create resumed>) = 4 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5940] <... mmap resumed>) = 0x7f0fce600000 [pid 5941] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5941] memfd_create("syzkaller", 0 [pid 5940] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 5940] <... write resumed>) = 32768 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5941] <... memfd_create resumed>) = 3 [pid 5839] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5941] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] unlink("./17/binderfs" [pid 5940] munmap(0x7f0fce600000, 138412032 [pid 5839] <... unlink resumed>) = 0 [pid 5839] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5940] <... munmap resumed>) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5940] close(4) = 0 [pid 5940] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5940] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5940] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5940] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5940] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5839] <... umount2 resumed>) = 0 [pid 5940] <... openat resumed>) = 4 [pid 5940] read(4, [pid 5839] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./17/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./17") = 0 [pid 5839] mkdir("./18", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5941] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555579e09750) = 5942 ./strace-static-x86_64: Process 5942 attached [pid 5942] set_robust_list(0x555579e09760, 24) = 0 [pid 5942] chdir("./18") = 0 [pid 5941] <... write resumed>) = 2097152 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5942] setpgid(0, 0 [pid 5941] munmap(0x7f0fce600000, 138412032 [pid 5942] <... setpgid resumed>) = 0 [pid 5941] <... munmap resumed>) = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] <... openat resumed>) = 4 [pid 5942] write(3, "1000", 4) = 4 [pid 5941] ioctl(4, LOOP_SET_FD, 3 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs" [pid 5941] <... ioctl resumed>) = 0 [pid 5942] <... symlink resumed>) = 0 [pid 5941] close(3executing program [pid 5942] write(1, "executing program\n", 18 [pid 5937] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5942] <... write resumed>) = 18 [pid 5941] <... close resumed>) = 0 [pid 5937] sched_setaffinity(0, 0, NULL [pid 5942] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5941] close(4 [pid 5937] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5942] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5941] <... close resumed>) = 0 [pid 5937] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5941] mkdir("./bus", 0777 [pid 5937] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5942] memfd_create("syzkaller", 0 [pid 5941] <... mkdir resumed>) = 0 [pid 5937] rename(NULL, NULL [pid 5941] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5937] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5942] <... memfd_create resumed>) = 3 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 110.647833][ T5941] loop4: detected capacity change from 0 to 4096 [pid 5937] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5942] <... mmap resumed>) = 0x7f0fce600000 [pid 5937] <... openat resumed>) = 5 [pid 5937] exit_group(0) = ? [pid 5937] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5838] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5940] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5940] sched_setaffinity(0, 0, NULL [pid 5838] getdents64(3, [pid 5940] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5940] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5838] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5940] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./17/binderfs") = 0 [pid 5838] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5940] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5940] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5942] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5940] <... openat resumed>) = 5 [pid 5941] <... mount resumed>) = 0 [pid 5941] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5940] exit_group(0 [pid 5838] <... umount2 resumed>) = 0 [pid 5941] <... openat resumed>) = 3 [pid 5940] <... exit_group resumed>) = ? [pid 5941] chdir("./bus") = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5941] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5941] memfd_create("syzkaller", 0 [pid 5838] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5941] <... memfd_create resumed>) = 4 [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5941] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5941] <... write resumed>) = 32768 [pid 5838] <... openat resumed>) = 4 [pid 5941] munmap(0x7f0fce600000, 138412032 [pid 5940] +++ exited with 0 +++ [pid 5838] newfstatat(4, "", [pid 5941] <... munmap resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] getdents64(4, [pid 5941] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5941] close(4 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] close(4 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] rmdir("./17/bus" [pid 5941] <... close resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5941] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5941] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(3, "", [pid 5941] sched_setaffinity(0, 0, NULL [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5941] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] getdents64(3, [pid 5941] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] getdents64(3, [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5941] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] close(3 [pid 5941] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5841] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5941] read(4, [pid 5841] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./18/binderfs") = 0 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./17" [pid 5841] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... rmdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] mkdir("./18", 0777 [pid 5841] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] <... mkdir resumed>) = 0 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] <... openat resumed>) = 3 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5841] rmdir("./18/bus" [pid 5838] <... ioctl resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5838] close(3 [pid 5942] <... write resumed>) = 2097152 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./18") = 0 [pid 5942] munmap(0x7f0fce600000, 138412032 [pid 5841] mkdir("./19", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5942] <... munmap resumed>) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... close resumed>) = 0 [pid 5942] <... ioctl resumed>) = 0 [pid 5942] close(3) = 0 [pid 5942] close(4) = 0 [pid 5942] mkdir("./bus", 0777 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5942] <... mkdir resumed>) = 0 [pid 5942] mount("/dev/loop1", "./bus", "ntfs3", 0, ""./strace-static-x86_64: Process 5943 attached [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5943 [pid 5943] set_robust_list(0x555579e09760, 24) = 0 [pid 5841] <... close resumed>) = 0 [ 110.952304][ T5942] loop1: detected capacity change from 0 to 4096 [pid 5943] chdir("./18") = 0 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5943] setpgid(0, 0) = 0 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5943] write(3, "1000", 4) = 4 [pid 5943] close(3) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5943] write(1, "executing program\n", 18executing program ) = 18 ./strace-static-x86_64: Process 5944 attached [pid 5943] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5944] set_robust_list(0x555579e09760, 24 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5944 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5943] memfd_create("syzkaller", 0 [pid 5944] chdir("./19" [pid 5943] <... memfd_create resumed>) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5944] <... chdir resumed>) = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] setpgid(0, 0) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5944] write(3, "1000", 4) = 4 [pid 5944] close(3) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5944] write(1, "executing program\n", 18) = 18 [pid 5944] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5939] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5943] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5939] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5939] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5939] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5944] memfd_create("syzkaller", 0 [pid 5939] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5944] <... memfd_create resumed>) = 3 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5942] <... mount resumed>) = 0 [pid 5939] <... openat resumed>) = 5 [pid 5942] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5942] chdir("./bus" [pid 5939] exit_group(0 [pid 5942] <... chdir resumed>) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5939] <... exit_group resumed>) = ? [pid 5942] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5942] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5942] memfd_create("syzkaller", 0) = 4 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5942] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5939] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5942] <... write resumed>) = 32768 [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5942] munmap(0x7f0fce600000, 138412032) = 0 [pid 5840] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5944] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5942] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] close(4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5942] <... close resumed>) = 0 [pid 5942] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5840] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5942] <... prlimit64 resumed>NULL) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5942] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5840] unlink("./18/binderfs" [pid 5942] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5942] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5942] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5942] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5942] read(4, [pid 5840] <... unlink resumed>) = 0 [pid 5840] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5943] <... write resumed>) = 2097152 [pid 5840] <... umount2 resumed>) = 0 [pid 5943] munmap(0x7f0fce600000, 138412032 [pid 5840] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] <... write resumed>) = 2097152 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", [pid 5944] munmap(0x7f0fce600000, 138412032 [pid 5943] <... munmap resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./18/bus" [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5944] <... munmap resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5943] <... openat resumed>) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3 [pid 5840] getdents64(3, [pid 5944] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5943] <... ioctl resumed>) = 0 [pid 5944] <... openat resumed>) = 4 [pid 5944] ioctl(4, LOOP_SET_FD, 3 [pid 5943] close(3 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5943] <... close resumed>) = 0 [pid 5840] close(3 [pid 5943] close(4 [pid 5840] <... close resumed>) = 0 [pid 5943] <... close resumed>) = 0 [pid 5840] rmdir("./18") = 0 [pid 5943] mkdir("./bus", 0777 [pid 5840] mkdir("./19", 0777 [pid 5943] <... mkdir resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5943] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5944] <... ioctl resumed>) = 0 [pid 5941] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5944] close(3 [pid 5941] sched_setaffinity(0, 0, NULL [pid 5944] <... close resumed>) = 0 [pid 5941] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5944] close(4 [pid 5941] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5944] <... close resumed>) = 0 [pid 5941] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5944] mkdir("./bus", 0777 [pid 5941] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5944] <... mkdir resumed>) = 0 [pid 5941] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5944] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5941] <... openat resumed>) = 5 [pid 5941] exit_group(0) = ? [ 111.299657][ T5943] loop0: detected capacity change from 0 to 4096 [ 111.321341][ T5944] loop3: detected capacity change from 0 to 4096 [pid 5941] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5945 attached ) = 3 [pid 5943] <... mount resumed>) = 0 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5945] set_robust_list(0x555579e09760, 24 [pid 5943] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] getdents64(3, [pid 5945] <... set_robust_list resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5945 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5945] chdir("./19" [pid 5943] <... openat resumed>) = 3 [pid 5842] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5945] <... chdir resumed>) = 0 [pid 5943] chdir("./bus" [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5943] <... chdir resumed>) = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5945] <... prctl resumed>) = 0 [pid 5943] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5945] setpgid(0, 0 [pid 5943] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] unlink("./18/binderfs" [pid 5945] <... setpgid resumed>) = 0 [pid 5943] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5842] <... unlink resumed>) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5943] memfd_create("syzkaller", 0 [pid 5842] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5945] <... openat resumed>) = 3 [pid 5943] <... memfd_create resumed>) = 4 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5943] <... mmap resumed>) = 0x7f0fce600000 [pid 5945] symlink("/dev/binderfs", "./binderfs" [pid 5944] <... mount resumed>) = 0 [pid 5945] <... symlink resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5943] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768executing program [pid 5945] write(1, "executing program\n", 18) = 18 [pid 5944] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5945] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5944] <... openat resumed>) = 3 [pid 5943] <... write resumed>) = 32768 [pid 5945] memfd_create("syzkaller", 0 [pid 5944] chdir("./bus" [pid 5943] munmap(0x7f0fce600000, 138412032 [pid 5842] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5945] <... memfd_create resumed>) = 3 [pid 5944] <... chdir resumed>) = 0 [pid 5943] <... munmap resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5944] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] newfstatat(AT_FDCWD, "./18/bus", [pid 5945] <... mmap resumed>) = 0x7f0fce600000 [pid 5944] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5943] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5944] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5943] close(4 [pid 5842] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5943] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5944] memfd_create("syzkaller", 0) = 4 [pid 5842] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5943] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5944] <... mmap resumed>) = 0x7f0fce600000 [pid 5943] <... prlimit64 resumed>NULL) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5944] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5943] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] newfstatat(4, "", [pid 5943] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5943] sched_setaffinity(0, 0, NULL [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5943] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5943] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] getdents64(4, [pid 5943] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5944] <... write resumed>) = 32768 [pid 5943] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5943] <... openat resumed>) = 4 [pid 5842] getdents64(4, [pid 5943] read(4, [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5944] munmap(0x7f0fce600000, 138412032) = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5842] close(4 [pid 5944] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./18/bus" [pid 5944] close(4) = 0 [pid 5944] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] <... rmdir resumed>) = 0 [pid 5944] <... prlimit64 resumed>NULL) = 0 [pid 5842] getdents64(3, [pid 5944] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5944] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] close(3 [pid 5944] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5842] <... close resumed>) = 0 [pid 5944] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] rmdir("./18" [pid 5944] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5944] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5944] read(4, [pid 5842] <... rmdir resumed>) = 0 [pid 5945] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] mkdir("./19", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5945] <... write resumed>) = 2097152 [pid 5945] munmap(0x7f0fce600000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... close resumed>) = 0 [pid 5945] <... ioctl resumed>) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./bus", 0777) = 0 [pid 5945] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5946 attached , child_tidptr=0x555579e09750) = 5946 [ 111.647719][ T5945] loop2: detected capacity change from 0 to 4096 [pid 5946] set_robust_list(0x555579e09760, 24) = 0 [pid 5946] chdir("./19") = 0 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5946] write(1, "executing program\n", 18) = 18 [pid 5946] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5946] memfd_create("syzkaller", 0) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5945] <... mount resumed>) = 0 [pid 5946] <... mmap resumed>) = 0x7f0fce600000 [pid 5945] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./bus") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5945] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5945] memfd_create("syzkaller", 0) = 4 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5945] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5945] munmap(0x7f0fce600000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5945] close(4) = 0 [pid 5945] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5945] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5945] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5945] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5945] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5945] read(4, [pid 5946] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5946] munmap(0x7f0fce600000, 138412032) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5944] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5944] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5946] <... ioctl resumed>) = 0 [pid 5946] close(3) = 0 [pid 5946] close(4 [pid 5944] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5944] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5944] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5946] <... close resumed>) = 0 [pid 5946] mkdir("./bus", 0777) = 0 [pid 5944] <... openat resumed>) = 5 [pid 5946] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5944] exit_group(0) = ? [pid 5942] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5944] +++ exited with 0 +++ [pid 5942] sched_setaffinity(0, 0, NULL [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5942] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5942] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5841] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] rename(NULL, NULL [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5942] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5841] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5942] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] <... openat resumed>) = 3 [ 112.096305][ T5946] loop4: detected capacity change from 0 to 4096 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] <... openat resumed>) = 5 [pid 5942] exit_group(0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5942] <... exit_group resumed>) = ? [pid 5841] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./19/binderfs") = 0 [pid 5946] <... mount resumed>) = 0 [pid 5942] +++ exited with 0 +++ [pid 5841] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5946] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5946] chdir("./bus" [pid 5839] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5946] <... chdir resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5946] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] newfstatat(3, "", [pid 5946] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... umount2 resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 5841] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5946] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5943] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5946] memfd_create("syzkaller", 0 [pid 5943] sched_setaffinity(0, 0, NULL [pid 5841] newfstatat(AT_FDCWD, "./19/bus", [pid 5839] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] unlink("./18/binderfs" [pid 5946] <... memfd_create resumed>) = 4 [pid 5943] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... unlink resumed>) = 0 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5943] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5841] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5946] <... mmap resumed>) = 0x7f0fce600000 [pid 5943] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] <... openat resumed>) = 4 [pid 5839] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5943] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5841] newfstatat(4, "", [pid 5943] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5946] <... write resumed>) = 32768 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, [pid 5946] munmap(0x7f0fce600000, 138412032 [pid 5943] <... openat resumed>) = 5 [pid 5839] <... umount2 resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5946] <... munmap resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] rmdir("./19/bus" [pid 5946] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5943] exit_group(0 [pid 5946] close(4 [pid 5943] <... exit_group resumed>) = ? [pid 5841] <... rmdir resumed>) = 0 [pid 5946] <... close resumed>) = 0 [pid 5841] getdents64(3, [pid 5943] +++ exited with 0 +++ [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- [pid 5946] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] <... close resumed>) = 0 [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5841] rmdir("./19" [pid 5946] <... prlimit64 resumed>NULL) = 0 [pid 5946] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5946] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5946] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... rmdir resumed>) = 0 [pid 5946] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5946] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5838] <... restart_syscall resumed>) = 0 [pid 5946] <... openat resumed>) = 4 [pid 5946] read(4, [pid 5838] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] newfstatat(AT_FDCWD, "./18/bus", [pid 5841] mkdir("./20", 0777 [pid 5838] <... openat resumed>) = 3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] newfstatat(3, "", [pid 5839] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] getdents64(3, [pid 5839] <... openat resumed>) = 4 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(4, "", [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5839] getdents64(4, [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] unlink("./18/binderfs" [pid 5841] <... mkdir resumed>) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5838] <... unlink resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... openat resumed>) = 3 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./18/bus" [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./18") = 0 [pid 5839] mkdir("./19", 0777) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] close(3 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./18/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./18") = 0 [pid 5838] mkdir("./19", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5948 attached ./strace-static-x86_64: Process 5947 attached [pid 5948] set_robust_list(0x555579e09760, 24) = 0 [pid 5948] chdir("./19" [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5947 [pid 5948] <... chdir resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5948 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5947] set_robust_list(0x555579e09760, 24 [pid 5948] write(3, "1000", 4) = 4 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5948] close(3 [pid 5947] chdir("./20") = 0 [pid 5948] <... close resumed>) = 0 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5948] symlink("/dev/binderfs", "./binderfs" [pid 5947] <... prctl resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5948] <... symlink resumed>) = 0 executing program [pid 5948] write(1, "executing program\n", 18 [pid 5947] setpgid(0, 0) = 0 [pid 5948] <... write resumed>) = 18 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5948] memfd_create("syzkaller", 0 [pid 5947] write(3, "1000", 4) = 4 [pid 5947] close(3) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs" [pid 5948] <... memfd_create resumed>) = 3 [pid 5947] <... symlink resumed>) = 0 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5947] write(1, "executing program\n", 18executing program [pid 5948] <... mmap resumed>) = 0x7f0fce600000 [pid 5947] <... write resumed>) = 18 [pid 5947] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5949 attached , child_tidptr=0x555579e09750) = 5949 [pid 5949] set_robust_list(0x555579e09760, 24) = 0 [pid 5949] chdir("./19" [pid 5947] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5949] <... chdir resumed>) = 0 [pid 5947] memfd_create("syzkaller", 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5949] setpgid(0, 0) = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5949] write(3, "1000", 4 [pid 5947] <... memfd_create resumed>) = 3 [pid 5949] <... write resumed>) = 4 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5949] close(3) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5949] write(1, "executing program\n", 18) = 18 [pid 5949] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5949] memfd_create("syzkaller", 0 [pid 5947] <... mmap resumed>) = 0x7f0fce600000 [pid 5945] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5949] <... memfd_create resumed>) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5948] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5945] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5945] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5945] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5945] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5945] exit_group(0) = ? [pid 5945] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5949] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5948] <... write resumed>) = 2097152 [pid 5947] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5948] munmap(0x7f0fce600000, 138412032 [pid 5840] <... openat resumed>) = 3 [pid 5948] <... munmap resumed>) = 0 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./19/binderfs") = 0 [pid 5840] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5946] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] rmdir("./19/bus" [pid 5948] <... openat resumed>) = 4 [pid 5948] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... rmdir resumed>) = 0 [pid 5946] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5946] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5946] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5946] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5947] <... write resumed>) = 2097152 [pid 5949] <... write resumed>) = 2097152 [pid 5948] <... ioctl resumed>) = 0 [pid 5946] <... openat resumed>) = 5 [pid 5840] close(3 [pid 5949] munmap(0x7f0fce600000, 138412032 [pid 5948] close(3 [pid 5947] munmap(0x7f0fce600000, 138412032 [pid 5946] exit_group(0 [pid 5840] <... close resumed>) = 0 [pid 5949] <... munmap resumed>) = 0 [pid 5948] <... close resumed>) = 0 [pid 5947] <... munmap resumed>) = 0 [pid 5946] <... exit_group resumed>) = ? [pid 5840] rmdir("./19" [pid 5948] close(4 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./20", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5948] <... close resumed>) = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5946] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- [pid 5842] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", [pid 5948] mkdir("./bus", 0777 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5948] <... mkdir resumed>) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5948] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5842] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./19/binderfs") = 0 [pid 5949] <... openat resumed>) = 4 [ 112.625096][ T5948] loop1: detected capacity change from 0 to 4096 [pid 5842] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5949] ioctl(4, LOOP_SET_FD, 3 [pid 5947] <... openat resumed>) = 4 [pid 5949] <... ioctl resumed>) = 0 [pid 5947] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 5947] <... ioctl resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5949] close(3 [pid 5947] close(3 [pid 5842] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... close resumed>) = 0 [pid 5949] <... close resumed>) = 0 [pid 5947] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5949] close(4 [pid 5947] close(4 [pid 5842] newfstatat(AT_FDCWD, "./19/bus", [pid 5947] <... close resumed>) = 0 [pid 5947] mkdir("./bus", 0777 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5949] <... close resumed>) = 0 [pid 5949] mkdir("./bus", 0777 [pid 5842] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] <... mkdir resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5949] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 5949] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./19/bus") = 0 [pid 5947] mount("/dev/loop3", "./bus", "ntfs3", 0, ""./strace-static-x86_64: Process 5950 attached [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5950] set_robust_list(0x555579e09760, 24) = 0 [pid 5950] chdir("./20" [pid 5842] close(3 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5950 [pid 5842] <... close resumed>) = 0 [ 112.680187][ T5949] loop0: detected capacity change from 0 to 4096 [ 112.690406][ T5947] loop3: detected capacity change from 0 to 4096 [pid 5950] <... chdir resumed>) = 0 [pid 5842] rmdir("./19" [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... rmdir resumed>) = 0 [pid 5950] <... prctl resumed>) = 0 [pid 5950] setpgid(0, 0) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] mkdir("./20", 0777) = 0 [pid 5950] write(3, "1000", 4 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5950] <... write resumed>) = 4 [pid 5842] <... openat resumed>) = 3 [pid 5950] close(3 [pid 5948] <... mount resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5950] <... close resumed>) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... ioctl resumed>) = 0 executing program [pid 5950] <... symlink resumed>) = 0 [pid 5842] close(3 [pid 5950] write(1, "executing program\n", 18) = 18 [pid 5948] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5950] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5948] <... openat resumed>) = 3 [pid 5950] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5948] chdir("./bus") = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5950] memfd_create("syzkaller", 0) = 3 [pid 5948] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5948] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5950] <... mmap resumed>) = 0x7f0fce600000 [pid 5948] memfd_create("syzkaller", 0) = 4 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5948] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] <... close resumed>) = 0 [pid 5948] <... write resumed>) = 32768 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5948] munmap(0x7f0fce600000, 138412032) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5948] close(4) = 0 [pid 5948] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5948] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5948] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5948] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5948] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 ./strace-static-x86_64: Process 5951 attached [pid 5949] <... mount resumed>) = 0 [pid 5947] <... mount resumed>) = 0 [pid 5951] set_robust_list(0x555579e09760, 24) = 0 [pid 5951] chdir("./20") = 0 [pid 5948] read(4, [pid 5947] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5951 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5947] <... openat resumed>) = 3 [pid 5947] chdir("./bus" [pid 5951] <... prctl resumed>) = 0 [pid 5949] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5947] <... chdir resumed>) = 0 [pid 5949] <... openat resumed>) = 3 [pid 5947] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5947] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5949] chdir("./bus" [pid 5947] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5951] setpgid(0, 0 [pid 5949] <... chdir resumed>) = 0 [pid 5947] memfd_create("syzkaller", 0 [pid 5951] <... setpgid resumed>) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5947] <... memfd_create resumed>) = 4 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5949] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5951] <... openat resumed>) = 3 [pid 5949] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5947] <... mmap resumed>) = 0x7f0fce600000 [pid 5949] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5951] write(3, "1000", 4 [pid 5949] memfd_create("syzkaller", 0 [pid 5947] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5949] <... memfd_create resumed>) = 4 [pid 5951] <... write resumed>) = 4 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5951] close(3 [pid 5949] <... mmap resumed>) = 0x7f0fce600000 [pid 5947] <... write resumed>) = 32768 [pid 5951] <... close resumed>) = 0 executing program [pid 5949] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5947] munmap(0x7f0fce600000, 138412032 [pid 5951] symlink("/dev/binderfs", "./binderfs" [pid 5949] <... write resumed>) = 32768 [pid 5947] <... munmap resumed>) = 0 [pid 5951] <... symlink resumed>) = 0 [pid 5949] munmap(0x7f0fce600000, 138412032) = 0 [pid 5951] write(1, "executing program\n", 18 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5951] <... write resumed>) = 18 [pid 5949] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5947] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5951] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5949] close(4 [pid 5947] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5951] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5949] <... close resumed>) = 0 [pid 5951] memfd_create("syzkaller", 0 [pid 5949] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5949] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5949] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5949] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5949] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5947] close(4 [pid 5951] <... memfd_create resumed>) = 3 [pid 5950] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5949] read(4, [pid 5947] <... close resumed>) = 0 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5947] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5951] <... mmap resumed>) = 0x7f0fce600000 [pid 5947] <... prlimit64 resumed>NULL) = 0 [pid 5947] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5947] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5947] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5947] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5947] read(4, [pid 5951] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5950] <... write resumed>) = 2097152 [pid 5950] munmap(0x7f0fce600000, 138412032) = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5950] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5950] close(3) = 0 [pid 5950] close(4) = 0 [pid 5950] mkdir("./bus", 0777 [pid 5951] <... write resumed>) = 2097152 [pid 5950] <... mkdir resumed>) = 0 [pid 5950] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [ 113.035823][ T5950] loop2: detected capacity change from 0 to 4096 [pid 5951] munmap(0x7f0fce600000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5951] close(3) = 0 [pid 5951] close(4) = 0 [pid 5951] mkdir("./bus", 0777) = 0 [pid 5951] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5950] <... mount resumed>) = 0 [pid 5950] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5950] chdir("./bus") = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [ 113.104805][ T5951] loop4: detected capacity change from 0 to 4096 [pid 5950] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5948] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5950] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5950] memfd_create("syzkaller", 0) = 4 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5950] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5948] sched_setaffinity(0, 0, NULL [pid 5950] <... write resumed>) = 32768 [pid 5948] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5950] munmap(0x7f0fce600000, 138412032 [pid 5948] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5950] <... munmap resumed>) = 0 [pid 5948] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5950] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5948] rename(NULL, NULL [pid 5950] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5948] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5950] close(4 [pid 5948] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5950] <... close resumed>) = 0 [pid 5948] exit_group(0 [pid 5950] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5948] <... exit_group resumed>) = ? [pid 5950] <... prlimit64 resumed>NULL) = 0 [pid 5950] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5950] sched_setaffinity(0, 0, NULL [pid 5948] +++ exited with 0 +++ [pid 5950] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5950] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5950] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5839] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5950] <... openat resumed>) = 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5950] read(4, [pid 5839] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5951] <... mount resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5951] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5951] <... openat resumed>) = 3 [pid 5839] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5951] chdir("./bus" [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5951] <... chdir resumed>) = 0 [pid 5839] unlink("./19/binderfs" [pid 5951] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... unlink resumed>) = 0 [pid 5951] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5951] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5839] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5951] memfd_create("syzkaller", 0) = 4 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5951] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5947] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5947] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5947] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5951] <... write resumed>) = 32768 [pid 5839] <... umount2 resumed>) = 0 [pid 5951] munmap(0x7f0fce600000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5947] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5947] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] newfstatat(AT_FDCWD, "./19/bus", [pid 5951] close(4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5951] <... close resumed>) = 0 [pid 5947] <... openat resumed>) = 5 [pid 5839] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] exit_group(0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5947] <... exit_group resumed>) = ? [pid 5951] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5839] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5951] <... prlimit64 resumed>NULL) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5951] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(4, "", [pid 5951] sched_setaffinity(0, 0, NULL [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5951] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5951] sched_setscheduler(0, SCHED_RR, NULL [pid 5947] +++ exited with 0 +++ [pid 5839] getdents64(4, [pid 5951] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5951] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5951] <... openat resumed>) = 4 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5951] read(4, [pid 5841] <... restart_syscall resumed>) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5841] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] rmdir("./19/bus" [pid 5841] <... openat resumed>) = 3 [pid 5839] <... rmdir resumed>) = 0 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 5839] getdents64(3, [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5839] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... close resumed>) = 0 [pid 5841] unlink("./20/binderfs" [pid 5839] rmdir("./19" [pid 5841] <... unlink resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5841] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] mkdir("./20", 0777 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5841] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5841] getdents64(4, [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] <... ioctl resumed>) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5841] close(4) = 0 [pid 5841] rmdir("./20/bus") = 0 [pid 5839] <... close resumed>) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] close(3) = 0 [pid 5841] rmdir("./20") = 0 [pid 5841] mkdir("./21", 0777./strace-static-x86_64: Process 5952 attached ) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5952] set_robust_list(0x555579e09760, 24) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5952 [pid 5952] chdir("./20") = 0 [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5952] setpgid(0, 0) = 0 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5952] write(3, "1000", 4) = 4 [pid 5952] close(3 [pid 5949] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5952] <... close resumed>) = 0 [pid 5952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] <... close resumed>) = 0 [pid 5949] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5949] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5949] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5949] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000executing program [pid 5952] write(1, "executing program\n", 18 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5952] <... write resumed>) = 18 [pid 5952] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 5953 attached [pid 5952] memfd_create("syzkaller", 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5953 [pid 5953] set_robust_list(0x555579e09760, 24 [pid 5952] <... memfd_create resumed>) = 3 [pid 5949] <... openat resumed>) = 5 [pid 5949] exit_group(0) = ? [pid 5953] <... set_robust_list resumed>) = 0 [pid 5953] chdir("./21") = 0 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5949] +++ exited with 0 +++ [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5952] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5953] <... prctl resumed>) = 0 [pid 5838] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5953] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5953] <... openat resumed>) = 3 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5953] write(3, "1000", 4 [pid 5838] unlink("./19/binderfs") = 0 [pid 5953] <... write resumed>) = 4 [pid 5838] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] close(3) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5953] write(1, "executing program\n", 18) = 18 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5953] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5953] memfd_create("syzkaller", 0 [pid 5838] newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./19/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./19" [pid 5953] <... memfd_create resumed>) = 3 [pid 5838] <... rmdir resumed>) = 0 [pid 5838] mkdir("./20", 0777 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... mkdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5953] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] <... openat resumed>) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5952] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5953] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5952] <... write resumed>) = 2097152 [pid 5838] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5954 attached [pid 5952] munmap(0x7f0fce600000, 138412032 [pid 5951] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5954 [pid 5951] sched_setaffinity(0, 0, NULL [pid 5954] set_robust_list(0x555579e09760, 24 [pid 5951] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5951] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5954] <... set_robust_list resumed>) = 0 [pid 5951] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5954] chdir("./20" [pid 5951] rename(NULL, NULL [pid 5954] <... chdir resumed>) = 0 [pid 5951] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5951] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5954] <... prctl resumed>) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5954] write(3, "1000", 4) = 4 [pid 5954] close(3) = 0 [pid 5954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5952] <... munmap resumed>) = 0 [pid 5951] <... openat resumed>) = 5 [pid 5951] exit_group(0) = ? executing program [pid 5954] write(1, "executing program\n", 18) = 18 [pid 5954] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5954] memfd_create("syzkaller", 0 [pid 5952] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5951] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5954] <... memfd_create resumed>) = 3 [pid 5952] <... openat resumed>) = 4 [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5952] ioctl(4, LOOP_SET_FD, 3 [pid 5954] <... mmap resumed>) = 0x7f0fce600000 [pid 5953] <... write resumed>) = 2097152 [pid 5842] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5953] munmap(0x7f0fce600000, 138412032 [pid 5952] <... ioctl resumed>) = 0 [pid 5950] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5952] close(3 [pid 5950] sched_setaffinity(0, 0, NULL [pid 5842] <... openat resumed>) = 3 [pid 5952] <... close resumed>) = 0 [pid 5954] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5950] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5952] close(4 [pid 5842] newfstatat(3, "", [pid 5953] <... munmap resumed>) = 0 [pid 5952] <... close resumed>) = 0 [pid 5950] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5952] mkdir("./bus", 0777 [pid 5950] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5950] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5842] getdents64(3, [pid 5952] <... mkdir resumed>) = 0 [pid 5950] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./20/binderfs" [ 113.671039][ T5952] loop1: detected capacity change from 0 to 4096 [pid 5952] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5842] <... unlink resumed>) = 0 [pid 5842] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5953] ioctl(4, LOOP_SET_FD, 3 [pid 5950] <... openat resumed>) = 5 [pid 5954] <... write resumed>) = 2097152 [pid 5953] <... ioctl resumed>) = 0 [pid 5950] exit_group(0 [pid 5842] <... umount2 resumed>) = 0 [pid 5953] close(3) = 0 [pid 5950] <... exit_group resumed>) = ? [pid 5842] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] close(4) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5953] mkdir("./bus", 0777 [pid 5842] newfstatat(AT_FDCWD, "./20/bus", [pid 5953] <... mkdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5954] munmap(0x7f0fce600000, 138412032 [pid 5842] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5953] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5950] +++ exited with 0 +++ [pid 5842] rmdir("./20/bus") = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5842] close(3 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./20") = 0 [pid 5842] mkdir("./21", 0777 [pid 5954] <... munmap resumed>) = 0 [pid 5952] <... mount resumed>) = 0 [pid 5840] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 113.725016][ T5953] loop3: detected capacity change from 0 to 4096 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5952] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5952] <... openat resumed>) = 3 [pid 5954] <... openat resumed>) = 4 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5952] chdir("./bus" [pid 5840] <... openat resumed>) = 3 [pid 5954] ioctl(4, LOOP_SET_FD, 3 [pid 5952] <... chdir resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5954] <... ioctl resumed>) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5954] close(3 [pid 5953] <... mount resumed>) = 0 [pid 5952] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... ioctl resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5952] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] close(3 [pid 5954] <... close resumed>) = 0 [pid 5840] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5954] close(4) = 0 [pid 5953] <... openat resumed>) = 3 [pid 5952] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5952] memfd_create("syzkaller", 0 [pid 5840] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5954] mkdir("./bus", 0777 [pid 5953] chdir("./bus" [pid 5954] <... mkdir resumed>) = 0 [pid 5953] <... chdir resumed>) = 0 [pid 5952] <... memfd_create resumed>) = 4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] unlink("./20/binderfs" [pid 5953] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5952] <... mmap resumed>) = 0x7f0fce600000 [pid 5953] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5953] memfd_create("syzkaller", 0 [pid 5840] <... unlink resumed>) = 0 [pid 5954] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5953] <... memfd_create resumed>) = 4 [pid 5952] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5840] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5952] <... write resumed>) = 32768 [pid 5953] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5952] munmap(0x7f0fce600000, 138412032) = 0 [pid 5953] <... write resumed>) = 32768 [pid 5952] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] <... umount2 resumed>) = 0 [pid 5953] munmap(0x7f0fce600000, 138412032 [pid 5952] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5953] <... munmap resumed>) = 0 [pid 5952] close(4) = 0 [pid 5952] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5840] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5952] <... prlimit64 resumed>NULL) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5953] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [ 113.800280][ T5954] loop0: detected capacity change from 0 to 4096 [pid 5952] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] <... close resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./20/bus", [pid 5953] close(4 [pid 5952] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5953] <... close resumed>) = 0 [pid 5952] sched_setaffinity(0, 0, NULL [pid 5953] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5952] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] <... prlimit64 resumed>NULL) = 0 [pid 5952] sched_setscheduler(0, SCHED_RR, NULL [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5953] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5952] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5955 attached [pid 5953] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5952] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5840] <... openat resumed>) = 4 [pid 5955] set_robust_list(0x555579e09760, 24 [pid 5953] sched_setaffinity(0, 0, NULL [pid 5952] <... openat resumed>) = 4 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5955 [pid 5840] newfstatat(4, "", [pid 5955] <... set_robust_list resumed>) = 0 [pid 5953] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5952] read(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5955] chdir("./21" [pid 5953] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(4, [pid 5953] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5955] <... chdir resumed>) = 0 [pid 5953] <... openat resumed>) = 4 [pid 5840] getdents64(4, [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5953] read(4, [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5955] <... prctl resumed>) = 0 [pid 5840] rmdir("./20/bus" [pid 5955] setpgid(0, 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5955] <... setpgid resumed>) = 0 [pid 5954] <... mount resumed>) = 0 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] getdents64(3, [pid 5954] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5954] <... openat resumed>) = 3 [pid 5840] close(3 [pid 5955] write(3, "1000", 4 [pid 5954] chdir("./bus" [pid 5840] <... close resumed>) = 0 [pid 5954] <... chdir resumed>) = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5955] <... write resumed>) = 4 [pid 5955] close(3) = 0 [pid 5954] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] rmdir("./20" [pid 5954] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5840] <... rmdir resumed>) = 0 [pid 5955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5954] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) executing program [pid 5955] write(1, "executing program\n", 18 [pid 5954] memfd_create("syzkaller", 0 [pid 5955] <... write resumed>) = 18 [pid 5840] mkdir("./21", 0777 [pid 5954] <... memfd_create resumed>) = 4 [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5955] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5954] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5840] <... mkdir resumed>) = 0 [pid 5955] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5954] <... write resumed>) = 32768 [pid 5955] memfd_create("syzkaller", 0 [pid 5954] munmap(0x7f0fce600000, 138412032) = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5954] close(4 [pid 5840] <... openat resumed>) = 3 [pid 5954] <... close resumed>) = 0 [pid 5955] <... memfd_create resumed>) = 3 [pid 5954] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5954] <... prlimit64 resumed>NULL) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5954] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5955] <... mmap resumed>) = 0x7f0fce600000 [pid 5954] sched_setaffinity(0, 0, NULL [pid 5840] close(3 [pid 5954] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5954] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5954] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5954] read(4, [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5956 attached , child_tidptr=0x555579e09750) = 5956 [pid 5956] set_robust_list(0x555579e09760, 24) = 0 [pid 5956] chdir("./21") = 0 [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5956] setpgid(0, 0) = 0 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5956] write(3, "1000", 4 [pid 5955] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5956] <... write resumed>) = 4 [pid 5956] close(3) = 0 [pid 5956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5956] write(1, "executing program\n", 18executing program ) = 18 [pid 5956] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5956] memfd_create("syzkaller", 0) = 3 [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5955] <... write resumed>) = 2097152 [pid 5952] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5955] munmap(0x7f0fce600000, 138412032) = 0 [pid 5952] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5952] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5952] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5952] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5955] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5956] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5955] ioctl(4, LOOP_SET_FD, 3 [pid 5952] exit_group(0 [pid 5955] <... ioctl resumed>) = 0 [pid 5952] <... exit_group resumed>) = ? [pid 5955] close(3 [pid 5952] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5955] <... close resumed>) = 0 [pid 5955] close(4 [pid 5839] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5955] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5955] mkdir("./bus", 0777) = 0 [pid 5955] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5956] <... write resumed>) = 2097152 [pid 5839] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5956] munmap(0x7f0fce600000, 138412032 [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./20/binderfs") = 0 [pid 5839] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5956] <... munmap resumed>) = 0 [ 114.180296][ T5955] loop4: detected capacity change from 0 to 4096 [pid 5956] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... umount2 resumed>) = 0 [pid 5956] <... openat resumed>) = 4 [pid 5956] ioctl(4, LOOP_SET_FD, 3 [pid 5839] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5955] <... mount resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", [pid 5955] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5956] <... ioctl resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5956] close(3 [pid 5955] <... openat resumed>) = 3 [pid 5839] getdents64(4, [pid 5956] <... close resumed>) = 0 [pid 5955] chdir("./bus" [pid 5956] close(4 [pid 5955] <... chdir resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5956] <... close resumed>) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5956] mkdir("./bus", 0777 [pid 5955] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5956] <... mkdir resumed>) = 0 [pid 5955] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] getdents64(4, [pid 5955] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5955] memfd_create("syzkaller", 0 [pid 5839] close(4) = 0 [pid 5955] <... memfd_create resumed>) = 4 [pid 5839] rmdir("./20/bus" [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5955] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5955] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] close(3 [pid 5956] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./20") = 0 [pid 5955] <... write resumed>) = 32768 [pid 5955] munmap(0x7f0fce600000, 138412032) = 0 [pid 5839] mkdir("./21", 0777) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5955] close(4) = 0 [pid 5955] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5955] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5839] <... openat resumed>) = 3 [pid 5955] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5955] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5955] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5839] close(3 [pid 5955] <... openat resumed>) = 4 [ 114.245036][ T5956] loop2: detected capacity change from 0 to 4096 [pid 5955] read(4, [pid 5839] <... close resumed>) = 0 [pid 5953] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5953] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5957 attached [pid 5953] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5957 [pid 5957] set_robust_list(0x555579e09760, 24 [pid 5956] <... mount resumed>) = 0 [pid 5953] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5953] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5953] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5957] <... set_robust_list resumed>) = 0 [pid 5957] chdir("./21" [pid 5956] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5957] <... chdir resumed>) = 0 [pid 5956] <... openat resumed>) = 3 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5956] chdir("./bus" [pid 5957] <... prctl resumed>) = 0 [pid 5956] <... chdir resumed>) = 0 [pid 5957] setpgid(0, 0 [pid 5956] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5957] <... setpgid resumed>) = 0 [pid 5956] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5956] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5957] <... openat resumed>) = 3 [pid 5956] memfd_create("syzkaller", 0 [pid 5953] <... openat resumed>) = 5 [pid 5956] <... memfd_create resumed>) = 4 [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5953] exit_group(0 [pid 5956] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5953] <... exit_group resumed>) = ? [pid 5957] write(3, "1000", 4 [pid 5956] <... write resumed>) = 32768 [pid 5957] <... write resumed>) = 4 [pid 5956] munmap(0x7f0fce600000, 138412032 [pid 5957] close(3 [pid 5956] <... munmap resumed>) = 0 [pid 5957] <... close resumed>) = 0 [pid 5956] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5957] symlink("/dev/binderfs", "./binderfs" [pid 5956] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5953] +++ exited with 0 +++ [pid 5957] <... symlink resumed>) = 0 [pid 5956] close(4 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 executing program [pid 5956] <... close resumed>) = 0 [pid 5957] write(1, "executing program\n", 18 [pid 5956] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5957] <... write resumed>) = 18 [pid 5956] <... prlimit64 resumed>NULL) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5956] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5957] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5956] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... openat resumed>) = 3 [pid 5957] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5956] sched_setaffinity(0, 0, NULL [pid 5841] newfstatat(3, "", [pid 5956] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5956] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5956] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(3, [pid 5956] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5956] read(4, [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5957] memfd_create("syzkaller", 0 [pid 5841] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5957] <... memfd_create resumed>) = 3 [pid 5954] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5954] sched_setaffinity(0, 0, NULL [pid 5841] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5957] <... mmap resumed>) = 0x7f0fce600000 [pid 5954] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5954] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5954] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5954] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5954] exit_group(0 [pid 5841] unlink("./21/binderfs") = 0 [pid 5954] <... exit_group resumed>) = ? [pid 5841] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5954] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./21/bus", [pid 5838] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] newfstatat(3, "", [pid 5841] <... openat resumed>) = 4 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] newfstatat(4, "", [pid 5838] getdents64(3, [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] getdents64(4, [pid 5838] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(4, [pid 5838] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] close(4 [pid 5838] unlink("./20/binderfs" [pid 5841] <... close resumed>) = 0 [pid 5838] <... unlink resumed>) = 0 [pid 5841] rmdir("./21/bus" [pid 5838] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... rmdir resumed>) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./21") = 0 [pid 5841] mkdir("./22", 0777 [pid 5957] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5838] <... umount2 resumed>) = 0 [pid 5838] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... ioctl resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] close(3 [pid 5838] newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] <... close resumed>) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./20/bus") = 0 [pid 5838] getdents64(3, [pid 5957] <... write resumed>) = 2097152 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3./strace-static-x86_64: Process 5958 attached [pid 5955] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] <... close resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5958 [pid 5838] rmdir("./20" [pid 5958] set_robust_list(0x555579e09760, 24 [pid 5957] munmap(0x7f0fce600000, 138412032 [pid 5958] <... set_robust_list resumed>) = 0 [pid 5955] sched_setaffinity(0, 0, NULL [pid 5838] <... rmdir resumed>) = 0 [pid 5958] chdir("./22") = 0 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5958] setpgid(0, 0) = 0 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5958] write(3, "1000", 4) = 4 [pid 5958] close(3) = 0 [pid 5958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5957] <... munmap resumed>) = 0 [pid 5955] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] mkdir("./21", 0777 [pid 5958] write(1, "executing program\n", 18 [pid 5838] <... mkdir resumed>) = 0 [pid 5955] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5957] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5955] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) executing program [pid 5958] <... write resumed>) = 18 [pid 5957] <... openat resumed>) = 4 [pid 5955] rename(NULL, NULL [pid 5838] <... openat resumed>) = 3 [pid 5955] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5955] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] <... ioctl resumed>) = 0 [pid 5958] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5838] close(3 [pid 5958] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5957] ioctl(4, LOOP_SET_FD, 3 [pid 5958] memfd_create("syzkaller", 0 [pid 5955] <... openat resumed>) = 5 [pid 5838] <... close resumed>) = 0 [pid 5955] exit_group(0) = ? [pid 5958] <... memfd_create resumed>) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5955] +++ exited with 0 +++ [pid 5957] <... ioctl resumed>) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./bus", 0777) = 0 [pid 5957] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- ./strace-static-x86_64: Process 5959 attached [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5959 [pid 5842] <... restart_syscall resumed>) = 0 [ 114.683615][ T5957] loop1: detected capacity change from 0 to 4096 [pid 5842] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5959] set_robust_list(0x555579e09760, 24 [pid 5842] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5959] <... set_robust_list resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5959] chdir("./21" [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5959] <... chdir resumed>) = 0 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5959] setpgid(0, 0) = 0 [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5959] write(3, "1000", 4) = 4 [pid 5959] close(3) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] getdents64(3, [pid 5959] write(1, "executing program\n", 18 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 executing program [pid 5842] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5959] <... write resumed>) = 18 [pid 5959] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5959] memfd_create("syzkaller", 0 [pid 5957] <... mount resumed>) = 0 [pid 5958] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./21/binderfs" [pid 5959] <... memfd_create resumed>) = 3 [pid 5957] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] <... unlink resumed>) = 0 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5957] <... openat resumed>) = 3 [pid 5842] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5959] <... mmap resumed>) = 0x7f0fce600000 [pid 5957] chdir("./bus") = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5957] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5957] memfd_create("syzkaller", 0) = 4 [pid 5956] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5957] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5957] munmap(0x7f0fce600000, 138412032) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5957] close(4) = 0 [pid 5957] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5957] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5957] sched_setaffinity(0, 0, NULL [pid 5956] sched_setaffinity(0, 0, NULL [pid 5957] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5956] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = 0 [pid 5956] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5842] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5956] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./21/bus", [pid 5956] rename(NULL, NULL [pid 5957] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5957] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5956] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5957] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5842] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5956] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5957] <... openat resumed>) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5957] read(4, [pid 5842] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./21/bus") = 0 [pid 5956] <... openat resumed>) = 5 [pid 5956] exit_group(0 [pid 5842] getdents64(3, [pid 5956] <... exit_group resumed>) = ? [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./21") = 0 [pid 5959] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] mkdir("./22", 0777 [pid 5956] +++ exited with 0 +++ [pid 5958] <... write resumed>) = 2097152 [pid 5842] <... mkdir resumed>) = 0 [pid 5958] munmap(0x7f0fce600000, 138412032 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5959] <... write resumed>) = 2097152 [pid 5842] <... openat resumed>) = 3 [pid 5959] munmap(0x7f0fce600000, 138412032 [pid 5958] <... munmap resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5840] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5959] <... munmap resumed>) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5842] <... ioctl resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] close(3 [pid 5840] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5958] <... openat resumed>) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... openat resumed>) = 3 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5959] ioctl(4, LOOP_SET_FD, 3 [pid 5958] <... ioctl resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5840] newfstatat(3, "", [pid 5959] <... ioctl resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5959] close(3 [pid 5840] getdents64(3, [pid 5959] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5960 attached [pid 5959] close(4 [pid 5960] set_robust_list(0x555579e09760, 24 [pid 5959] <... close resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5960 [pid 5840] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5960] <... set_robust_list resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5960] chdir("./22" [pid 5959] mkdir("./bus", 0777 [pid 5840] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5960] <... chdir resumed>) = 0 [pid 5959] <... mkdir resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5960] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] unlink("./21/binderfs" [pid 5960] <... prctl resumed>) = 0 [pid 5960] setpgid(0, 0 [pid 5959] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5840] <... unlink resumed>) = 0 [pid 5960] <... setpgid resumed>) = 0 [pid 5958] close(3 [pid 5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5958] <... close resumed>) = 0 [ 114.929112][ T5958] loop3: detected capacity change from 0 to 4096 [ 114.931416][ T5959] loop0: detected capacity change from 0 to 4096 [pid 5958] close(4) = 0 [pid 5960] <... openat resumed>) = 3 [pid 5958] mkdir("./bus", 0777 [pid 5960] write(3, "1000", 4) = 4 [pid 5958] <... mkdir resumed>) = 0 [pid 5960] close(3) = 0 [pid 5958] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5960] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5960] write(1, "executing program\n", 18) = 18 [pid 5960] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5957] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5957] sched_setaffinity(0, 0, NULL [pid 5960] memfd_create("syzkaller", 0 [pid 5957] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = 0 [pid 5960] <... memfd_create resumed>) = 3 [pid 5957] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5957] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5957] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./21/bus", [pid 5959] <... mount resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5959] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5959] <... openat resumed>) = 3 [pid 5957] <... openat resumed>) = 5 [pid 5840] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5959] chdir("./bus" [pid 5840] <... openat resumed>) = 4 [pid 5959] <... chdir resumed>) = 0 [pid 5840] newfstatat(4, "", [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5959] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5957] exit_group(0 [pid 5840] getdents64(4, [pid 5959] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5959] memfd_create("syzkaller", 0 [pid 5958] <... mount resumed>) = 0 [pid 5958] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5959] <... memfd_create resumed>) = 4 [pid 5958] <... openat resumed>) = 3 [pid 5957] <... exit_group resumed>) = ? [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5958] chdir("./bus" [pid 5840] getdents64(4, [pid 5959] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5958] <... chdir resumed>) = 0 [pid 5840] close(4 [pid 5959] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5958] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5957] +++ exited with 0 +++ [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./21/bus" [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5958] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5958] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5959] <... write resumed>) = 32768 [pid 5958] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] <... restart_syscall resumed>) = 0 [pid 5959] munmap(0x7f0fce600000, 138412032 [pid 5958] memfd_create("syzkaller", 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5839] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5958] <... memfd_create resumed>) = 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5959] <... munmap resumed>) = 0 [pid 5840] getdents64(3, [pid 5839] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5958] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] close(3 [pid 5839] <... openat resumed>) = 3 [pid 5958] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] newfstatat(3, "", [pid 5840] <... close resumed>) = 0 [pid 5958] <... write resumed>) = 32768 [pid 5840] rmdir("./21" [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] mkdir("./22", 0777 [pid 5959] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5958] munmap(0x7f0fce600000, 138412032 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5959] close(4 [pid 5840] <... mkdir resumed>) = 0 [pid 5960] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5959] <... close resumed>) = 0 [pid 5958] <... munmap resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5959] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5958] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... openat resumed>) = 3 [pid 5839] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5959] <... prlimit64 resumed>NULL) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] unlink("./21/binderfs" [pid 5958] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5959] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5840] <... ioctl resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5840] close(3 [pid 5959] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5958] close(4 [pid 5839] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5959] sched_setaffinity(0, 0, NULL [pid 5958] <... close resumed>) = 0 [pid 5959] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5959] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5959] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5958] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5958] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5959] <... openat resumed>) = 4 [pid 5958] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5958] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5958] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5958] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5958] read(4, [pid 5959] read(4, [pid 5960] <... write resumed>) = 2097152 [pid 5960] munmap(0x7f0fce600000, 138412032) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5960] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... close resumed>) = 0 [pid 5839] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5960] <... ioctl resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5960] close(3) = 0 [pid 5960] close(4 [pid 5839] newfstatat(AT_FDCWD, "./21/bus", [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5960] <... close resumed>) = 0 [pid 5960] mkdir("./bus", 0777) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5961 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5961 attached [pid 5960] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5839] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5961] set_robust_list(0x555579e09760, 24 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5961] <... set_robust_list resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5961] chdir("./22" [pid 5839] <... openat resumed>) = 4 [pid 5961] <... chdir resumed>) = 0 [pid 5839] newfstatat(4, "", [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5961] <... setpgid resumed>) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] getdents64(4, [pid 5961] <... openat resumed>) = 3 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5961] write(3, "1000", 4 [pid 5839] <... close resumed>) = 0 [pid 5961] <... write resumed>) = 4 [pid 5839] rmdir("./21/bus" [pid 5961] close(3) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs" [pid 5839] getdents64(3, [pid 5961] <... symlink resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [ 115.158101][ T5960] loop4: detected capacity change from 0 to 4096 [pid 5839] close(3 [pid 5961] write(1, "executing program\n", 18 [pid 5839] <... close resumed>) = 0 executing program [pid 5839] rmdir("./21" [pid 5961] <... write resumed>) = 18 [pid 5839] <... rmdir resumed>) = 0 [pid 5961] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5839] mkdir("./22", 0777 [pid 5961] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5961] memfd_create("syzkaller", 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5961] <... memfd_create resumed>) = 3 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5839] <... close resumed>) = 0 [pid 5960] <... mount resumed>) = 0 [pid 5960] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5960] chdir("./bus") = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5960] socketpair(AF_TIPC, SOCK_STREAM, 0, ./strace-static-x86_64: Process 5962 attached NULL) = -1 EFAULT (Bad address) [pid 5962] set_robust_list(0x555579e09760, 24 [pid 5960] memfd_create("syzkaller", 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5962 [pid 5960] <... memfd_create resumed>) = 4 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5960] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5962] <... set_robust_list resumed>) = 0 [pid 5962] chdir("./22" [pid 5960] munmap(0x7f0fce600000, 138412032 [pid 5962] <... chdir resumed>) = 0 [pid 5960] <... munmap resumed>) = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5960] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5962] <... prctl resumed>) = 0 [pid 5960] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5962] setpgid(0, 0 [pid 5960] close(4 [pid 5962] <... setpgid resumed>) = 0 [pid 5960] <... close resumed>) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5960] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5960] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5962] <... openat resumed>) = 3 [pid 5962] write(3, "1000", 4 [pid 5960] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5962] <... write resumed>) = 4 [pid 5960] sched_setaffinity(0, 0, NULL [pid 5962] close(3 [pid 5960] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5962] <... close resumed>) = 0 [pid 5960] sched_setscheduler(0, SCHED_RR, NULL [pid 5962] symlink("/dev/binderfs", "./binderfs" [pid 5960] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5960] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5962] <... symlink resumed>) = 0 [pid 5961] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5960] read(4, executing program [pid 5962] write(1, "executing program\n", 18) = 18 [pid 5962] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5962] memfd_create("syzkaller", 0) = 3 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5961] <... write resumed>) = 2097152 [pid 5961] munmap(0x7f0fce600000, 138412032 [pid 5959] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5961] <... munmap resumed>) = 0 [pid 5959] sched_setaffinity(0, 0, NULL [pid 5961] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5959] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5961] <... openat resumed>) = 4 [pid 5959] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5961] ioctl(4, LOOP_SET_FD, 3 [pid 5959] rename(NULL, NULL [pid 5962] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5961] <... ioctl resumed>) = 0 [pid 5959] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5961] close(3 [pid 5959] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5961] <... close resumed>) = 0 [pid 5961] close(4) = 0 [pid 5961] mkdir("./bus", 0777 [pid 5959] <... openat resumed>) = 5 [pid 5959] exit_group(0 [pid 5961] <... mkdir resumed>) = 0 [pid 5961] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5959] <... exit_group resumed>) = ? [pid 5959] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5959, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 5838] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 115.448965][ T5961] loop2: detected capacity change from 0 to 4096 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./21/binderfs") = 0 [pid 5962] <... write resumed>) = 2097152 [pid 5838] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5962] munmap(0x7f0fce600000, 138412032 [pid 5961] <... mount resumed>) = 0 [pid 5962] <... munmap resumed>) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5961] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5962] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5962] ioctl(4, LOOP_SET_FD, 3 [pid 5961] <... openat resumed>) = 3 [pid 5838] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5961] chdir("./bus" [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5961] <... chdir resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./21/bus", [pid 5961] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5961] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5961] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5961] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5961] memfd_create("syzkaller", 0 [pid 5838] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5961] <... memfd_create resumed>) = 4 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... openat resumed>) = 4 [pid 5961] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] newfstatat(4, "", [pid 5961] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5961] <... write resumed>) = 32768 [pid 5838] getdents64(4, [pid 5961] munmap(0x7f0fce600000, 138412032 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5961] <... munmap resumed>) = 0 [pid 5838] getdents64(4, [pid 5961] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5961] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] close(4 [pid 5961] close(4 [pid 5838] <... close resumed>) = 0 [pid 5961] <... close resumed>) = 0 [pid 5838] rmdir("./21/bus") = 0 [pid 5961] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5838] getdents64(3, [pid 5961] <... prlimit64 resumed>NULL) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5961] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5838] close(3 [pid 5961] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... close resumed>) = 0 [pid 5961] sched_setaffinity(0, 0, NULL [pid 5838] rmdir("./21" [pid 5961] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... rmdir resumed>) = 0 [pid 5961] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5961] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5838] mkdir("./22", 0777 [pid 5961] read(4, [pid 5838] <... mkdir resumed>) = 0 [pid 5962] <... ioctl resumed>) = 0 [pid 5962] close(3) = 0 [pid 5962] close(4) = 0 [pid 5962] mkdir("./bus", 0777 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5962] <... mkdir resumed>) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5962] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5960] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5960] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5960] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5962] <... mount resumed>) = 0 [pid 5960] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [ 115.560135][ T5962] loop1: detected capacity change from 0 to 4096 [pid 5962] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5960] rename(NULL, NULL [pid 5962] <... openat resumed>) = 3 [pid 5960] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5962] chdir("./bus" [pid 5960] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5962] <... chdir resumed>) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5838] <... close resumed>) = 0 [pid 5962] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5960] <... openat resumed>) = 5 [pid 5962] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5960] exit_group(0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5963 attached [pid 5962] memfd_create("syzkaller", 0 [pid 5960] <... exit_group resumed>) = ? [pid 5963] set_robust_list(0x555579e09760, 24 [pid 5962] <... memfd_create resumed>) = 4 [pid 5963] <... set_robust_list resumed>) = 0 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5963] chdir("./22" [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5963 [pid 5963] <... chdir resumed>) = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5962] <... mmap resumed>) = 0x7f0fce600000 [pid 5960] +++ exited with 0 +++ [pid 5963] <... prctl resumed>) = 0 [pid 5963] setpgid(0, 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5960, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5963] <... setpgid resumed>) = 0 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5963] write(3, "1000", 4) = 4 [pid 5963] close(3) = 0 [pid 5963] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... restart_syscall resumed>) = 0 [pid 5963] <... symlink resumed>) = 0 [pid 5962] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768executing program [pid 5963] write(1, "executing program\n", 18 [pid 5842] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5963] <... write resumed>) = 18 [pid 5962] <... write resumed>) = 32768 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5963] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5963] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5962] munmap(0x7f0fce600000, 138412032 [pid 5963] memfd_create("syzkaller", 0 [pid 5962] <... munmap resumed>) = 0 [pid 5958] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] <... openat resumed>) = 3 [pid 5962] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] newfstatat(3, "", [pid 5962] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5963] <... memfd_create resumed>) = 3 [pid 5842] getdents64(3, [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5962] close(4 [pid 5958] sched_setaffinity(0, 0, NULL [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5963] <... mmap resumed>) = 0x7f0fce600000 [pid 5962] <... close resumed>) = 0 [pid 5958] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./22/binderfs" [pid 5958] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5962] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5958] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... unlink resumed>) = 0 [pid 5958] rename(NULL, NULL [pid 5962] <... prlimit64 resumed>NULL) = 0 [pid 5958] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5842] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5958] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5962] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5958] <... openat resumed>) = 5 [pid 5842] <... umount2 resumed>) = 0 [pid 5962] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5958] exit_group(0 [pid 5962] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5958] <... exit_group resumed>) = ? [pid 5962] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5842] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5958] +++ exited with 0 +++ [pid 5842] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5962] <... openat resumed>) = 4 [pid 5842] <... openat resumed>) = 4 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5962] read(4, [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5842] getdents64(4, [pid 5841] <... restart_syscall resumed>) = 0 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] close(4 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] rmdir("./22/bus" [pid 5841] <... openat resumed>) = 3 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 5841] getdents64(3, [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] close(3 [pid 5841] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... close resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] rmdir("./22" [pid 5841] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5842] <... rmdir resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./22/binderfs" [pid 5842] mkdir("./23", 0777 [pid 5841] <... unlink resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5841] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3) = 0 [pid 5963] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 5964 attached [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5964] set_robust_list(0x555579e09760, 24 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5964 [pid 5841] getdents64(4, [pid 5964] <... set_robust_list resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5964] chdir("./23" [pid 5841] close(4 [pid 5964] <... chdir resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] rmdir("./22/bus" [pid 5964] <... prctl resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5964] setpgid(0, 0 [pid 5841] getdents64(3, [pid 5964] <... setpgid resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] close(3) = 0 [pid 5964] <... openat resumed>) = 3 [pid 5841] rmdir("./22" [pid 5964] write(3, "1000", 4) = 4 [pid 5964] close(3) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5841] mkdir("./23", 0777 [pid 5964] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... mkdir resumed>) = 0 executing program [pid 5964] <... symlink resumed>) = 0 [pid 5964] write(1, "executing program\n", 18 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5964] <... write resumed>) = 18 [pid 5841] <... openat resumed>) = 3 [pid 5964] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5964] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5841] close(3 [pid 5964] memfd_create("syzkaller", 0) = 3 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5963] <... write resumed>) = 2097152 [pid 5963] munmap(0x7f0fce600000, 138412032 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5965 attached [pid 5965] set_robust_list(0x555579e09760, 24 [pid 5963] <... munmap resumed>) = 0 [pid 5965] <... set_robust_list resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5965 [pid 5965] chdir("./23" [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] <... chdir resumed>) = 0 [pid 5964] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5963] ioctl(4, LOOP_SET_FD, 3 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5965] setpgid(0, 0) = 0 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] write(3, "1000", 4) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5965] write(1, "executing program\n", 18) = 18 [pid 5965] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5965] memfd_create("syzkaller", 0 [pid 5961] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5961] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5961] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5961] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5961] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5965] <... memfd_create resumed>) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5961] <... openat resumed>) = 5 [pid 5963] <... ioctl resumed>) = 0 [pid 5961] exit_group(0 [pid 5963] close(3 [pid 5961] <... exit_group resumed>) = ? [pid 5963] <... close resumed>) = 0 [pid 5961] +++ exited with 0 +++ [pid 5963] close(4 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5963] <... close resumed>) = 0 [pid 5963] mkdir("./bus", 0777 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5963] <... mkdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5963] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./22/binderfs") = 0 [ 115.912806][ T5963] loop0: detected capacity change from 0 to 4096 [pid 5840] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5964] <... write resumed>) = 2097152 [pid 5963] <... mount resumed>) = 0 [pid 5963] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5963] chdir("./bus") = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5963] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5963] memfd_create("syzkaller", 0) = 4 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5963] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5963] munmap(0x7f0fce600000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5963] close(4) = 0 [pid 5963] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5964] munmap(0x7f0fce600000, 138412032 [pid 5962] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5963] <... prlimit64 resumed>NULL) = 0 [pid 5962] sched_setaffinity(0, 0, NULL [pid 5963] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5962] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5963] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5962] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5963] sched_setaffinity(0, 0, NULL [pid 5962] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5963] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5962] rename(NULL, NULL [pid 5963] sched_setscheduler(0, SCHED_RR, NULL [pid 5962] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5963] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5962] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5963] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5963] read(4, [pid 5965] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5964] <... munmap resumed>) = 0 [pid 5962] <... openat resumed>) = 5 [pid 5840] <... umount2 resumed>) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5962] exit_group(0 [pid 5840] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5964] <... openat resumed>) = 4 [pid 5962] <... exit_group resumed>) = ? [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5964] ioctl(4, LOOP_SET_FD, 3 [pid 5962] +++ exited with 0 +++ [pid 5840] newfstatat(AT_FDCWD, "./22/bus", [pid 5964] <... ioctl resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5840] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./22/bus") = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./22") = 0 [pid 5965] <... write resumed>) = 2097152 [pid 5964] close(3 [pid 5840] mkdir("./23", 0777 [pid 5965] munmap(0x7f0fce600000, 138412032 [pid 5964] <... close resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5964] close(4) = 0 [pid 5839] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5964] mkdir("./bus", 0777 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5964] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5964] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5839] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] close(3 [pid 5839] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 116.041002][ T5964] loop4: detected capacity change from 0 to 4096 [pid 5839] unlink("./22/binderfs" [pid 5965] <... munmap resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5839] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5965] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", [pid 5840] <... close resumed>) = 0 [pid 5965] <... ioctl resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5965] close(3) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5965] close(4) = 0 [pid 5965] mkdir("./bus", 0777) = 0 [pid 5839] getdents64(4, ./strace-static-x86_64: Process 5967 attached 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5967 [pid 5965] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5964] <... mount resumed>) = 0 [pid 5839] getdents64(4, [pid 5967] set_robust_list(0x555579e09760, 24) = 0 [pid 5967] chdir("./23" [pid 5964] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5967] <... chdir resumed>) = 0 [pid 5964] <... openat resumed>) = 3 [pid 5839] close(4 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5964] chdir("./bus" [pid 5839] <... close resumed>) = 0 [pid 5964] <... chdir resumed>) = 0 [pid 5839] rmdir("./22/bus" [pid 5967] setpgid(0, 0 [pid 5964] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... rmdir resumed>) = 0 [pid 5967] <... setpgid resumed>) = 0 [pid 5839] getdents64(3, [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5964] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [ 116.106354][ T5965] loop3: detected capacity change from 0 to 4096 [pid 5967] <... openat resumed>) = 3 [pid 5964] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] close(3 [pid 5964] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5967] write(3, "1000", 4 [pid 5964] memfd_create("syzkaller", 0 [pid 5839] <... close resumed>) = 0 [pid 5967] <... write resumed>) = 4 [pid 5964] <... memfd_create resumed>) = 4 [pid 5839] rmdir("./22" [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5967] close(3) = 0 [pid 5967] symlink("/dev/binderfs", "./binderfs" [pid 5964] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] <... rmdir resumed>) = 0 executing program [pid 5967] <... symlink resumed>) = 0 [pid 5964] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] mkdir("./23", 0777 [pid 5967] write(1, "executing program\n", 18) = 18 [pid 5967] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5967] memfd_create("syzkaller", 0 [pid 5964] <... write resumed>) = 32768 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5964] munmap(0x7f0fce600000, 138412032 [pid 5967] <... memfd_create resumed>) = 3 [pid 5964] <... munmap resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5964] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5964] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... ioctl resumed>) = 0 [pid 5967] <... mmap resumed>) = 0x7f0fce600000 [pid 5964] close(4 [pid 5839] close(3 [pid 5964] <... close resumed>) = 0 [pid 5964] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5964] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5964] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5964] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5964] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5964] read(4, [pid 5839] <... close resumed>) = 0 [pid 5967] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5968 attached [pid 5963] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5968] set_robust_list(0x555579e09760, 24 [pid 5963] sched_setaffinity(0, 0, NULL [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5968 [pid 5968] <... set_robust_list resumed>) = 0 [pid 5965] <... mount resumed>) = 0 [pid 5963] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5965] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5968] chdir("./23" [pid 5963] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5968] <... chdir resumed>) = 0 [pid 5965] <... openat resumed>) = 3 [pid 5963] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5963] rename(NULL, NULL [pid 5968] <... prctl resumed>) = 0 [pid 5965] chdir("./bus" [pid 5963] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5968] setpgid(0, 0) = 0 [pid 5965] <... chdir resumed>) = 0 [pid 5963] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5968] write(3, "1000", 4 [pid 5965] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5968] <... write resumed>) = 4 [pid 5968] close(3 [pid 5965] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5963] <... openat resumed>) = 5 [pid 5965] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5968] <... close resumed>) = 0 [pid 5968] symlink("/dev/binderfs", "./binderfs" [pid 5965] memfd_create("syzkaller", 0 [pid 5963] exit_group(0 [pid 5965] <... memfd_create resumed>) = 4 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5968] <... symlink resumed>) = 0 [pid 5965] <... mmap resumed>) = 0x7f0fce600000 [pid 5968] write(1, "executing program\n", 18 [pid 5965] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768executing program [pid 5963] <... exit_group resumed>) = ? [pid 5968] <... write resumed>) = 18 [pid 5968] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5965] <... write resumed>) = 32768 [pid 5963] +++ exited with 0 +++ [pid 5968] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5965] munmap(0x7f0fce600000, 138412032 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5965] <... munmap resumed>) = 0 [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5965] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5968] memfd_create("syzkaller", 0 [pid 5965] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... restart_syscall resumed>) = 0 [pid 5965] close(4 [pid 5968] <... memfd_create resumed>) = 3 [pid 5965] <... close resumed>) = 0 [pid 5838] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] newfstatat(3, "", [pid 5967] <... write resumed>) = 2097152 [pid 5965] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5968] <... mmap resumed>) = 0x7f0fce600000 [pid 5965] <... prlimit64 resumed>NULL) = 0 [pid 5838] getdents64(3, [pid 5965] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5965] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5965] sched_setaffinity(0, 0, NULL [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5965] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5965] sched_setscheduler(0, SCHED_RR, NULL [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5965] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] unlink("./22/binderfs" [pid 5967] munmap(0x7f0fce600000, 138412032 [pid 5965] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5838] <... unlink resumed>) = 0 [pid 5965] <... openat resumed>) = 4 [pid 5965] read(4, [pid 5838] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5967] <... munmap resumed>) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... umount2 resumed>) = 0 [pid 5838] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5967] <... ioctl resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5967] close(3) = 0 [pid 5838] getdents64(4, [pid 5967] close(4 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5967] <... close resumed>) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./22/bus" [pid 5967] mkdir("./bus", 0777 [pid 5838] <... rmdir resumed>) = 0 [pid 5838] getdents64(3, [pid 5967] <... mkdir resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3 [pid 5967] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./22") = 0 [pid 5838] mkdir("./23", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [ 116.363383][ T5967] loop2: detected capacity change from 0 to 4096 [pid 5968] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5967] <... mount resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5967] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5967] <... openat resumed>) = 3 [pid 5967] chdir("./bus") = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 5969 attached ) = -1 EBUSY (Device or resource busy) [pid 5967] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5969 [pid 5969] set_robust_list(0x555579e09760, 24) = 0 [pid 5967] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5969] chdir("./23" [pid 5967] memfd_create("syzkaller", 0 [pid 5969] <... chdir resumed>) = 0 [pid 5967] <... memfd_create resumed>) = 4 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5969] <... prctl resumed>) = 0 [pid 5967] <... mmap resumed>) = 0x7f0fce600000 [pid 5969] setpgid(0, 0) = 0 [pid 5967] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5967] <... write resumed>) = 32768 [pid 5969] <... openat resumed>) = 3 [pid 5969] write(3, "1000", 4) = 4 [pid 5969] close(3) = 0 [pid 5968] <... write resumed>) = 2097152 [pid 5969] symlink("/dev/binderfs", "./binderfs" [pid 5967] munmap(0x7f0fce600000, 138412032 [pid 5969] <... symlink resumed>) = 0 [pid 5967] <... munmap resumed>) = 0 [pid 5964] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 executing program [pid 5964] sched_setaffinity(0, 0, NULL [pid 5969] write(1, "executing program\n", 18 [pid 5968] munmap(0x7f0fce600000, 138412032 [pid 5967] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5969] <... write resumed>) = 18 [pid 5968] <... munmap resumed>) = 0 [pid 5967] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5964] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5969] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5969] memfd_create("syzkaller", 0) = 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5968] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5967] close(4 [pid 5964] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5968] <... openat resumed>) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3 [pid 5967] <... close resumed>) = 0 [pid 5964] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5964] rename(NULL, NULL [pid 5967] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5964] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5967] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5964] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5967] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5967] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5967] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5968] <... ioctl resumed>) = 0 [pid 5968] close(3) = 0 [pid 5968] close(4) = 0 [pid 5968] mkdir("./bus", 0777) = 0 [pid 5968] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5967] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5967] read(4, [pid 5964] <... openat resumed>) = 5 [pid 5964] exit_group(0) = ? [ 116.519991][ T5968] loop1: detected capacity change from 0 to 4096 [pid 5964] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5969] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./23/binderfs") = 0 [pid 5842] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5965] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5965] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5965] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5965] rename(NULL, NULL [pid 5968] <... mount resumed>) = 0 [pid 5965] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5842] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5965] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5968] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5965] <... openat resumed>) = 5 [pid 5842] newfstatat(4, "", [pid 5968] <... openat resumed>) = 3 [pid 5965] exit_group(0) = ? [pid 5968] chdir("./bus" [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5968] <... chdir resumed>) = 0 [pid 5842] getdents64(4, [pid 5968] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5968] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] getdents64(4, [pid 5968] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5965] +++ exited with 0 +++ [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./23/bus") = 0 [pid 5968] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5968] memfd_create("syzkaller", 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5968] <... memfd_create resumed>) = 4 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] getdents64(3, [pid 5968] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5968] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] close(3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] rmdir("./23" [pid 5841] <... openat resumed>) = 3 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] newfstatat(3, "", [pid 5968] <... write resumed>) = 32768 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] mkdir("./24", 0777 [pid 5841] getdents64(3, [pid 5968] munmap(0x7f0fce600000, 138412032 [pid 5842] <... mkdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5968] <... munmap resumed>) = 0 [pid 5841] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5968] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] newfstatat(AT_FDCWD, "./23/binderfs", [pid 5968] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... openat resumed>) = 3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./23/binderfs" [pid 5968] close(4 [pid 5841] <... unlink resumed>) = 0 [pid 5968] <... close resumed>) = 0 [pid 5841] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5968] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5968] <... prlimit64 resumed>NULL) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5968] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] close(3 [pid 5968] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5968] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5968] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5968] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5968] read(4, [pid 5969] <... write resumed>) = 2097152 [pid 5969] munmap(0x7f0fce600000, 138412032) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5969] <... openat resumed>) = 4 [pid 5841] newfstatat(AT_FDCWD, "./23/bus", [pid 5969] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5970 attached [pid 5969] <... ioctl resumed>) = 0 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5970] set_robust_list(0x555579e09760, 24 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5970] <... set_robust_list resumed>) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5970] chdir("./24" [pid 5841] close(4 [pid 5970] <... chdir resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5970] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] rmdir("./23/bus" [pid 5970] <... prctl resumed>) = 0 [pid 5969] close(3 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5970 [pid 5970] setpgid(0, 0 [pid 5969] <... close resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5970] <... setpgid resumed>) = 0 [pid 5969] close(4 [pid 5970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5969] <... close resumed>) = 0 [pid 5969] mkdir("./bus", 0777 [pid 5841] getdents64(3, [pid 5970] <... openat resumed>) = 3 [pid 5969] <... mkdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5969] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5841] close(3 [pid 5970] write(3, "1000", 4 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./23" [pid 5970] <... write resumed>) = 4 [pid 5970] close(3 [pid 5841] <... rmdir resumed>) = 0 [pid 5970] <... close resumed>) = 0 [ 116.714257][ T5969] loop0: detected capacity change from 0 to 4096 [pid 5970] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5841] mkdir("./24", 0777 [pid 5970] write(1, "executing program\n", 18) = 18 [pid 5970] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5841] <... mkdir resumed>) = 0 [pid 5970] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5970] memfd_create("syzkaller", 0) = 3 [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5971 attached [pid 5971] set_robust_list(0x555579e09760, 24) = 0 [pid 5971] chdir("./24") = 0 [pid 5967] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5971 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5967] sched_setaffinity(0, 0, NULL [pid 5971] <... prctl resumed>) = 0 [pid 5967] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5971] setpgid(0, 0) = 0 [pid 5967] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5967] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5967] rename(NULL, NULL [pid 5971] <... openat resumed>) = 3 [pid 5967] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5971] write(3, "1000", 4 [pid 5967] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5971] <... write resumed>) = 4 [pid 5971] close(3) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5970] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5971] write(1, "executing program\n", 18executing program ) = 18 [pid 5971] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5969] <... mount resumed>) = 0 [pid 5967] <... openat resumed>) = 5 [pid 5971] memfd_create("syzkaller", 0 [pid 5969] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5971] <... memfd_create resumed>) = 3 [pid 5970] <... write resumed>) = 2097152 [pid 5969] <... openat resumed>) = 3 [pid 5967] exit_group(0 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5970] munmap(0x7f0fce600000, 138412032 [pid 5969] chdir("./bus" [pid 5967] <... exit_group resumed>) = ? [pid 5971] <... mmap resumed>) = 0x7f0fce600000 [pid 5967] +++ exited with 0 +++ [pid 5969] <... chdir resumed>) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5967, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5969] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5969] memfd_create("syzkaller", 0) = 4 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5969] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5970] <... munmap resumed>) = 0 [pid 5969] munmap(0x7f0fce600000, 138412032) = 0 [pid 5968] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5971] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5970] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5969] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5968] sched_setaffinity(0, 0, NULL [pid 5969] close(4 [pid 5968] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5968] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5968] rename(NULL, NULL [pid 5969] <... close resumed>) = 0 [pid 5969] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5968] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5970] <... openat resumed>) = 4 [pid 5969] <... prlimit64 resumed>NULL) = 0 [pid 5968] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] ioctl(4, LOOP_SET_FD, 3 [pid 5969] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5969] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5969] sched_setaffinity(0, 0, NULL [pid 5840] newfstatat(3, "", [pid 5969] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5969] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5970] <... ioctl resumed>) = 0 [pid 5969] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5970] close(3 [pid 5840] getdents64(3, [pid 5970] <... close resumed>) = 0 [pid 5970] close(4 [pid 5969] <... openat resumed>) = 4 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5970] <... close resumed>) = 0 [pid 5969] read(4, [pid 5968] <... openat resumed>) = 5 [pid 5840] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] mkdir("./bus", 0777) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5970] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5968] exit_group(0 [pid 5840] newfstatat(AT_FDCWD, "./23/binderfs", [pid 5968] <... exit_group resumed>) = ? [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./23/binderfs" [pid 5968] +++ exited with 0 +++ [pid 5840] <... unlink resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5840] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... openat resumed>) = 3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(3, "", [pid 5840] newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5971] <... write resumed>) = 2097152 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(4, "", [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] getdents64(4, [pid 5839] unlink("./23/binderfs" [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5839] <... unlink resumed>) = 0 [ 116.966732][ T5970] loop4: detected capacity change from 0 to 4096 [pid 5971] munmap(0x7f0fce600000, 138412032 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(4) = 0 [pid 5971] <... munmap resumed>) = 0 [pid 5840] rmdir("./23/bus") = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./23") = 0 [pid 5840] mkdir("./24", 0777 [pid 5839] <... umount2 resumed>) = 0 [pid 5971] <... openat resumed>) = 4 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5971] ioctl(4, LOOP_SET_FD, 3 [pid 5970] <... mount resumed>) = 0 [pid 5839] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./23/bus", [pid 5970] <... openat resumed>) = 3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] chdir("./bus") = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5970] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5970] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5970] memfd_create("syzkaller", 0 [pid 5839] <... openat resumed>) = 4 [pid 5971] <... ioctl resumed>) = 0 [pid 5971] close(3 [pid 5970] <... memfd_create resumed>) = 4 [pid 5840] <... close resumed>) = 0 [pid 5839] newfstatat(4, "", [pid 5971] <... close resumed>) = 0 [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5971] close(4 [pid 5970] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, [pid 5971] <... close resumed>) = 0 [pid 5970] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5971] mkdir("./bus", 0777 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5971] <... mkdir resumed>) = 0 [pid 5970] <... write resumed>) = 32768 [pid 5839] close(4 [pid 5971] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5970] munmap(0x7f0fce600000, 138412032 [pid 5839] <... close resumed>) = 0 [ 117.073172][ T5971] loop3: detected capacity change from 0 to 4096 ./strace-static-x86_64: Process 5973 attached [pid 5970] <... munmap resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5973 [pid 5839] rmdir("./23/bus" [pid 5973] set_robust_list(0x555579e09760, 24) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5973] chdir("./24" [pid 5839] getdents64(3, [pid 5973] <... chdir resumed>) = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5970] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] close(3 [pid 5970] close(4 [pid 5973] <... prctl resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5973] setpgid(0, 0 [pid 5970] <... close resumed>) = 0 [pid 5839] rmdir("./23" [pid 5973] <... setpgid resumed>) = 0 [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5970] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5839] <... rmdir resumed>) = 0 [pid 5973] <... openat resumed>) = 3 [pid 5970] <... prlimit64 resumed>NULL) = 0 [pid 5973] write(3, "1000", 4) = 4 [pid 5970] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5973] close(3) = 0 [pid 5973] symlink("/dev/binderfs", "./binderfs" [pid 5839] mkdir("./24", 0777 [pid 5970] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5973] <... symlink resumed>) = 0 [pid 5970] sched_setaffinity(0, 0, NULL [pid 5839] <... mkdir resumed>) = 0 [pid 5970] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5970] sched_setscheduler(0, SCHED_RR, NULL [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5973] write(1, "executing program\n", 18executing program ) = 18 [pid 5839] <... openat resumed>) = 3 [pid 5973] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5973] memfd_create("syzkaller", 0 [pid 5970] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5973] <... memfd_create resumed>) = 3 [pid 5971] <... mount resumed>) = 0 [pid 5970] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5839] <... ioctl resumed>) = 0 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5971] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5970] <... openat resumed>) = 4 [pid 5973] <... mmap resumed>) = 0x7f0fce600000 [pid 5971] <... openat resumed>) = 3 [pid 5970] read(4, [pid 5839] close(3 [pid 5971] chdir("./bus") = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5971] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5971] memfd_create("syzkaller", 0) = 4 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5971] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5971] munmap(0x7f0fce600000, 138412032) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5971] close(4) = 0 [pid 5971] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5839] <... close resumed>) = 0 [pid 5971] <... prlimit64 resumed>NULL) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5971] sched_setscheduler(0, SCHED_FIFO, NULL./strace-static-x86_64: Process 5974 attached ) = -1 EINVAL (Invalid argument) [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5974 [pid 5971] sched_setaffinity(0, 0, NULL [pid 5974] set_robust_list(0x555579e09760, 24 [pid 5971] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5971] sched_setscheduler(0, SCHED_RR, NULL [pid 5974] <... set_robust_list resumed>) = 0 [pid 5971] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5974] chdir("./24" [pid 5973] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5971] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5974] <... chdir resumed>) = 0 [pid 5971] <... openat resumed>) = 4 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5971] read(4, [pid 5974] <... prctl resumed>) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5973] <... write resumed>) = 2097152 [pid 5974] write(1, "executing program\n", 18) = 18 [pid 5974] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5974] memfd_create("syzkaller", 0) = 3 [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5973] munmap(0x7f0fce600000, 138412032) = 0 [pid 5969] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5969] sched_setaffinity(0, 0, NULL [pid 5973] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5974] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5973] <... openat resumed>) = 4 [pid 5969] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5969] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5969] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5973] ioctl(4, LOOP_SET_FD, 3 [pid 5969] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5973] <... ioctl resumed>) = 0 [pid 5969] <... openat resumed>) = 5 [pid 5973] close(3) = 0 [pid 5973] close(4 [pid 5969] exit_group(0) = ? [pid 5969] +++ exited with 0 +++ [pid 5973] <... close resumed>) = 0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5973] mkdir("./bus", 0777 [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5973] <... mkdir resumed>) = 0 [pid 5973] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5838] <... restart_syscall resumed>) = 0 [pid 5838] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./23/binderfs", [pid 5970] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./23/binderfs") = 0 [pid 5838] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5974] <... write resumed>) = 2097152 [pid 5970] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5838] <... umount2 resumed>) = 0 [pid 5970] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5970] rename(NULL, NULL [pid 5838] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] <... rename resumed>) = -1 EFAULT (Bad address) [ 117.406269][ T5973] loop2: detected capacity change from 0 to 4096 [pid 5974] munmap(0x7f0fce600000, 138412032 [pid 5970] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./23/bus" [pid 5974] <... munmap resumed>) = 0 [pid 5973] <... mount resumed>) = 0 [pid 5970] <... openat resumed>) = 5 [pid 5838] <... rmdir resumed>) = 0 [pid 5973] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5973] <... openat resumed>) = 3 [pid 5838] close(3 [pid 5973] chdir("./bus" [pid 5974] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5973] <... chdir resumed>) = 0 [pid 5970] exit_group(0 [pid 5838] <... close resumed>) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] rmdir("./23" [pid 5974] <... openat resumed>) = 4 [pid 5973] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5970] <... exit_group resumed>) = ? [pid 5838] <... rmdir resumed>) = 0 [pid 5974] ioctl(4, LOOP_SET_FD, 3 [pid 5973] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] mkdir("./24", 0777 [pid 5973] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5973] memfd_create("syzkaller", 0 [pid 5970] +++ exited with 0 +++ [pid 5838] <... mkdir resumed>) = 0 [pid 5973] <... memfd_create resumed>) = 4 [pid 5974] <... ioctl resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5970, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5838] <... openat resumed>) = 3 [pid 5973] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5973] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5842] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5974] close(3 [pid 5973] <... write resumed>) = 32768 [pid 5842] <... openat resumed>) = 3 [pid 5838] <... ioctl resumed>) = 0 [pid 5974] <... close resumed>) = 0 [pid 5973] munmap(0x7f0fce600000, 138412032 [pid 5842] newfstatat(3, "", [pid 5838] close(3 [pid 5974] close(4 [pid 5973] <... munmap resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5974] <... close resumed>) = 0 [pid 5842] getdents64(3, [pid 5974] mkdir("./bus", 0777 [pid 5973] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./24/binderfs") = 0 [pid 5842] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5973] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5973] close(4) = 0 [pid 5973] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5973] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5973] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5973] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5974] <... mkdir resumed>) = 0 [pid 5973] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5974] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [ 117.513291][ T5974] loop1: detected capacity change from 0 to 4096 [pid 5973] read(4, [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", [pid 5838] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5975 attached [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5975] set_robust_list(0x555579e09760, 24 [pid 5842] close(4 [pid 5975] <... set_robust_list resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5975] chdir("./24" [pid 5842] rmdir("./24/bus" [pid 5975] <... chdir resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5975] setpgid(0, 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5975 [pid 5975] <... setpgid resumed>) = 0 [pid 5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] getdents64(3, [pid 5975] <... openat resumed>) = 3 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 5975] write(3, "1000", 4 [pid 5842] <... close resumed>) = 0 [pid 5975] <... write resumed>) = 4 [pid 5842] rmdir("./24" [pid 5975] close(3) = 0 [pid 5975] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5842] <... rmdir resumed>) = 0 [pid 5975] write(1, "executing program\n", 18) = 18 [pid 5975] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] mkdir("./25", 0777 [pid 5975] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... mkdir resumed>) = 0 [pid 5975] memfd_create("syzkaller", 0 [pid 5974] <... mount resumed>) = 0 [pid 5974] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5974] <... openat resumed>) = 3 [pid 5974] chdir("./bus" [pid 5842] <... openat resumed>) = 3 [pid 5974] <... chdir resumed>) = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5975] <... memfd_create resumed>) = 3 [pid 5974] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... ioctl resumed>) = 0 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5974] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] close(3 [pid 5974] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5974] memfd_create("syzkaller", 0 [pid 5975] <... mmap resumed>) = 0x7f0fce600000 [pid 5974] <... memfd_create resumed>) = 4 [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5974] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5974] munmap(0x7f0fce600000, 138412032) = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5974] close(4) = 0 [pid 5842] <... close resumed>) = 0 [pid 5974] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5974] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5974] sched_setaffinity(0, 0, NULL./strace-static-x86_64: Process 5976 attached ) = -1 EINVAL (Invalid argument) [pid 5974] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5976 [pid 5974] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5976] set_robust_list(0x555579e09760, 24 [pid 5974] read(4, [pid 5976] <... set_robust_list resumed>) = 0 [pid 5976] chdir("./25") = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5976] write(3, "1000", 4 [pid 5975] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5976] <... write resumed>) = 4 [pid 5976] close(3) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5976] write(1, "executing program\n", 18) = 18 [pid 5976] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5976] memfd_create("syzkaller", 0) = 3 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5975] <... write resumed>) = 2097152 [pid 5975] munmap(0x7f0fce600000, 138412032) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5975] ioctl(4, LOOP_SET_FD, 3 [pid 5976] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5975] <... ioctl resumed>) = 0 [pid 5975] close(3) = 0 [pid 5975] close(4) = 0 [pid 5975] mkdir("./bus", 0777) = 0 [ 117.877990][ T5975] loop0: detected capacity change from 0 to 4096 [pid 5975] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5976] <... write resumed>) = 2097152 [pid 5976] munmap(0x7f0fce600000, 138412032 [pid 5975] <... mount resumed>) = 0 [pid 5975] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5976] <... munmap resumed>) = 0 [pid 5975] <... openat resumed>) = 3 [pid 5975] chdir("./bus") = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5975] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5976] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5975] memfd_create("syzkaller", 0 [pid 5976] <... openat resumed>) = 4 [pid 5975] <... memfd_create resumed>) = 4 [pid 5976] ioctl(4, LOOP_SET_FD, 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5975] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5975] munmap(0x7f0fce600000, 138412032) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5975] close(4) = 0 [pid 5975] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5975] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5975] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5975] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5975] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5974] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5975] read(4, [pid 5974] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5974] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5974] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5974] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5976] <... ioctl resumed>) = 0 [pid 5976] close(3) = 0 [pid 5976] close(4) = 0 [pid 5976] mkdir("./bus", 0777) = 0 [ 118.027827][ T5976] loop4: detected capacity change from 0 to 4096 [pid 5976] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5974] <... openat resumed>) = 5 [pid 5971] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5971] sched_setaffinity(0, 0, NULL [pid 5974] exit_group(0 [pid 5971] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5974] <... exit_group resumed>) = ? [pid 5971] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5974] +++ exited with 0 +++ [pid 5971] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5971] rename(NULL, NULL [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5971] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5971] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5976] <... mount resumed>) = 0 [pid 5839] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", [pid 5976] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 5976] <... openat resumed>) = 3 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./24/binderfs", [pid 5976] chdir("./bus" [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5976] <... chdir resumed>) = 0 [pid 5839] unlink("./24/binderfs" [pid 5976] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... unlink resumed>) = 0 [pid 5976] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5971] <... openat resumed>) = 5 [pid 5976] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5971] exit_group(0 [pid 5976] memfd_create("syzkaller", 0 [pid 5971] <... exit_group resumed>) = ? [pid 5976] <... memfd_create resumed>) = 4 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5976] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5971] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 5976] munmap(0x7f0fce600000, 138412032) = 0 [pid 5841] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5976] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5976] close(4 [pid 5841] <... openat resumed>) = 3 [pid 5976] <... close resumed>) = 0 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 5839] <... umount2 resumed>) = 0 [pid 5976] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5976] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5976] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5976] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5976] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5976] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5976] read(4, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./24/bus", [pid 5841] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./24/binderfs" [pid 5839] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... unlink resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", [pid 5841] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./24/bus") = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5839] getdents64(3, [pid 5841] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./24") = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] mkdir("./25", 0777 [pid 5841] newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... mkdir resumed>) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5841] getdents64(4, [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] <... ioctl resumed>) = 0 [pid 5841] getdents64(4, [pid 5839] close(3 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./24/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./24") = 0 [pid 5841] mkdir("./25", 0777) = 0 [pid 5839] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5979 attached [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 5979] set_robust_list(0x555579e09760, 24) = 0 [pid 5979] chdir("./25") = 0 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5979 [pid 5979] setpgid(0, 0) = 0 [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5979] write(3, "1000", 4) = 4 [pid 5979] close(3) = 0 [pid 5979] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5979] write(1, "executing program\n", 18) = 18 [pid 5979] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5979] memfd_create("syzkaller", 0) = 3 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5980 attached , child_tidptr=0x555579e09750) = 5980 [pid 5980] set_robust_list(0x555579e09760, 24) = 0 [pid 5980] chdir("./25") = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3) = 0 [pid 5980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5980] write(1, "executing program\n", 18executing program ) = 18 [pid 5980] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5980] memfd_create("syzkaller", 0 [pid 5979] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5980] <... memfd_create resumed>) = 3 [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5973] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5973] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5973] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5973] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5973] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5973] exit_group(0) = ? [pid 5979] <... write resumed>) = 2097152 [pid 5973] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5973, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- [pid 5840] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5979] munmap(0x7f0fce600000, 138412032 [pid 5840] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./24/binderfs") = 0 [pid 5840] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5979] <... munmap resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./24/bus", [pid 5979] <... openat resumed>) = 4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5979] ioctl(4, LOOP_SET_FD, 3 [pid 5840] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5980] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5979] <... ioctl resumed>) = 0 [pid 5975] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] close(4) = 0 [pid 5840] rmdir("./24/bus" [pid 5979] close(3 [pid 5975] sched_setaffinity(0, 0, NULL [pid 5840] <... rmdir resumed>) = 0 [pid 5979] <... close resumed>) = 0 [pid 5975] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5979] close(4 [pid 5975] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5979] <... close resumed>) = 0 [pid 5975] rename(NULL, NULL [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./24") = 0 [pid 5840] mkdir("./25", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5975] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5979] mkdir("./bus", 0777 [pid 5975] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5979] <... mkdir resumed>) = 0 [pid 5979] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5975] <... openat resumed>) = 5 [pid 5975] exit_group(0) = ? [pid 5975] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5838] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./24/binderfs") = 0 [ 118.605080][ T5979] loop1: detected capacity change from 0 to 4096 [pid 5838] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5980] <... write resumed>) = 2097152 [pid 5840] <... close resumed>) = 0 [pid 5980] munmap(0x7f0fce600000, 138412032 [pid 5838] <... umount2 resumed>) = 0 [pid 5980] <... munmap resumed>) = 0 [pid 5838] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5980] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5980] <... openat resumed>) = 4 [pid 5838] newfstatat(AT_FDCWD, "./24/bus", [pid 5980] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5982 attached [pid 5980] <... ioctl resumed>) = 0 [pid 5979] <... mount resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5982 [pid 5838] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5982] set_robust_list(0x555579e09760, 24 [pid 5980] close(3 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5982] <... set_robust_list resumed>) = 0 [pid 5980] <... close resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5982] chdir("./25" [pid 5980] close(4 [pid 5838] <... openat resumed>) = 4 [pid 5982] <... chdir resumed>) = 0 [pid 5980] <... close resumed>) = 0 [pid 5838] newfstatat(4, "", [pid 5982] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5980] mkdir("./bus", 0777 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5982] <... prctl resumed>) = 0 [pid 5980] <... mkdir resumed>) = 0 [pid 5979] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5838] getdents64(4, [pid 5979] <... openat resumed>) = 3 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4 [pid 5982] setpgid(0, 0 [pid 5980] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5838] <... close resumed>) = 0 [pid 5982] <... setpgid resumed>) = 0 [pid 5979] chdir("./bus" [pid 5838] rmdir("./24/bus" [pid 5982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... rmdir resumed>) = 0 [pid 5982] <... openat resumed>) = 3 [pid 5838] getdents64(3, [pid 5982] write(3, "1000", 4 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5982] <... write resumed>) = 4 [pid 5838] close(3 [pid 5982] close(3 [pid 5838] <... close resumed>) = 0 [pid 5982] <... close resumed>) = 0 [pid 5838] rmdir("./24" [pid 5982] symlink("/dev/binderfs", "./binderfs" [pid 5838] <... rmdir resumed>) = 0 [pid 5982] <... symlink resumed>) = 0 [pid 5838] mkdir("./25", 0777) = 0 [pid 5982] write(1, "executing program\n", 18 [pid 5979] <... chdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 5982] <... write resumed>) = 18 [pid 5838] <... openat resumed>) = 3 [pid 5982] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5979] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5982] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] <... ioctl resumed>) = 0 [pid 5982] memfd_create("syzkaller", 0 [pid 5979] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] close(3 [ 118.709637][ T5980] loop3: detected capacity change from 0 to 4096 [pid 5979] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5982] <... memfd_create resumed>) = 3 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5979] memfd_create("syzkaller", 0) = 4 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5979] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5976] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5979] <... write resumed>) = 32768 [pid 5979] munmap(0x7f0fce600000, 138412032 [pid 5976] sched_setaffinity(0, 0, NULL [pid 5979] <... munmap resumed>) = 0 [pid 5976] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5979] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5976] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5979] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5976] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5979] close(4 [pid 5976] rename(NULL, NULL [pid 5979] <... close resumed>) = 0 [pid 5976] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5979] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5976] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] <... close resumed>) = 0 [pid 5979] <... prlimit64 resumed>NULL) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5983 attached [pid 5979] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5976] <... openat resumed>) = 5 [pid 5979] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 5983 [pid 5979] sched_setaffinity(0, 0, NULL [pid 5976] exit_group(0 [pid 5979] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5976] <... exit_group resumed>) = ? [pid 5983] set_robust_list(0x555579e09760, 24) = 0 [pid 5983] chdir("./25") = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5983] setpgid(0, 0) = 0 [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5983] write(3, "1000", 4) = 4 [pid 5983] close(3) = 0 [pid 5976] +++ exited with 0 +++ [pid 5983] symlink("/dev/binderfs", "./binderfs" [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- [pid 5983] <... symlink resumed>) = 0 [pid 5979] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] restart_syscall(<... resuming interrupted clone ...>executing program [pid 5979] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5983] write(1, "executing program\n", 18 [pid 5979] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5983] <... write resumed>) = 18 [pid 5979] <... openat resumed>) = 4 [pid 5983] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5979] read(4, [pid 5983] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5983] memfd_create("syzkaller", 0 [pid 5842] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5983] <... memfd_create resumed>) = 3 [pid 5842] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./25/binderfs") = 0 [pid 5842] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5982] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 5980] <... mount resumed>) = 0 [pid 5980] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5980] chdir("./bus") = 0 [pid 5980] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5980] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5980] memfd_create("syzkaller", 0) = 4 [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5980] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5980] munmap(0x7f0fce600000, 138412032) = 0 [pid 5980] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5980] close(4) = 0 [pid 5980] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5980] <... prlimit64 resumed>NULL) = 0 [pid 5842] getdents64(4, [pid 5980] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5980] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] close(4 [pid 5983] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5980] sched_setaffinity(0, 0, NULL [pid 5842] <... close resumed>) = 0 [pid 5980] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5980] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] rmdir("./25/bus" [pid 5980] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5980] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5982] <... write resumed>) = 2097152 [pid 5980] <... openat resumed>) = 4 [pid 5842] <... rmdir resumed>) = 0 [pid 5980] read(4, [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 5982] munmap(0x7f0fce600000, 138412032 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./25" [pid 5982] <... munmap resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5842] mkdir("./26", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5982] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5982] ioctl(4, LOOP_SET_FD, 3 [pid 5983] <... write resumed>) = 2097152 [pid 5983] munmap(0x7f0fce600000, 138412032 [pid 5982] <... ioctl resumed>) = 0 [pid 5983] <... munmap resumed>) = 0 [pid 5982] close(3 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5982] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5983] <... openat resumed>) = 4 [pid 5982] close(4 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5983] ioctl(4, LOOP_SET_FD, 3 [pid 5982] <... close resumed>) = 0 [pid 5982] mkdir("./bus", 0777) = 0 [pid 5982] mount("/dev/loop2", "./bus", "ntfs3", 0, ""./strace-static-x86_64: Process 5984 attached [pid 5984] set_robust_list(0x555579e09760, 24) = 0 [pid 5983] <... ioctl resumed>) = 0 [pid 5984] chdir("./26") = 0 [pid 5983] close(3 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5984 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5983] <... close resumed>) = 0 [pid 5984] <... prctl resumed>) = 0 [ 118.959645][ T5982] loop2: detected capacity change from 0 to 4096 [ 118.998240][ T5983] loop0: detected capacity change from 0 to 4096 [pid 5983] close(4 [pid 5979] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5984] setpgid(0, 0 [pid 5983] <... close resumed>) = 0 [pid 5984] <... setpgid resumed>) = 0 [pid 5983] mkdir("./bus", 0777) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5983] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5979] sched_setaffinity(0, 0, NULL [pid 5984] <... openat resumed>) = 3 [pid 5984] write(3, "1000", 4 [pid 5979] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5984] <... write resumed>) = 4 [pid 5979] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5984] close(3 [pid 5979] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5984] <... close resumed>) = 0 [pid 5979] rename(NULL, NULL [pid 5984] symlink("/dev/binderfs", "./binderfs" [pid 5982] <... mount resumed>) = 0 [pid 5979] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5982] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5984] <... symlink resumed>) = 0 [pid 5979] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5982] <... openat resumed>) = 3 [pid 5982] chdir("./bus") = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5979] <... openat resumed>) = 5 [pid 5982] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5982] memfd_create("syzkaller", 0 [pid 5979] exit_group(0 [pid 5982] <... memfd_create resumed>) = 4 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5979] <... exit_group resumed>) = ? executing program [pid 5982] <... mmap resumed>) = 0x7f0fce600000 [pid 5984] write(1, "executing program\n", 18) = 18 [pid 5982] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5984] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5984] memfd_create("syzkaller", 0 [pid 5982] <... write resumed>) = 32768 [pid 5982] munmap(0x7f0fce600000, 138412032 [pid 5983] <... mount resumed>) = 0 [pid 5982] <... munmap resumed>) = 0 [pid 5983] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5984] <... memfd_create resumed>) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5983] <... openat resumed>) = 3 [pid 5979] +++ exited with 0 +++ [pid 5984] <... mmap resumed>) = 0x7f0fce600000 [pid 5982] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5982] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5982] close(4 [pid 5983] chdir("./bus" [pid 5982] <... close resumed>) = 0 [pid 5983] <... chdir resumed>) = 0 [pid 5982] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5982] <... prlimit64 resumed>NULL) = 0 [pid 5983] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5982] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5982] sched_setaffinity(0, 0, NULL [pid 5983] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5982] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5983] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5982] sched_setscheduler(0, SCHED_RR, NULL [pid 5983] memfd_create("syzkaller", 0 [pid 5982] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5982] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5983] <... memfd_create resumed>) = 4 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5982] read(4, [pid 5983] <... mmap resumed>) = 0x7f0fce600000 [pid 5983] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5839] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5983] munmap(0x7f0fce600000, 138412032 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5983] <... munmap resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5983] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5983] close(4 [pid 5839] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5983] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5983] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5839] unlink("./25/binderfs" [pid 5983] <... prlimit64 resumed>NULL) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5983] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5983] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5983] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5983] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5983] read(4, [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./25/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./25" [pid 5984] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./26", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3) = 0 [pid 5984] <... write resumed>) = 2097152 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5985 attached [pid 5984] munmap(0x7f0fce600000, 138412032 [pid 5985] set_robust_list(0x555579e09760, 24 [pid 5984] <... munmap resumed>) = 0 [pid 5985] <... set_robust_list resumed>) = 0 [pid 5985] chdir("./26" [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5985 [pid 5985] <... chdir resumed>) = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5985] setpgid(0, 0) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5985] write(3, "1000", 4 [pid 5984] <... openat resumed>) = 4 [pid 5985] <... write resumed>) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3 [pid 5985] close(3) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5985] write(1, "executing program\n", 18) = 18 [pid 5985] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5985] memfd_create("syzkaller", 0 [pid 5984] <... ioctl resumed>) = 0 [pid 5985] <... memfd_create resumed>) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5984] close(3) = 0 [pid 5984] close(4) = 0 [pid 5984] mkdir("./bus", 0777) = 0 [ 119.359649][ T5984] loop4: detected capacity change from 0 to 4096 [pid 5984] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5985] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5980] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5980] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5980] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5980] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5980] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5980] exit_group(0) = ? [pid 5984] <... mount resumed>) = 0 [pid 5980] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- [pid 5984] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5841] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5984] <... openat resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5984] chdir("./bus" [pid 5841] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5984] <... chdir resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5984] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5984] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5984] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5841] getdents64(3, [pid 5984] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5984] memfd_create("syzkaller", 0) = 4 [pid 5841] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5984] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5984] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./25/binderfs") = 0 [pid 5984] <... write resumed>) = 32768 [pid 5841] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5984] munmap(0x7f0fce600000, 138412032) = 0 [pid 5985] <... write resumed>) = 2097152 [pid 5985] munmap(0x7f0fce600000, 138412032 [pid 5984] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... umount2 resumed>) = 0 [pid 5984] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5984] close(4) = 0 [pid 5984] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5985] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5984] <... prlimit64 resumed>NULL) = 0 [pid 5984] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5984] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5984] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5984] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5984] read(4, [pid 5985] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5985] <... openat resumed>) = 4 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5985] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", [pid 5985] <... ioctl resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5985] close(3 [pid 5841] getdents64(4, [pid 5985] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5985] close(4 [pid 5841] getdents64(4, [pid 5985] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5985] mkdir("./bus", 0777 [pid 5841] <... close resumed>) = 0 [pid 5985] <... mkdir resumed>) = 0 [pid 5841] rmdir("./25/bus" [pid 5985] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5841] <... rmdir resumed>) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./25") = 0 [pid 5841] mkdir("./26", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [ 119.603240][ T5985] loop1: detected capacity change from 0 to 4096 [pid 5985] <... mount resumed>) = 0 [pid 5841] close(3 [pid 5985] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./bus") = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5985] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5985] memfd_create("syzkaller", 0) = 4 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5841] <... close resumed>) = 0 [pid 5985] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5986 attached [pid 5985] <... write resumed>) = 32768 [pid 5985] munmap(0x7f0fce600000, 138412032 [pid 5986] set_robust_list(0x555579e09760, 24) = 0 [pid 5985] <... munmap resumed>) = 0 [pid 5986] chdir("./26" [pid 5985] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5986] <... chdir resumed>) = 0 [pid 5985] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5986 [pid 5986] <... prctl resumed>) = 0 [pid 5985] close(4 [pid 5986] setpgid(0, 0) = 0 [pid 5985] <... close resumed>) = 0 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5985] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5986] <... openat resumed>) = 3 [pid 5985] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5985] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5985] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5985] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5986] write(3, "1000", 4) = 4 [pid 5986] close(3 [pid 5985] read(4, [pid 5986] <... close resumed>) = 0 [pid 5986] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5986] write(1, "executing program\n", 18) = 18 [pid 5986] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5986] memfd_create("syzkaller", 0) = 3 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5982] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5982] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5982] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5982] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5982] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5982] exit_group(0) = ? [pid 5982] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5982, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 5840] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5986] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./25/binderfs") = 0 [pid 5840] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5986] <... write resumed>) = 2097152 [pid 5840] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5986] munmap(0x7f0fce600000, 138412032 [pid 5983] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5983] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./25/bus", [pid 5983] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5983] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5983] rename(NULL, NULL [pid 5986] <... munmap resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5983] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5983] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5986] <... openat resumed>) = 4 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", [pid 5986] ioctl(4, LOOP_SET_FD, 3 [pid 5983] <... openat resumed>) = 5 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 5986] <... ioctl resumed>) = 0 [pid 5983] exit_group(0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5983] <... exit_group resumed>) = ? [pid 5840] getdents64(4, [pid 5986] close(3 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./25/bus") = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5986] <... close resumed>) = 0 [pid 5840] close(3 [pid 5986] close(4 [pid 5840] <... close resumed>) = 0 [pid 5986] <... close resumed>) = 0 [pid 5840] rmdir("./25") = 0 [pid 5986] mkdir("./bus", 0777 [pid 5840] mkdir("./26", 0777 [pid 5986] <... mkdir resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5986] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5985] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5983] +++ exited with 0 +++ [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5983, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 5985] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5985] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5838] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5985] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] <... ioctl resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5985] rename(NULL, NULL [pid 5838] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5985] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] close(3 [pid 5838] <... openat resumed>) = 3 [pid 5985] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./25/binderfs") = 0 [ 120.019028][ T5986] loop3: detected capacity change from 0 to 4096 [pid 5838] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5985] <... openat resumed>) = 5 [pid 5985] exit_group(0) = ? [pid 5986] <... mount resumed>) = 0 [pid 5985] +++ exited with 0 +++ [pid 5838] <... umount2 resumed>) = 0 [pid 5986] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5986] <... openat resumed>) = 3 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5838] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./25/bus", [pid 5986] chdir("./bus" [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5986] <... chdir resumed>) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5986] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5986] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5986] memfd_create("syzkaller", 0 [pid 5838] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... openat resumed>) = 3 [pid 5986] <... memfd_create resumed>) = 4 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] newfstatat(3, "", [pid 5986] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] getdents64(3, [pid 5838] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] <... openat resumed>) = 4 [pid 5838] newfstatat(4, "", [pid 5986] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5840] <... close resumed>) = 0 [pid 5839] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5987 [pid 5839] newfstatat(AT_FDCWD, "./26/binderfs", ./strace-static-x86_64: Process 5987 attached {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] close(4 [pid 5839] unlink("./26/binderfs" [pid 5987] set_robust_list(0x555579e09760, 24 [pid 5838] <... close resumed>) = 0 [pid 5987] <... set_robust_list resumed>) = 0 [pid 5838] rmdir("./25/bus" [pid 5987] chdir("./26" [pid 5986] <... write resumed>) = 32768 [pid 5839] <... unlink resumed>) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5986] munmap(0x7f0fce600000, 138412032 [pid 5839] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5987] <... chdir resumed>) = 0 [pid 5838] getdents64(3, [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5986] <... munmap resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5987] <... prctl resumed>) = 0 [pid 5838] close(3 [pid 5987] setpgid(0, 0) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... close resumed>) = 0 [pid 5987] <... openat resumed>) = 3 [pid 5986] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] rmdir("./25" [pid 5987] write(3, "1000", 4 [pid 5838] <... rmdir resumed>) = 0 [pid 5987] <... write resumed>) = 4 [pid 5838] mkdir("./26", 0777 [pid 5987] close(3 [pid 5986] close(4 [pid 5839] <... umount2 resumed>) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 5987] <... close resumed>) = 0 [pid 5987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5986] <... close resumed>) = 0 [pid 5839] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5986] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5839] newfstatat(AT_FDCWD, "./26/bus", [pid 5986] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5987] write(1, "executing program\n", 18 [pid 5986] sched_setaffinity(0, 0, NULL [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5987] <... write resumed>) = 18 [pid 5986] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... openat resumed>) = 3 [pid 5987] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5986] sched_setscheduler(0, SCHED_RR, NULL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5987] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5986] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... ioctl resumed>) = 0 [pid 5987] memfd_create("syzkaller", 0 [pid 5986] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5839] <... openat resumed>) = 4 [pid 5838] close(3 [pid 5986] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", [pid 5986] read(4, [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 5987] <... memfd_create resumed>) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5987] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./26/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./26") = 0 [pid 5839] mkdir("./27", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5838] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5988 attached , child_tidptr=0x555579e09750) = 5988 [pid 5988] set_robust_list(0x555579e09760, 24) = 0 [pid 5988] chdir("./26") = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] <... close resumed>) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5987] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5988] <... openat resumed>) = 3 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5988] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 5989 attached [pid 5989] set_robust_list(0x555579e09760, 24 [pid 5988] close(3 [pid 5989] <... set_robust_list resumed>) = 0 [pid 5988] <... close resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5989 [pid 5988] symlink("/dev/binderfs", "./binderfs" [pid 5989] chdir("./27") = 0 [pid 5988] <... symlink resumed>) = 0 [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5988] write(1, "executing program\n", 18 [pid 5989] <... prctl resumed>) = 0 [pid 5989] setpgid(0, 0) = 0 executing program [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5988] <... write resumed>) = 18 [pid 5989] <... openat resumed>) = 3 [pid 5989] write(3, "1000", 4) = 4 [pid 5988] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5989] close(3) = 0 [pid 5988] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5989] symlink("/dev/binderfs", "./binderfs" [pid 5988] memfd_create("syzkaller", 0 [pid 5989] <... symlink resumed>) = 0 [pid 5988] <... memfd_create resumed>) = 3 executing program [pid 5989] write(1, "executing program\n", 18 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5989] <... write resumed>) = 18 [pid 5988] <... mmap resumed>) = 0x7f0fce600000 [pid 5989] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5989] memfd_create("syzkaller", 0 [pid 5987] <... write resumed>) = 2097152 [pid 5989] <... memfd_create resumed>) = 3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5987] munmap(0x7f0fce600000, 138412032 [pid 5984] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5989] <... mmap resumed>) = 0x7f0fce600000 [pid 5984] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5984] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5987] <... munmap resumed>) = 0 [pid 5984] rename(NULL, NULL [pid 5987] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5984] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5988] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5987] close(3 [pid 5984] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5987] <... close resumed>) = 0 [pid 5987] close(4) = 0 [pid 5987] mkdir("./bus", 0777) = 0 [pid 5987] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5984] <... openat resumed>) = 5 [pid 5984] exit_group(0) = ? [pid 5989] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5984] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [ 120.440665][ T5987] loop2: detected capacity change from 0 to 4096 [pid 5842] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./26/binderfs") = 0 [pid 5987] <... mount resumed>) = 0 [pid 5842] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5987] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5987] chdir("./bus") = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... umount2 resumed>) = 0 [pid 5988] <... write resumed>) = 2097152 [pid 5987] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5987] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5987] memfd_create("syzkaller", 0) = 4 [pid 5842] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5988] munmap(0x7f0fce600000, 138412032 [pid 5987] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5987] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5989] <... write resumed>) = 2097152 [pid 5988] <... munmap resumed>) = 0 [pid 5987] <... write resumed>) = 32768 [pid 5842] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./26/bus" [pid 5987] munmap(0x7f0fce600000, 138412032 [pid 5842] <... rmdir resumed>) = 0 [pid 5987] <... munmap resumed>) = 0 [pid 5842] getdents64(3, [pid 5987] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5987] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] close(3 [pid 5987] close(4 [pid 5842] <... close resumed>) = 0 [pid 5987] <... close resumed>) = 0 [pid 5842] rmdir("./26" [pid 5987] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] <... rmdir resumed>) = 0 [pid 5987] <... prlimit64 resumed>NULL) = 0 [pid 5842] mkdir("./27", 0777 [pid 5987] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] <... mkdir resumed>) = 0 [pid 5987] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5987] sched_setaffinity(0, 0, NULL [pid 5842] <... openat resumed>) = 3 [pid 5987] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5987] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] <... ioctl resumed>) = 0 [pid 5987] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] close(3 [pid 5987] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5987] <... openat resumed>) = 4 [pid 5988] ioctl(4, LOOP_SET_FD, 3 [pid 5987] read(4, [pid 5989] munmap(0x7f0fce600000, 138412032) = 0 [pid 5988] <... ioctl resumed>) = 0 [pid 5988] close(3) = 0 [pid 5988] close(4) = 0 [pid 5988] mkdir("./bus", 0777 [pid 5989] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5988] <... mkdir resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5989] <... openat resumed>) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3 [pid 5988] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5989] <... ioctl resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5989] close(3) = 0 ./strace-static-x86_64: Process 5990 attached [pid 5989] close(4 [pid 5990] set_robust_list(0x555579e09760, 24 [pid 5989] <... close resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5990 [pid 5990] <... set_robust_list resumed>) = 0 [pid 5989] mkdir("./bus", 0777 [pid 5990] chdir("./27") = 0 [pid 5989] <... mkdir resumed>) = 0 [pid 5990] prctl(PR_SET_PDEATHSIG, SIGKILL [ 120.573146][ T5988] loop0: detected capacity change from 0 to 4096 [ 120.609679][ T5989] loop1: detected capacity change from 0 to 4096 [pid 5989] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5990] <... prctl resumed>) = 0 [pid 5988] <... mount resumed>) = 0 [pid 5990] setpgid(0, 0) = 0 [pid 5990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5988] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5990] <... openat resumed>) = 3 [pid 5990] write(3, "1000", 4 [pid 5988] chdir("./bus" [pid 5990] <... write resumed>) = 4 [pid 5990] close(3 [pid 5988] <... chdir resumed>) = 0 [pid 5990] <... close resumed>) = 0 [pid 5990] symlink("/dev/binderfs", "./binderfs" [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 5990] <... symlink resumed>) = 0 [pid 5988] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5990] write(1, "executing program\n", 18) = 18 [pid 5990] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5988] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5990] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5988] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5990] memfd_create("syzkaller", 0 [pid 5988] memfd_create("syzkaller", 0) = 4 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5988] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5988] munmap(0x7f0fce600000, 138412032) = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5990] <... memfd_create resumed>) = 3 [pid 5988] close(4 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5988] <... close resumed>) = 0 [pid 5988] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5988] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5988] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5988] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5988] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5988] read(4, [pid 5986] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5989] <... mount resumed>) = 0 [pid 5986] sched_setaffinity(0, 0, NULL [pid 5989] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5986] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5989] <... openat resumed>) = 3 [pid 5986] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5989] chdir("./bus" [pid 5986] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5989] <... chdir resumed>) = 0 [pid 5986] rename(NULL, NULL [pid 5989] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5986] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5989] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5986] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5989] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5989] memfd_create("syzkaller", 0) = 4 [pid 5986] exit_group(0 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5986] <... exit_group resumed>) = ? [pid 5989] <... mmap resumed>) = 0x7f0fce600000 [pid 5989] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5986] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5986, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5989] <... write resumed>) = 32768 [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5989] munmap(0x7f0fce600000, 138412032 [pid 5841] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5989] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5989] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] <... openat resumed>) = 3 [pid 5989] close(4 [pid 5841] newfstatat(3, "", [pid 5989] <... close resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5989] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5989] <... prlimit64 resumed>NULL) = 0 [pid 5841] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5989] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./26/binderfs") = 0 [pid 5989] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5989] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5989] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... umount2 resumed>) = 0 [pid 5989] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5989] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5989] read(4, [pid 5841] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5990] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./26/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./26") = 0 [pid 5841] mkdir("./27", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5990] <... write resumed>) = 2097152 [pid 5990] munmap(0x7f0fce600000, 138412032) = 0 [pid 5841] <... close resumed>) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5990] ioctl(4, LOOP_SET_FD, 3 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5992 attached [pid 5987] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5992 [pid 5990] <... ioctl resumed>) = 0 [pid 5987] sched_setaffinity(0, 0, NULL [pid 5990] close(3 [pid 5987] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5990] <... close resumed>) = 0 [pid 5987] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5990] close(4 [pid 5987] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5992] set_robust_list(0x555579e09760, 24 [pid 5990] <... close resumed>) = 0 [pid 5987] rename(NULL, NULL [pid 5992] <... set_robust_list resumed>) = 0 [pid 5990] mkdir("./bus", 0777 [pid 5987] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5992] chdir("./27" [pid 5990] <... mkdir resumed>) = 0 [pid 5987] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5992] <... chdir resumed>) = 0 [pid 5990] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5992] setpgid(0, 0) = 0 [pid 5987] <... openat resumed>) = 5 [pid 5992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5987] exit_group(0) = ? [pid 5992] <... openat resumed>) = 3 [pid 5992] write(3, "1000", 4) = 4 [pid 5987] +++ exited with 0 +++ [ 120.898618][ T5990] loop4: detected capacity change from 0 to 4096 [pid 5992] close(3) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5992] symlink("/dev/binderfs", "./binderfs" [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5992] <... symlink resumed>) = 0 [pid 5840] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5992] write(1, "executing program\n", 18 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5992] <... write resumed>) = 18 [pid 5840] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5992] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5992] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5992] memfd_create("syzkaller", 0 [pid 5840] unlink("./26/binderfs") = 0 [pid 5840] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5992] <... memfd_create resumed>) = 3 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5992] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./26/bus") = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./26") = 0 [pid 5840] mkdir("./27", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5990] <... mount resumed>) = 0 [pid 5990] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5990] chdir("./bus") = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5990] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5840] <... close resumed>) = 0 [pid 5990] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5990] memfd_create("syzkaller", 0) = 4 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5990] <... mmap resumed>) = 0x7f0fce600000 [pid 5990] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768./strace-static-x86_64: Process 5993 attached [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5993 [pid 5993] set_robust_list(0x555579e09760, 24 [pid 5990] <... write resumed>) = 32768 [pid 5993] <... set_robust_list resumed>) = 0 [pid 5992] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5990] munmap(0x7f0fce600000, 138412032 [pid 5993] chdir("./27") = 0 [pid 5990] <... munmap resumed>) = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5990] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5993] <... prctl resumed>) = 0 [pid 5990] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5993] setpgid(0, 0 [pid 5990] close(4 [pid 5993] <... setpgid resumed>) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5990] <... close resumed>) = 0 [pid 5990] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5993] <... openat resumed>) = 3 [pid 5990] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5993] write(3, "1000", 4 [pid 5990] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5993] <... write resumed>) = 4 [pid 5990] sched_setaffinity(0, 0, NULL [pid 5993] close(3 [pid 5990] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5993] <... close resumed>) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs" [pid 5990] sched_setscheduler(0, SCHED_RR, NULL [pid 5993] <... symlink resumed>) = 0 [pid 5990] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5990] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5990] read(4, [pid 5993] write(1, "executing program\n", 18executing program ) = 18 [pid 5993] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5993] memfd_create("syzkaller", 0) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5989] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5989] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5989] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5989] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5989] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5992] <... write resumed>) = 2097152 [pid 5989] exit_group(0) = ? [pid 5992] munmap(0x7f0fce600000, 138412032 [pid 5989] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5989, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5992] <... munmap resumed>) = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5992] <... openat resumed>) = 4 [pid 5992] ioctl(4, LOOP_SET_FD, 3 [pid 5839] <... openat resumed>) = 3 [pid 5993] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 5992] <... ioctl resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5992] close(3) = 0 [pid 5992] close(4) = 0 [pid 5992] mkdir("./bus", 0777) = 0 [pid 5839] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5992] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./27/binderfs") = 0 [pid 5839] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5839] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 121.218041][ T5992] loop3: detected capacity change from 0 to 4096 [pid 5839] newfstatat(AT_FDCWD, "./27/bus", [pid 5993] <... write resumed>) = 2097152 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5992] <... mount resumed>) = 0 [pid 5839] newfstatat(4, "", [pid 5993] munmap(0x7f0fce600000, 138412032 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 5992] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5992] chdir("./bus" [pid 5839] getdents64(4, [pid 5992] <... chdir resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] close(4 [pid 5992] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... close resumed>) = 0 [pid 5992] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5993] <... munmap resumed>) = 0 [pid 5839] rmdir("./27/bus" [pid 5992] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5992] memfd_create("syzkaller", 0) = 4 [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5992] <... mmap resumed>) = 0x7f0fce600000 [pid 5992] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] getdents64(3, [pid 5993] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5992] <... write resumed>) = 32768 [pid 5992] munmap(0x7f0fce600000, 138412032) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5993] <... openat resumed>) = 4 [pid 5992] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5992] close(4 [pid 5839] close(3 [pid 5992] <... close resumed>) = 0 [pid 5993] ioctl(4, LOOP_SET_FD, 3 [pid 5992] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5839] <... close resumed>) = 0 [pid 5992] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5992] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5992] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5992] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5992] read(4, [pid 5839] rmdir("./27") = 0 [pid 5993] <... ioctl resumed>) = 0 [pid 5839] mkdir("./28", 0777 [pid 5993] close(3) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5993] close(4 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5993] <... close resumed>) = 0 [ 121.333922][ T5993] loop2: detected capacity change from 0 to 4096 [pid 5993] mkdir("./bus", 0777) = 0 [pid 5993] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5994 attached [pid 5993] <... mount resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5994 [pid 5994] set_robust_list(0x555579e09760, 24 [pid 5993] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5994] <... set_robust_list resumed>) = 0 [pid 5994] chdir("./28" [pid 5993] <... openat resumed>) = 3 [pid 5990] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5994] <... chdir resumed>) = 0 [pid 5993] chdir("./bus" [pid 5994] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5993] <... chdir resumed>) = 0 [pid 5994] <... prctl resumed>) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5994] setpgid(0, 0 [pid 5993] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5994] <... setpgid resumed>) = 0 [pid 5994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5990] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5994] write(3, "1000", 4 [pid 5993] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5990] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5994] <... write resumed>) = 4 [pid 5993] memfd_create("syzkaller", 0 [pid 5990] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5990] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5990] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5994] close(3) = 0 [pid 5993] <... memfd_create resumed>) = 4 [pid 5990] <... openat resumed>) = 5 [pid 5990] exit_group(0) = ? [pid 5994] symlink("/dev/binderfs", "./binderfs" [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5994] <... symlink resumed>) = 0 [pid 5993] <... mmap resumed>) = 0x7f0fce600000 [pid 5993] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768executing program [pid 5994] write(1, "executing program\n", 18) = 18 [pid 5990] +++ exited with 0 +++ [pid 5994] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5990, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5993] <... write resumed>) = 32768 [pid 5994] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5993] munmap(0x7f0fce600000, 138412032 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5993] <... munmap resumed>) = 0 [pid 5994] memfd_create("syzkaller", 0 [pid 5842] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5994] <... memfd_create resumed>) = 3 [pid 5993] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] newfstatat(3, "", [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5993] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5994] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5993] close(4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5993] <... close resumed>) = 0 [pid 5993] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5842] newfstatat(AT_FDCWD, "./27/binderfs", [pid 5993] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5993] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] unlink("./27/binderfs" [pid 5993] sched_setaffinity(0, 0, NULL [pid 5842] <... unlink resumed>) = 0 [pid 5993] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5993] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5993] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5993] read(4, [pid 5842] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5842] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./27/bus", [pid 5994] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 5988] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 5988] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5988] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5988] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5988] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5988] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] close(4 [pid 5988] <... openat resumed>) = 5 [pid 5842] <... close resumed>) = 0 [pid 5988] exit_group(0 [pid 5842] rmdir("./27/bus" [pid 5988] <... exit_group resumed>) = ? [pid 5842] <... rmdir resumed>) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5992] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5988] +++ exited with 0 +++ [pid 5842] rmdir("./27" [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- [pid 5842] <... rmdir resumed>) = 0 [pid 5992] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5992] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5842] mkdir("./28", 0777 [pid 5992] rename(NULL, NULL [pid 5838] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5992] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5992] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] <... mkdir resumed>) = 0 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] getdents64(3, [pid 5992] <... openat resumed>) = 5 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5992] exit_group(0) = ? [pid 5842] <... openat resumed>) = 3 [pid 5838] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... ioctl resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5842] close(3 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5992] +++ exited with 0 +++ [pid 5838] unlink("./26/binderfs" [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5992, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5994] <... write resumed>) = 2097152 [pid 5838] <... unlink resumed>) = 0 [pid 5994] munmap(0x7f0fce600000, 138412032 [pid 5838] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./27/binderfs", [pid 5838] <... umount2 resumed>) = 0 [pid 5994] <... munmap resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./27/binderfs" [pid 5994] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... close resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5838] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5994] <... openat resumed>) = 4 [pid 5838] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5994] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] <... umount2 resumed>) = 0 [pid 5838] newfstatat(4, "", [pid 5841] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] getdents64(4, [pid 5841] newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5995 attached [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5995] set_robust_list(0x555579e09760, 24 [pid 5838] getdents64(4, [pid 5995] <... set_robust_list resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] close(4 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 5995 [pid 5838] <... close resumed>) = 0 [pid 5995] chdir("./28" [pid 5841] <... openat resumed>) = 4 [pid 5838] rmdir("./26/bus") = 0 [pid 5994] <... ioctl resumed>) = 0 [pid 5995] <... chdir resumed>) = 0 [pid 5841] newfstatat(4, "", [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5838] close(3 [pid 5994] close(3) = 0 [pid 5994] close(4) = 0 [pid 5994] mkdir("./bus", 0777) = 0 [pid 5994] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5995] <... prctl resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5995] setpgid(0, 0 [pid 5838] rmdir("./26" [pid 5995] <... setpgid resumed>) = 0 [pid 5841] getdents64(4, [pid 5838] <... rmdir resumed>) = 0 [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] mkdir("./27", 0777 [pid 5995] <... openat resumed>) = 3 [pid 5841] close(4) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 5841] rmdir("./27/bus" [pid 5995] write(3, "1000", 4 [pid 5841] <... rmdir resumed>) = 0 [pid 5995] <... write resumed>) = 4 [pid 5995] close(3 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5995] <... close resumed>) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs" [pid 5838] <... openat resumed>) = 3 [pid 5995] <... symlink resumed>) = 0 [pid 5841] getdents64(3, executing program [pid 5995] write(1, "executing program\n", 18 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5995] <... write resumed>) = 18 [pid 5838] <... ioctl resumed>) = 0 [pid 5995] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5841] close(3 [pid 5995] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] close(3 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./27" [pid 5995] memfd_create("syzkaller", 0 [pid 5841] <... rmdir resumed>) = 0 [ 121.692552][ T5994] loop1: detected capacity change from 0 to 4096 [pid 5841] mkdir("./28", 0777 [pid 5995] <... memfd_create resumed>) = 3 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5994] <... mount resumed>) = 0 [pid 5994] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5994] chdir("./bus") = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5994] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5994] memfd_create("syzkaller", 0) = 4 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5994] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5841] <... openat resumed>) = 3 [pid 5994] munmap(0x7f0fce600000, 138412032) = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5994] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5994] close(4) = 0 [pid 5994] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5995] <... mmap resumed>) = 0x7f0fce600000 [pid 5994] <... prlimit64 resumed>NULL) = 0 [pid 5994] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] <... ioctl resumed>) = 0 [pid 5994] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5994] sched_setaffinity(0, 0, NULL [pid 5841] close(3 [pid 5994] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5994] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5994] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5994] read(4, [pid 5838] <... close resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555579e09750) = 5996 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5996 attached [pid 5996] set_robust_list(0x555579e09760, 24./strace-static-x86_64: Process 5997 attached [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 5997 [pid 5997] set_robust_list(0x555579e09760, 24) = 0 [pid 5997] chdir("./28") = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5997] setpgid(0, 0) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5997] write(3, "1000", 4) = 4 [pid 5997] close(3) = 0 [pid 5997] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5997] write(1, "executing program\n", 18) = 18 [pid 5997] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5996] <... set_robust_list resumed>) = 0 [pid 5995] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5996] chdir("./27") = 0 [pid 5997] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5997] memfd_create("syzkaller", 0 [pid 5996] <... prctl resumed>) = 0 [pid 5997] <... memfd_create resumed>) = 3 [pid 5996] setpgid(0, 0 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5996] <... setpgid resumed>) = 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5996] write(3, "1000", 4) = 4 executing program [pid 5996] close(3) = 0 [pid 5996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5996] write(1, "executing program\n", 18) = 18 [pid 5996] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5996] memfd_create("syzkaller", 0) = 3 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5995] <... write resumed>) = 2097152 [pid 5993] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5995] munmap(0x7f0fce600000, 138412032 [pid 5993] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5993] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5993] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5993] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5995] <... munmap resumed>) = 0 [pid 5993] <... openat resumed>) = 5 [pid 5993] exit_group(0) = ? [pid 5995] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5993] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} --- [pid 5996] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5995] <... openat resumed>) = 4 [pid 5840] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5997] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5995] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", [pid 5995] <... ioctl resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5995] close(3 [pid 5840] getdents64(3, [pid 5995] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5995] close(4 [pid 5840] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5995] <... close resumed>) = 0 [pid 5995] mkdir("./bus", 0777 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./27/binderfs", [pid 5995] <... mkdir resumed>) = 0 [pid 5995] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./27/binderfs") = 0 [pid 5997] <... write resumed>) = 2097152 [pid 5840] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5997] munmap(0x7f0fce600000, 138412032) = 0 [pid 5996] <... write resumed>) = 2097152 [pid 5996] munmap(0x7f0fce600000, 138412032 [pid 5840] <... umount2 resumed>) = 0 [ 121.967680][ T5995] loop4: detected capacity change from 0 to 4096 [pid 5997] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5996] <... munmap resumed>) = 0 [pid 5997] <... openat resumed>) = 4 [pid 5840] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5997] ioctl(4, LOOP_SET_FD, 3 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5996] <... openat resumed>) = 4 [pid 5840] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5996] ioctl(4, LOOP_SET_FD, 3 [pid 5994] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5997] <... ioctl resumed>) = 0 [pid 5997] close(3) = 0 [pid 5997] close(4) = 0 [pid 5994] sched_setaffinity(0, 0, NULL [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5997] mkdir("./bus", 0777 [pid 5994] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... close resumed>) = 0 [pid 5997] <... mkdir resumed>) = 0 [pid 5994] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] rmdir("./27/bus" [pid 5994] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5994] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5997] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5994] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5996] <... ioctl resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5996] close(3 [pid 5840] getdents64(3, [pid 5996] <... close resumed>) = 0 [pid 5996] close(4 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5996] <... close resumed>) = 0 [pid 5840] close(3 [pid 5996] mkdir("./bus", 0777 [pid 5994] exit_group(0 [pid 5840] <... close resumed>) = 0 [pid 5996] <... mkdir resumed>) = 0 [pid 5994] <... exit_group resumed>) = ? [pid 5840] rmdir("./27" [pid 5996] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5995] <... mount resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./28", 0777 [pid 5995] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5995] chdir("./bus") = 0 [pid 5995] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5995] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5995] memfd_create("syzkaller", 0) = 4 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5994] +++ exited with 0 +++ [pid 5995] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5994, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5840] <... mkdir resumed>) = 0 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [ 122.037117][ T5997] loop3: detected capacity change from 0 to 4096 [ 122.058105][ T5996] loop0: detected capacity change from 0 to 4096 [pid 5995] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... restart_syscall resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5997] <... mount resumed>) = 0 [pid 5995] munmap(0x7f0fce600000, 138412032 [pid 5840] <... ioctl resumed>) = 0 [pid 5839] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5995] <... munmap resumed>) = 0 [pid 5840] close(3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5995] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5995] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5995] close(4) = 0 [pid 5995] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5995] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5995] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5997] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5995] sched_setscheduler(0, SCHED_RR, NULL [pid 5997] <... openat resumed>) = 3 [pid 5995] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5997] chdir("./bus" [pid 5995] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5997] <... chdir resumed>) = 0 [pid 5995] <... openat resumed>) = 4 [pid 5995] read(4, [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", [pid 5997] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5997] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] getdents64(3, [pid 5997] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5997] memfd_create("syzkaller", 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5997] <... memfd_create resumed>) = 4 [pid 5839] unlink("./28/binderfs" [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5997] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] <... unlink resumed>) = 0 [pid 5839] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5997] <... write resumed>) = 32768 [pid 5997] munmap(0x7f0fce600000, 138412032 [pid 5996] <... mount resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5997] <... munmap resumed>) = 0 [pid 5996] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5997] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5997] close(4) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./28/bus" [pid 5996] <... openat resumed>) = 3 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, [pid 5997] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5997] <... prlimit64 resumed>NULL) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./28") = 0 [pid 5839] mkdir("./29", 0777 [pid 5997] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5839] <... mkdir resumed>) = 0 [pid 5997] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5997] sched_setaffinity(0, 0, NULL [pid 5839] <... openat resumed>) = 3 [pid 5997] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5997] sched_setscheduler(0, SCHED_RR, NULL [pid 5839] <... ioctl resumed>) = 0 [pid 5997] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5839] close(3 [pid 5997] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5996] chdir("./bus" [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5997] <... openat resumed>) = 4 [pid 5996] <... chdir resumed>) = 0 [pid 5997] read(4, ./strace-static-x86_64: Process 5998 attached [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5998] set_robust_list(0x555579e09760, 24) = 0 [pid 5996] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 5998 [pid 5998] chdir("./28" [pid 5996] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5998] <... chdir resumed>) = 0 [pid 5996] memfd_create("syzkaller", 0 [pid 5998] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5996] <... memfd_create resumed>) = 4 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5996] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5998] <... prctl resumed>) = 0 [pid 5996] munmap(0x7f0fce600000, 138412032 [pid 5998] setpgid(0, 0 [pid 5996] <... munmap resumed>) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5998] <... setpgid resumed>) = 0 [pid 5998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5996] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5996] close(4) = 0 [pid 5998] write(3, "1000", 4) = 4 [pid 5996] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5998] close(3 [pid 5996] <... prlimit64 resumed>NULL) = 0 [pid 5998] <... close resumed>) = 0 [pid 5998] symlink("/dev/binderfs", "./binderfs" [pid 5996] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5998] <... symlink resumed>) = 0 [pid 5996] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5996] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5996] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5839] <... close resumed>) = 0 [pid 5996] read(4, executing program [pid 5998] write(1, "executing program\n", 18 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5998] <... write resumed>) = 18 [pid 5998] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16./strace-static-x86_64: Process 5999 attached ) = -1 EBADF (Bad file descriptor) [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 5999 [pid 5999] set_robust_list(0x555579e09760, 24) = 0 [pid 5998] memfd_create("syzkaller", 0 [pid 5999] chdir("./29") = 0 [pid 5998] <... memfd_create resumed>) = 3 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] write(1, "executing program\n", 18executing program ) = 18 [pid 5999] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5999] memfd_create("syzkaller", 0) = 3 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5998] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5999] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5998] munmap(0x7f0fce600000, 138412032) = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5998] close(3) = 0 [pid 5999] <... write resumed>) = 2097152 [pid 5998] close(4 [pid 5999] munmap(0x7f0fce600000, 138412032 [pid 5995] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5998] <... close resumed>) = 0 [pid 5995] sched_setaffinity(0, 0, NULL [pid 5999] <... munmap resumed>) = 0 [pid 5998] mkdir("./bus", 0777 [pid 5995] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5999] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5995] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5999] <... openat resumed>) = 4 [pid 5998] <... mkdir resumed>) = 0 [pid 5995] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5999] ioctl(4, LOOP_SET_FD, 3 [pid 5998] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5995] rename(NULL, NULL) = -1 EFAULT (Bad address) [ 122.442816][ T5998] loop2: detected capacity change from 0 to 4096 [pid 5995] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5995] exit_group(0) = ? [pid 5995] +++ exited with 0 +++ [pid 5999] <... ioctl resumed>) = 0 [pid 5999] close(3 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5999] <... close resumed>) = 0 [pid 5999] close(4 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5999] <... close resumed>) = 0 [pid 5999] mkdir("./bus", 0777) = 0 [pid 5999] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5997] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5997] sched_setaffinity(0, 0, NULL [pid 5842] getdents64(3, [pid 5997] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5997] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5842] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5997] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5997] rename(NULL, NULL [pid 5842] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5997] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5997] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] unlink("./28/binderfs") = 0 [pid 5842] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5997] <... openat resumed>) = 5 [ 122.499283][ T5999] loop1: detected capacity change from 0 to 4096 [pid 5997] exit_group(0 [pid 5842] <... umount2 resumed>) = 0 [pid 5997] <... exit_group resumed>) = ? [pid 5998] <... mount resumed>) = 0 [pid 5998] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5998] chdir("./bus") = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5998] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5998] memfd_create("syzkaller", 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5998] <... memfd_create resumed>) = 4 [pid 5842] newfstatat(AT_FDCWD, "./28/bus", [pid 5999] <... mount resumed>) = 0 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5997] +++ exited with 0 +++ [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5999] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5998] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [pid 5998] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5999] <... openat resumed>) = 3 [pid 5998] <... write resumed>) = 32768 [pid 5842] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... restart_syscall resumed>) = 0 [pid 5999] chdir("./bus" [pid 5998] munmap(0x7f0fce600000, 138412032 [pid 5842] <... openat resumed>) = 4 [pid 5999] <... chdir resumed>) = 0 [pid 5998] <... munmap resumed>) = 0 [pid 5842] newfstatat(4, "", [pid 5999] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5998] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5999] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5998] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] getdents64(4, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5999] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5998] close(4 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5999] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5998] <... close resumed>) = 0 [pid 5842] getdents64(4, [pid 5841] <... openat resumed>) = 3 [pid 5999] memfd_create("syzkaller", 0 [pid 5998] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] newfstatat(3, "", [pid 5999] <... memfd_create resumed>) = 4 [pid 5998] <... prlimit64 resumed>NULL) = 0 [pid 5842] close(4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5998] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] <... close resumed>) = 0 [pid 5841] getdents64(3, [pid 5999] <... mmap resumed>) = 0x7f0fce600000 [pid 5998] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] rmdir("./28/bus" [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5998] sched_setaffinity(0, 0, NULL [pid 5842] <... rmdir resumed>) = 0 [pid 5841] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] getdents64(3, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5999] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5998] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5998] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5999] <... write resumed>) = 32768 [pid 5998] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5842] <... close resumed>) = 0 [pid 5841] unlink("./28/binderfs" [pid 5999] munmap(0x7f0fce600000, 138412032 [pid 5998] <... openat resumed>) = 4 [pid 5842] rmdir("./28" [pid 5841] <... unlink resumed>) = 0 [pid 5999] <... munmap resumed>) = 0 [pid 5841] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... rmdir resumed>) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5998] read(4, [pid 5842] mkdir("./29", 0777 [pid 5999] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5999] close(4 [pid 5842] <... mkdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5999] <... close resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5999] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5999] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] <... openat resumed>) = 3 [pid 5999] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5999] sched_setaffinity(0, 0, NULL [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5999] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... ioctl resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./28/bus", [pid 5999] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5999] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5999] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5841] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./28/bus") = 0 [pid 5999] <... openat resumed>) = 4 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./28") = 0 [pid 5841] mkdir("./29", 0777 [pid 5999] read(4, [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6000 attached [pid 6000] set_robust_list(0x555579e09760, 24 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6000 [pid 6000] <... set_robust_list resumed>) = 0 [pid 6000] chdir("./29" [pid 5841] <... close resumed>) = 0 [pid 6000] <... chdir resumed>) = 0 [pid 6000] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6000] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 6001 attached [pid 6000] setpgid(0, 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6001 [pid 6001] set_robust_list(0x555579e09760, 24) = 0 [pid 6001] chdir("./29") = 0 [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6000] <... setpgid resumed>) = 0 [pid 6001] <... prctl resumed>) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3) = 0 [pid 6001] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6001] write(1, "executing program\n", 18) = 18 [pid 6001] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6001] memfd_create("syzkaller", 0 [pid 6000] <... openat resumed>) = 3 [pid 6001] <... memfd_create resumed>) = 3 [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6000] write(3, "1000", 4) = 4 [pid 6000] close(3) = 0 [pid 6000] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6000] write(1, "executing program\n", 18) = 18 [pid 6000] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6000] memfd_create("syzkaller", 0) = 3 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6001] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6000] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5998] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5998] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5998] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5998] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5998] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5998] exit_group(0) = ? [pid 5998] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5998, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5999] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6001] <... write resumed>) = 2097152 [pid 6000] <... write resumed>) = 2097152 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6001] munmap(0x7f0fce600000, 138412032 [pid 5999] sched_setaffinity(0, 0, NULL [pid 6001] <... munmap resumed>) = 0 [pid 6000] munmap(0x7f0fce600000, 138412032 [pid 5999] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5999] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5999] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5999] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5999] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5999] <... openat resumed>) = 5 [pid 5840] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5999] exit_group(0 [pid 5840] <... openat resumed>) = 3 [pid 5999] <... exit_group resumed>) = ? [pid 5840] newfstatat(3, "", [pid 5999] +++ exited with 0 +++ [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6000] <... munmap resumed>) = 0 [pid 5840] getdents64(3, [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 6001] <... openat resumed>) = 4 [pid 6000] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5840] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... restart_syscall resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./28/binderfs", [pid 6001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6000] <... openat resumed>) = 4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6000] ioctl(4, LOOP_SET_FD, 3 [pid 5840] unlink("./28/binderfs" [pid 5839] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... unlink resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5996] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6001] close(3 [pid 6000] <... ioctl resumed>) = 0 [pid 5996] sched_setaffinity(0, 0, NULL [pid 5840] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6001] <... close resumed>) = 0 [pid 6000] close(3 [pid 5996] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6001] close(4 [pid 5996] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] <... openat resumed>) = 3 [pid 6001] <... close resumed>) = 0 [pid 5996] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6001] mkdir("./bus", 0777 [pid 6000] <... close resumed>) = 0 [pid 5996] rename(NULL, NULL [pid 5839] newfstatat(3, "", [pid 6001] <... mkdir resumed>) = 0 [pid 5996] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5996] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6001] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 6000] close(4 [pid 5996] <... openat resumed>) = 5 [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6000] <... close resumed>) = 0 [pid 5996] exit_group(0 [pid 5840] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] getdents64(3, [pid 6000] mkdir("./bus", 0777 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6000] <... mkdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(AT_FDCWD, "./28/bus", [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5996] <... exit_group resumed>) = ? [pid 5839] unlink("./29/binderfs" [pid 5840] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6000] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5996] +++ exited with 0 +++ [pid 5840] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", [pid 5839] <... unlink resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5840] getdents64(4, [pid 5838] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(4, [pid 5839] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW [ 123.060342][ T6001] loop3: detected capacity change from 0 to 4096 [ 123.068020][ T6000] loop4: detected capacity change from 0 to 4096 [pid 5838] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5840] rmdir("./28/bus") = 0 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5839] <... umount2 resumed>) = 0 [pid 6001] <... mount resumed>) = 0 [pid 6001] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6001] <... openat resumed>) = 3 [pid 5840] close(3) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] rmdir("./28" [pid 5838] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6001] chdir("./bus" [pid 5840] <... rmdir resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6001] <... chdir resumed>) = 0 [pid 5839] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] newfstatat(AT_FDCWD, "./27/binderfs", [pid 6001] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] mkdir("./29", 0777 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6001] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6000] <... mount resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./29/bus", [pid 5838] unlink("./27/binderfs" [pid 6001] memfd_create("syzkaller", 0 [pid 6000] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... unlink resumed>) = 0 [pid 6001] <... memfd_create resumed>) = 4 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6000] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6001] <... mmap resumed>) = 0x7f0fce600000 [pid 6000] chdir("./bus" [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6000] <... chdir resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 6000] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] close(3 [pid 6001] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] newfstatat(4, "", [pid 6001] <... write resumed>) = 32768 [pid 6000] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6000] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] getdents64(4, [pid 6000] memfd_create("syzkaller", 0 [pid 6001] munmap(0x7f0fce600000, 138412032) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./29/bus") = 0 [pid 5838] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] getdents64(3, [pid 5838] newfstatat(AT_FDCWD, "./27/bus", [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6000] <... memfd_create resumed>) = 4 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] close(3) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] rmdir("./29" [pid 5838] <... openat resumed>) = 4 [pid 5839] <... rmdir resumed>) = 0 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] mkdir("./30", 0777 [pid 5838] close(4 [pid 5839] <... mkdir resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./27/bus" [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5838] <... rmdir resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5838] close(3 [pid 6000] <... mmap resumed>) = 0x7f0fce600000 [pid 6001] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6000] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6001] close(4 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./27" [pid 6000] <... write resumed>) = 32768 [pid 6001] <... close resumed>) = 0 [pid 6000] munmap(0x7f0fce600000, 138412032 [pid 5838] <... rmdir resumed>) = 0 [pid 6001] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6000] <... munmap resumed>) = 0 [pid 6001] <... prlimit64 resumed>NULL) = 0 [pid 6001] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6000] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6001] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6000] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6001] sched_setaffinity(0, 0, NULL [pid 6000] close(4 [pid 5838] mkdir("./28", 0777 [pid 6001] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6001] sched_setscheduler(0, SCHED_RR, NULL [pid 6000] <... close resumed>) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 6001] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6000] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6001] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6000] <... prlimit64 resumed>NULL) = 0 [pid 6001] <... openat resumed>) = 4 [pid 6000] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 6001] read(4, [pid 6000] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6000] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5840] <... close resumed>) = 0 [pid 6000] sched_setscheduler(0, SCHED_RR, NULL [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6000] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6002 ./strace-static-x86_64: Process 6002 attached [pid 6000] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6002] set_robust_list(0x555579e09760, 24 [pid 6000] <... openat resumed>) = 4 [pid 6002] <... set_robust_list resumed>) = 0 [pid 6000] read(4, [pid 5839] <... close resumed>) = 0 [pid 6002] chdir("./29" [pid 5838] <... close resumed>) = 0 [pid 6002] <... chdir resumed>) = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6002] setpgid(0, 0) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 6003 attached [pid 6003] set_robust_list(0x555579e09760, 24 [pid 6002] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6004 attached [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6003 [pid 6004] set_robust_list(0x555579e09760, 24) = 0 [pid 6004] chdir("./30" [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6004 [pid 6004] <... chdir resumed>) = 0 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6004] setpgid(0, 0) = 0 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6003] <... set_robust_list resumed>) = 0 [pid 6002] write(3, "1000", 4 [pid 6003] chdir("./28" [pid 6002] <... write resumed>) = 4 [pid 6002] close(3 [pid 6003] <... chdir resumed>) = 0 executing program executing program [pid 6004] write(3, "1000", 4 [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6002] <... close resumed>) = 0 [pid 6003] <... prctl resumed>) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs" [pid 6004] <... write resumed>) = 4 [pid 6003] setpgid(0, 0 [pid 6002] <... symlink resumed>) = 0 [pid 6004] close(3) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6004] write(1, "executing program\n", 18) = 18 [pid 6004] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6004] memfd_create("syzkaller", 0) = 3 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6003] <... setpgid resumed>) = 0 [pid 6002] write(1, "executing program\n", 18 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6002] <... write resumed>) = 18 [pid 6002] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6003] <... openat resumed>) = 3 [pid 6002] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3 [pid 6002] memfd_create("syzkaller", 0executing program [pid 6003] <... close resumed>) = 0 [pid 6002] <... memfd_create resumed>) = 3 [pid 6003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6003] write(1, "executing program\n", 18) = 18 [pid 6002] <... mmap resumed>) = 0x7f0fce600000 [pid 6003] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6004] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6002] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6004] <... write resumed>) = 2097152 [pid 6003] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6002] <... write resumed>) = 2097152 [pid 6004] munmap(0x7f0fce600000, 138412032 [pid 6002] munmap(0x7f0fce600000, 138412032) = 0 [pid 6004] <... munmap resumed>) = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6002] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6004] <... openat resumed>) = 4 [pid 6002] <... openat resumed>) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3 [pid 6004] ioctl(4, LOOP_SET_FD, 3 [pid 6003] <... write resumed>) = 2097152 [pid 6003] munmap(0x7f0fce600000, 138412032 [pid 6002] <... ioctl resumed>) = 0 [pid 6004] <... ioctl resumed>) = 0 [pid 6003] <... munmap resumed>) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6004] close(3 [pid 6002] close(3 [pid 6004] <... close resumed>) = 0 [pid 6002] <... close resumed>) = 0 [pid 6003] ioctl(4, LOOP_SET_FD, 3 [pid 6004] close(4 [pid 6002] close(4 [pid 6004] <... close resumed>) = 0 [pid 6002] <... close resumed>) = 0 [pid 6002] mkdir("./bus", 0777) = 0 [pid 6004] mkdir("./bus", 0777) = 0 [pid 6002] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 6004] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6003] <... ioctl resumed>) = 0 [pid 6003] close(3 [pid 6002] <... mount resumed>) = 0 [pid 6001] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6003] <... close resumed>) = 0 [pid 6001] sched_setaffinity(0, 0, NULL [pid 6003] close(4 [pid 6001] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6003] <... close resumed>) = 0 [pid 6002] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [ 123.497354][ T6002] loop2: detected capacity change from 0 to 4096 [ 123.505513][ T6004] loop1: detected capacity change from 0 to 4096 [ 123.527965][ T6003] loop0: detected capacity change from 0 to 4096 [pid 6001] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6003] mkdir("./bus", 0777 [pid 6002] <... openat resumed>) = 3 [pid 6001] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6003] <... mkdir resumed>) = 0 [pid 6002] chdir("./bus" [pid 6001] rename(NULL, NULL [pid 6003] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6002] <... chdir resumed>) = 0 [pid 6001] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6002] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6002] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6004] <... mount resumed>) = 0 [pid 6002] memfd_create("syzkaller", 0 [pid 6001] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6004] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6002] <... memfd_create resumed>) = 4 [pid 6004] <... openat resumed>) = 3 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6004] chdir("./bus" [pid 6002] <... mmap resumed>) = 0x7f0fce600000 [pid 6001] <... openat resumed>) = 5 [pid 6004] <... chdir resumed>) = 0 [pid 6002] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6001] exit_group(0 [pid 6004] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6001] <... exit_group resumed>) = ? [pid 6004] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6004] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6002] <... write resumed>) = 32768 [pid 6001] +++ exited with 0 +++ [pid 6004] memfd_create("syzkaller", 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 6004] <... memfd_create resumed>) = 4 [pid 6002] munmap(0x7f0fce600000, 138412032 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6002] <... munmap resumed>) = 0 [pid 6004] <... mmap resumed>) = 0x7f0fce600000 [pid 6004] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5841] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6002] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6002] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6004] <... write resumed>) = 32768 [pid 6002] close(4) = 0 [pid 6004] munmap(0x7f0fce600000, 138412032) = 0 [pid 6002] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5841] newfstatat(3, "", [pid 6004] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6002] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6004] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6002] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(3, [pid 6002] sched_setaffinity(0, 0, NULL [pid 6004] close(4 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6004] <... close resumed>) = 0 [pid 6003] <... mount resumed>) = 0 [pid 6002] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6004] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6002] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6004] <... prlimit64 resumed>NULL) = 0 [pid 6002] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6004] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6002] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5841] newfstatat(AT_FDCWD, "./29/binderfs", [pid 6004] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6002] <... openat resumed>) = 4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6004] sched_setaffinity(0, 0, NULL [pid 6002] read(4, [pid 5841] unlink("./29/binderfs" [pid 6004] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6003] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5841] <... unlink resumed>) = 0 [pid 6004] sched_setscheduler(0, SCHED_RR, NULL [pid 6003] <... openat resumed>) = 3 [pid 6004] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6003] chdir("./bus" [pid 5841] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6004] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6003] <... chdir resumed>) = 0 [pid 6004] <... openat resumed>) = 4 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6004] read(4, [pid 6003] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6003] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6003] memfd_create("syzkaller", 0) = 4 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6003] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5841] <... umount2 resumed>) = 0 [pid 6003] <... write resumed>) = 32768 [pid 6003] munmap(0x7f0fce600000, 138412032 [pid 5841] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6003] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", [pid 6003] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6003] close(4 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./29/bus") = 0 [pid 5841] getdents64(3, [pid 6003] <... close resumed>) = 0 [pid 6003] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6003] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6003] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6003] sched_setaffinity(0, 0, NULL [pid 5841] close(3 [pid 6003] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6003] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... close resumed>) = 0 [pid 6003] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6003] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5841] rmdir("./29" [pid 6003] <... openat resumed>) = 4 [pid 5841] <... rmdir resumed>) = 0 [pid 6003] read(4, [pid 5841] mkdir("./30", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached [pid 6005] set_robust_list(0x555579e09760, 24) = 0 [pid 6005] chdir("./30") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6005 [pid 6005] <... setpgid resumed>) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6005] write(1, "executing program\n", 18) = 18 [pid 6005] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6005] memfd_create("syzkaller", 0) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6000] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6000] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6000] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6000] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6000] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6005] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6000] <... openat resumed>) = 5 [pid 6000] exit_group(0) = ? [pid 6000] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6000, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./29/binderfs") = 0 [pid 5842] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6003] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6003] sched_setaffinity(0, 0, NULL [pid 5842] close(4 [pid 6005] <... write resumed>) = 2097152 [pid 6003] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... close resumed>) = 0 [pid 6005] munmap(0x7f0fce600000, 138412032 [pid 6003] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5842] rmdir("./29/bus" [pid 6003] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6003] rename(NULL, NULL [pid 5842] <... rmdir resumed>) = 0 [pid 6003] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6003] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 6003] <... openat resumed>) = 5 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./29" [pid 6003] exit_group(0) = ? [pid 5842] <... rmdir resumed>) = 0 [pid 5842] mkdir("./30", 0777 [pid 6003] +++ exited with 0 +++ [pid 5842] <... mkdir resumed>) = 0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6005] <... munmap resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5838] <... restart_syscall resumed>) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 6005] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... ioctl resumed>) = 0 [pid 5838] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] close(3 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./28/binderfs") = 0 [pid 5838] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6005] <... ioctl resumed>) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4) = 0 [pid 6005] mkdir("./bus", 0777 [pid 5838] <... umount2 resumed>) = 0 [pid 6005] <... mkdir resumed>) = 0 [pid 6005] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 6004] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6004] sched_setaffinity(0, 0, NULL [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4 [pid 6004] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [ 124.125549][ T6005] loop3: detected capacity change from 0 to 4096 [pid 6004] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5838] <... close resumed>) = 0 [pid 6004] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6004] rename(NULL, NULL [pid 5838] rmdir("./28/bus" [pid 6004] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5838] <... rmdir resumed>) = 0 [pid 6004] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5842] <... close resumed>) = 0 [pid 5838] rmdir("./28" [pid 6004] <... openat resumed>) = 5 [pid 5838] <... rmdir resumed>) = 0 [pid 6004] exit_group(0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6004] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 6006 attached [pid 5838] mkdir("./29", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6006] set_robust_list(0x555579e09760, 24 [pid 6005] <... mount resumed>) = 0 [pid 6004] +++ exited with 0 +++ [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6006 [pid 5838] <... openat resumed>) = 3 [pid 6006] <... set_robust_list resumed>) = 0 [pid 6005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5838] ioctl(3, LOOP_CLR_FD [pid 6006] chdir("./30" [pid 6005] <... openat resumed>) = 3 [pid 5838] <... ioctl resumed>) = 0 [pid 6006] <... chdir resumed>) = 0 [pid 6005] chdir("./bus" [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6004, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6005] <... chdir resumed>) = 0 [pid 6006] <... prctl resumed>) = 0 [pid 5839] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6005] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6006] setpgid(0, 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(3 [pid 6006] <... setpgid resumed>) = 0 [pid 6005] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6006] <... openat resumed>) = 3 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6006] write(3, "1000", 4 [pid 6005] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] newfstatat(AT_FDCWD, "./30/binderfs", [pid 6006] <... write resumed>) = 4 [pid 6005] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6005] memfd_create("syzkaller", 0 [pid 5839] unlink("./30/binderfs" [pid 6006] close(3 [pid 6005] <... memfd_create resumed>) = 4 [pid 5839] <... unlink resumed>) = 0 [pid 6006] <... close resumed>) = 0 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6005] <... mmap resumed>) = 0x7f0fce600000 [pid 6006] write(1, "executing program\n", 18 [pid 6005] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] <... umount2 resumed>) = 0 executing program [pid 6006] <... write resumed>) = 18 [pid 6005] <... write resumed>) = 32768 [pid 6006] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6006] memfd_create("syzkaller", 0 [pid 6005] munmap(0x7f0fce600000, 138412032 [pid 5839] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6005] <... munmap resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./30/bus", [pid 6005] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6005] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6006] <... memfd_create resumed>) = 3 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6005] close(4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6005] <... close resumed>) = 0 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6007 attached [pid 5839] getdents64(4, [pid 6006] <... mmap resumed>) = 0x7f0fce600000 [pid 6005] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6007] set_robust_list(0x555579e09760, 24 [pid 6005] <... prlimit64 resumed>NULL) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6005] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6007] <... set_robust_list resumed>) = 0 [pid 6007] chdir("./29") = 0 [pid 6007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6007] setpgid(0, 0) = 0 [pid 6007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6005] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6007] <... openat resumed>) = 3 [pid 6005] sched_setaffinity(0, 0, NULL [pid 5839] getdents64(4, [pid 6005] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6007 [pid 5839] close(4 [pid 6007] write(3, "1000", 4) = 4 [pid 6007] close(3) = 0 [pid 5839] <... close resumed>) = 0 [pid 6007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6005] sched_setscheduler(0, SCHED_RR, NULL [pid 5839] rmdir("./30/bus" [pid 6007] write(1, "executing program\n", 18executing program [pid 6005] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... rmdir resumed>) = 0 [pid 6007] <... write resumed>) = 18 [pid 6007] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6005] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5839] getdents64(3, [pid 6005] <... openat resumed>) = 4 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6007] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6005] read(4, [pid 6007] memfd_create("syzkaller", 0 [pid 5839] close(3 [pid 6007] <... memfd_create resumed>) = 3 [pid 5839] <... close resumed>) = 0 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5839] rmdir("./30") = 0 [pid 5839] mkdir("./31", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3) = 0 [pid 6006] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6007] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 6008 attached [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6008 [pid 6008] set_robust_list(0x555579e09760, 24) = 0 [pid 6008] chdir("./31" [pid 6006] <... write resumed>) = 2097152 [pid 6008] <... chdir resumed>) = 0 [pid 6006] munmap(0x7f0fce600000, 138412032 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6006] <... munmap resumed>) = 0 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs" [pid 6006] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6008] <... symlink resumed>) = 0 [pid 6006] <... openat resumed>) = 4 executing program [pid 6008] write(1, "executing program\n", 18 [pid 6006] ioctl(4, LOOP_SET_FD, 3 [pid 6008] <... write resumed>) = 18 [pid 6008] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6008] memfd_create("syzkaller", 0) = 3 [pid 6007] <... write resumed>) = 2097152 [pid 6006] <... ioctl resumed>) = 0 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6007] munmap(0x7f0fce600000, 138412032 [pid 6006] close(3) = 0 [pid 6006] close(4) = 0 [pid 6006] mkdir("./bus", 0777) = 0 [pid 6006] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 6007] <... munmap resumed>) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 124.495004][ T6006] loop4: detected capacity change from 0 to 4096 [pid 6007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6007] close(3) = 0 [pid 6007] close(4) = 0 [pid 6007] mkdir("./bus", 0777) = 0 [pid 6007] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6006] <... mount resumed>) = 0 [ 124.549022][ T6007] loop0: detected capacity change from 0 to 4096 [pid 6006] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6008] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6006] <... openat resumed>) = 3 [pid 6006] chdir("./bus") = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6006] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6006] memfd_create("syzkaller", 0) = 4 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6006] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6007] <... mount resumed>) = 0 [pid 6006] munmap(0x7f0fce600000, 138412032) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6007] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6006] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6007] <... openat resumed>) = 3 [pid 6006] close(4 [pid 6007] chdir("./bus") = 0 [pid 6006] <... close resumed>) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6006] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6007] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6006] <... prlimit64 resumed>NULL) = 0 [pid 6006] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6007] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6006] sched_setaffinity(0, 0, NULL [pid 6007] memfd_create("syzkaller", 0 [pid 6006] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6007] <... memfd_create resumed>) = 4 [pid 6006] sched_setscheduler(0, SCHED_RR, NULL [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6006] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6007] <... mmap resumed>) = 0x7f0fce600000 [pid 6006] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6007] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6006] <... openat resumed>) = 4 [pid 6006] read(4, [pid 6007] <... write resumed>) = 32768 [pid 6007] munmap(0x7f0fce600000, 138412032) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6007] close(4) = 0 [pid 6007] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6008] <... write resumed>) = 2097152 [pid 6007] <... prlimit64 resumed>NULL) = 0 [pid 6007] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6008] munmap(0x7f0fce600000, 138412032 [pid 6007] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6007] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6008] <... munmap resumed>) = 0 [pid 6007] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6007] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6007] read(4, [pid 6008] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6008] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6008] close(3) = 0 [pid 6002] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6002] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6002] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6002] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6008] close(4) = 0 [pid 6008] mkdir("./bus", 0777 [pid 6002] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6008] <... mkdir resumed>) = 0 [ 124.732541][ T6008] loop1: detected capacity change from 0 to 4096 [pid 6008] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6002] <... openat resumed>) = 5 [pid 6002] exit_group(0) = ? [pid 6002] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./29/binderfs") = 0 [pid 5840] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5840] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", [pid 6008] <... mount resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6008] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] getdents64(4, [pid 6008] <... openat resumed>) = 3 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6008] chdir("./bus" [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6008] <... chdir resumed>) = 0 [pid 5840] close(4 [pid 6008] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./29/bus") = 0 [pid 6008] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] getdents64(3, [pid 6008] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6008] memfd_create("syzkaller", 0 [pid 5840] close(3 [pid 6008] <... memfd_create resumed>) = 4 [pid 5840] <... close resumed>) = 0 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] rmdir("./29" [pid 6008] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./30", 0777 [pid 6008] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5840] <... mkdir resumed>) = 0 [pid 6008] <... write resumed>) = 32768 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6008] munmap(0x7f0fce600000, 138412032) = 0 [pid 5840] <... openat resumed>) = 3 [pid 6008] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6008] close(4 [pid 5840] <... ioctl resumed>) = 0 [pid 6008] <... close resumed>) = 0 [pid 5840] close(3 [pid 6008] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6008] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6008] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6008] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6008] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6008] read(4, [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached , child_tidptr=0x555579e09750) = 6009 [pid 6007] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6009] set_robust_list(0x555579e09760, 24) = 0 [pid 6007] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6009] chdir("./30") = 0 [pid 6007] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6007] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6009] <... prctl resumed>) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6007] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6009] <... openat resumed>) = 3 [pid 6007] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6007] <... openat resumed>) = 5 executing program [pid 6009] write(1, "executing program\n", 18) = 18 [pid 6009] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6007] exit_group(0) = ? [pid 6009] memfd_create("syzkaller", 0 [pid 6007] +++ exited with 0 +++ [pid 6009] <... memfd_create resumed>) = 3 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6007, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... restart_syscall resumed>) = 0 [pid 6009] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./29/binderfs") = 0 [pid 5838] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6009] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./29/bus") = 0 [pid 6005] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] getdents64(3, [pid 6005] sched_setaffinity(0, 0, NULL [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6005] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(3 [pid 6005] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./29" [pid 6005] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] <... rmdir resumed>) = 0 [pid 5838] mkdir("./30", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 6005] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6005] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6008] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6008] sched_setaffinity(0, 0, NULL [pid 6005] <... openat resumed>) = 5 [pid 5838] <... close resumed>) = 0 [pid 6008] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6008] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6005] exit_group(0 [pid 6008] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6008] rename(NULL, NULL./strace-static-x86_64: Process 6010 attached ) = -1 EFAULT (Bad address) [pid 6008] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6005] <... exit_group resumed>) = ? [pid 6010] set_robust_list(0x555579e09760, 24) = 0 [pid 6010] chdir("./30" [pid 6008] <... openat resumed>) = 5 [pid 6008] exit_group(0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6010 [pid 6010] <... chdir resumed>) = 0 [pid 6008] <... exit_group resumed>) = ? [pid 6005] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 6010] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6008] +++ exited with 0 +++ [pid 6010] <... prctl resumed>) = 0 [pid 6010] setpgid(0, 0) = 0 [pid 6010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 6010] write(3, "1000", 4) = 4 [pid 6010] close(3) = 0 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6010] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6010] write(1, "executing program\n", 18) = 18 [pid 6010] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6010] memfd_create("syzkaller", 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./30/binderfs") = 0 [pid 6010] <... memfd_create resumed>) = 3 [pid 5841] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6009] <... write resumed>) = 2097152 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5839] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6009] munmap(0x7f0fce600000, 138412032 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] <... umount2 resumed>) = 0 [pid 5839] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5841] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./31/binderfs" [pid 5841] newfstatat(AT_FDCWD, "./30/bus", [pid 5839] <... unlink resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 6009] <... munmap resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6009] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... close resumed>) = 0 [pid 6009] <... openat resumed>) = 4 [pid 5839] newfstatat(AT_FDCWD, "./31/bus", [pid 6009] ioctl(4, LOOP_SET_FD, 3 [pid 5841] rmdir("./30/bus" [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./30") = 0 [pid 5841] mkdir("./31", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 6009] <... ioctl resumed>) = 0 [pid 5839] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] close(3 [pid 6009] close(3 [pid 5839] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6010] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... openat resumed>) = 4 [pid 6009] <... close resumed>) = 0 [pid 6009] close(4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6009] <... close resumed>) = 0 [pid 5839] getdents64(4, [pid 6009] mkdir("./bus", 0777 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6009] <... mkdir resumed>) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6009] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5839] close(4) = 0 [pid 5839] rmdir("./31/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./31") = 0 [ 125.339340][ T6009] loop2: detected capacity change from 0 to 4096 [pid 5839] mkdir("./32", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6006] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5841] <... close resumed>) = 0 [pid 6006] sched_setaffinity(0, 0, NULL [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6006] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6011 attached [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6011 [pid 6006] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6011] set_robust_list(0x555579e09760, 24 [pid 6006] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6011] <... set_robust_list resumed>) = 0 [pid 6010] <... write resumed>) = 2097152 [pid 6006] rename(NULL, NULL [pid 6010] munmap(0x7f0fce600000, 138412032 [pid 6011] chdir("./31" [pid 6006] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6006] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6011] <... chdir resumed>) = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0 [pid 6010] <... munmap resumed>) = 0 [pid 6011] <... setpgid resumed>) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6006] <... openat resumed>) = 5 [pid 6010] <... openat resumed>) = 4 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6010] ioctl(4, LOOP_SET_FD, 3 [pid 6011] <... openat resumed>) = 3 [pid 6009] <... mount resumed>) = 0 [pid 6006] exit_group(0 [pid 6011] write(3, "1000", 4 [pid 6009] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6006] <... exit_group resumed>) = ? [pid 6011] <... write resumed>) = 4 [pid 6011] close(3 [pid 6009] <... openat resumed>) = 3 [pid 6006] +++ exited with 0 +++ [pid 6011] <... close resumed>) = 0 [pid 6009] chdir("./bus" [pid 6011] symlink("/dev/binderfs", "./binderfs" [pid 6009] <... chdir resumed>) = 0 executing program [pid 6011] <... symlink resumed>) = 0 [pid 6011] write(1, "executing program\n", 18 [pid 6009] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6011] <... write resumed>) = 18 [pid 6011] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- [pid 6011] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6009] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6011] memfd_create("syzkaller", 0 [pid 6009] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] <... openat resumed>) = 3 [pid 5842] newfstatat(3, "", [pid 5839] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6009] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6011] <... memfd_create resumed>) = 3 [pid 6009] memfd_create("syzkaller", 0 [pid 5842] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6010] <... ioctl resumed>) = 0 [pid 6009] <... memfd_create resumed>) = 4 [pid 5842] unlink("./30/binderfs"./strace-static-x86_64: Process 6012 attached [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6010] close(3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... unlink resumed>) = 0 [pid 6012] set_robust_list(0x555579e09760, 24 [pid 6011] <... mmap resumed>) = 0x7f0fce600000 [pid 6010] <... close resumed>) = 0 [pid 5842] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6009] <... mmap resumed>) = 0x7f0fce600000 [pid 6012] <... set_robust_list resumed>) = 0 [pid 6010] close(4 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6012 [pid 6012] chdir("./32" [pid 6009] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6012] <... chdir resumed>) = 0 [pid 6010] <... close resumed>) = 0 [pid 6009] <... write resumed>) = 32768 [pid 6012] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6010] mkdir("./bus", 0777 [pid 6009] munmap(0x7f0fce600000, 138412032 [pid 5842] <... umount2 resumed>) = 0 [pid 6012] <... prctl resumed>) = 0 [pid 6010] <... mkdir resumed>) = 0 [pid 6009] <... munmap resumed>) = 0 [pid 6012] setpgid(0, 0 [pid 6010] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6009] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6012] <... setpgid resumed>) = 0 [pid 6009] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6009] close(4 [pid 6012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6009] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 125.467175][ T6010] loop0: detected capacity change from 0 to 4096 [pid 6012] <... openat resumed>) = 3 [pid 6009] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] newfstatat(AT_FDCWD, "./30/bus", [pid 6009] <... prlimit64 resumed>NULL) = 0 [pid 6012] write(3, "1000", 4 [pid 6009] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6009] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6012] <... write resumed>) = 4 [pid 6009] sched_setaffinity(0, 0, NULL [pid 5842] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6012] close(3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6012] <... close resumed>) = 0 [pid 6009] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6012] symlink("/dev/binderfs", "./binderfs" [pid 6009] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] <... openat resumed>) = 4 [pid 6009] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6009] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6012] <... symlink resumed>) = 0 [pid 6009] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 6012] write(1, "executing program\n", 18 [pid 5842] getdents64(4, [pid 6012] <... write resumed>) = 18 [pid 6009] read(4, [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6012] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] getdents64(4, [pid 6012] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6012] memfd_create("syzkaller", 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./30/bus") = 0 [pid 6012] <... memfd_create resumed>) = 3 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] close(3 [pid 6012] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./30") = 0 [pid 5842] mkdir("./31", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6011] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6011] munmap(0x7f0fce600000, 138412032 [pid 5842] <... close resumed>) = 0 [pid 6011] <... munmap resumed>) = 0 [pid 6010] <... mount resumed>) = 0 [pid 6010] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6013 attached [pid 6010] <... openat resumed>) = 3 [pid 6010] chdir("./bus") = 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6013 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6010] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6010] memfd_create("syzkaller", 0) = 4 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6010] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6010] munmap(0x7f0fce600000, 138412032) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6010] close(4) = 0 [pid 6013] set_robust_list(0x555579e09760, 24 [pid 6011] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6013] <... set_robust_list resumed>) = 0 [pid 6010] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6010] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6010] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6013] chdir("./31" [pid 6012] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6011] <... openat resumed>) = 4 [pid 6010] sched_setscheduler(0, SCHED_RR, NULL [pid 6013] <... chdir resumed>) = 0 [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6010] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6010] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6010] read(4, [pid 6013] setpgid(0, 0 [pid 6011] ioctl(4, LOOP_SET_FD, 3 [pid 6013] <... setpgid resumed>) = 0 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6013] write(3, "1000", 4) = 4 [pid 6013] close(3) = 0 [pid 6013] symlink("/dev/binderfs", "./binderfs" [pid 6011] <... ioctl resumed>) = 0 executing program [pid 6013] <... symlink resumed>) = 0 [pid 6012] <... write resumed>) = 2097152 [pid 6011] close(3) = 0 [pid 6013] write(1, "executing program\n", 18 [pid 6011] close(4 [pid 6013] <... write resumed>) = 18 [pid 6011] <... close resumed>) = 0 [pid 6013] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6012] munmap(0x7f0fce600000, 138412032 [pid 6011] mkdir("./bus", 0777 [pid 6013] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6013] memfd_create("syzkaller", 0) = 3 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6011] <... mkdir resumed>) = 0 [pid 6013] <... mmap resumed>) = 0x7f0fce600000 [pid 6012] <... munmap resumed>) = 0 [ 125.696605][ T6011] loop3: detected capacity change from 0 to 4096 [pid 6011] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 6012] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6012] close(3) = 0 [pid 6012] close(4) = 0 [pid 6012] mkdir("./bus", 0777) = 0 [pid 6012] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6011] <... mount resumed>) = 0 [ 125.771919][ T6012] loop1: detected capacity change from 0 to 4096 [pid 6011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6013] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6011] <... openat resumed>) = 3 [pid 6011] chdir("./bus") = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6011] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6011] memfd_create("syzkaller", 0) = 4 [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6011] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6012] <... mount resumed>) = 0 [pid 6011] munmap(0x7f0fce600000, 138412032) = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6012] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6011] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6012] chdir("./bus" [pid 6011] close(4 [pid 6012] <... chdir resumed>) = 0 [pid 6011] <... close resumed>) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6012] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6011] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6012] memfd_create("syzkaller", 0 [pid 6011] <... prlimit64 resumed>NULL) = 0 [pid 6012] <... memfd_create resumed>) = 4 [pid 6011] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6011] sched_setaffinity(0, 0, NULL [pid 6012] <... mmap resumed>) = 0x7f0fce600000 [pid 6011] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6012] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6011] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6011] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6012] <... write resumed>) = 32768 [pid 6011] read(4, [pid 6012] munmap(0x7f0fce600000, 138412032) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6012] close(4) = 0 [pid 6013] <... write resumed>) = 2097152 [pid 6012] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6012] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6013] munmap(0x7f0fce600000, 138412032 [pid 6012] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6009] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6012] sched_setaffinity(0, 0, NULL [pid 6013] <... munmap resumed>) = 0 [pid 6012] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6013] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6012] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6013] <... openat resumed>) = 4 [pid 6012] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6009] sched_setaffinity(0, 0, NULL [pid 6013] ioctl(4, LOOP_SET_FD, 3 [pid 6012] <... openat resumed>) = 4 [pid 6009] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6012] read(4, [pid 6009] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6009] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6009] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6013] <... ioctl resumed>) = 0 [pid 6013] close(3) = 0 [pid 6009] <... openat resumed>) = 5 [pid 6013] close(4) = 0 [pid 6013] mkdir("./bus", 0777 [pid 6009] exit_group(0) = ? [pid 6013] <... mkdir resumed>) = 0 [pid 6009] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5840] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6013] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 125.956646][ T6013] loop4: detected capacity change from 0 to 4096 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./30/binderfs") = 0 [pid 5840] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5840] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 6013] <... mount resumed>) = 0 [pid 5840] rmdir("./30/bus") = 0 [pid 6013] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6013] chdir("./bus") = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] getdents64(3, [pid 6013] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6013] memfd_create("syzkaller", 0 [pid 5840] close(3 [pid 6013] <... memfd_create resumed>) = 4 [pid 5840] <... close resumed>) = 0 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] rmdir("./30") = 0 [pid 6013] <... mmap resumed>) = 0x7f0fce600000 [pid 6013] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5840] mkdir("./31", 0777 [pid 6013] <... write resumed>) = 32768 [pid 5840] <... mkdir resumed>) = 0 [pid 6013] munmap(0x7f0fce600000, 138412032 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6013] <... munmap resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 6013] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 6013] close(4 [pid 5840] close(3 [pid 6013] <... close resumed>) = 0 [pid 6010] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6010] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6010] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6010] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6010] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6013] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6013] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6013] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6010] <... openat resumed>) = 5 [pid 6010] exit_group(0) = ? [pid 6010] +++ exited with 0 +++ [pid 6013] sched_setscheduler(0, SCHED_RR, NULL [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6010, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 6013] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6013] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5838] <... restart_syscall resumed>) = 0 [pid 6013] <... openat resumed>) = 4 [pid 6013] read(4, [pid 5838] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... close resumed>) = 0 [pid 5838] unlink("./30/binderfs") = 0 [pid 5838] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6014 attached , child_tidptr=0x555579e09750) = 6014 [pid 5838] <... umount2 resumed>) = 0 [pid 5838] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6014] set_robust_list(0x555579e09760, 24 [pid 5838] close(4 [pid 6014] <... set_robust_list resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 6014] chdir("./31") = 0 [pid 5838] rmdir("./30/bus" [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5838] <... rmdir resumed>) = 0 [pid 6014] <... prctl resumed>) = 0 [pid 5838] getdents64(3, [pid 6014] setpgid(0, 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6014] <... setpgid resumed>) = 0 [pid 5838] close(3 [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./30" [pid 6014] <... openat resumed>) = 3 [pid 5838] <... rmdir resumed>) = 0 [pid 6014] write(3, "1000", 4) = 4 [pid 5838] mkdir("./31", 0777 [pid 6014] close(3) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 6014] symlink("/dev/binderfs", "./binderfs" [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6014] <... symlink resumed>) = 0 [pid 5838] <... openat resumed>) = 3 executing program [pid 6014] write(1, "executing program\n", 18) = 18 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 6014] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5838] <... ioctl resumed>) = 0 [pid 6014] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6014] memfd_create("syzkaller", 0 [pid 5838] close(3 [pid 6014] <... memfd_create resumed>) = 3 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5838] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6015 attached , child_tidptr=0x555579e09750) = 6015 [pid 6015] set_robust_list(0x555579e09760, 24) = 0 [pid 6015] chdir("./31") = 0 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6015] setpgid(0, 0) = 0 [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6015] write(3, "1000", 4) = 4 [pid 6015] close(3) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6015] write(1, "executing program\n", 18) = 18 [pid 6015] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6015] memfd_create("syzkaller", 0) = 3 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6012] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6011] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6012] sched_setaffinity(0, 0, NULL [pid 6014] <... write resumed>) = 2097152 [pid 6012] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6011] sched_setaffinity(0, 0, NULL [pid 6014] munmap(0x7f0fce600000, 138412032 [pid 6012] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6011] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6014] <... munmap resumed>) = 0 [pid 6012] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6011] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6012] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6012] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6012] exit_group(0) = ? [pid 6011] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6011] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6011] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6011] exit_group(0) = ? [pid 6014] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6012] +++ exited with 0 +++ [pid 6014] <... openat resumed>) = 4 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6012, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 6014] ioctl(4, LOOP_SET_FD, 3 [pid 6011] +++ exited with 0 +++ [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6015] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./32/binderfs") = 0 [pid 5839] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6014] <... ioctl resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5841] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6014] close(3 [pid 5841] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6014] <... close resumed>) = 0 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./31/binderfs" [pid 6015] <... write resumed>) = 2097152 [pid 5841] <... unlink resumed>) = 0 [pid 6014] close(4) = 0 [pid 5839] newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6014] mkdir("./bus", 0777) = 0 [pid 5839] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6015] munmap(0x7f0fce600000, 138412032 [pid 6014] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5839] getdents64(4, [pid 5841] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./32/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 6015] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [ 126.445792][ T6014] loop2: detected capacity change from 0 to 4096 [pid 5839] rmdir("./32" [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5839] <... rmdir resumed>) = 0 [pid 6015] <... openat resumed>) = 4 [pid 5839] mkdir("./33", 0777 [pid 6015] ioctl(4, LOOP_SET_FD, 3 [pid 5839] <... mkdir resumed>) = 0 [pid 5841] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... openat resumed>) = 3 [pid 5841] <... openat resumed>) = 4 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./31/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./31") = 0 [pid 5841] mkdir("./32", 0777) = 0 [pid 6015] <... ioctl resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 6015] close(3) = 0 [pid 6015] close(4) = 0 [ 126.513605][ T6015] loop0: detected capacity change from 0 to 4096 [pid 6015] mkdir("./bus", 0777) = 0 [pid 5839] <... close resumed>) = 0 [pid 6015] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6014] <... mount resumed>) = 0 [pid 6014] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6014] chdir("./bus") = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6014] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5841] <... close resumed>) = 0 [pid 6014] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6016 attached [pid 6016] set_robust_list(0x555579e09760, 24 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6016 [pid 6016] <... set_robust_list resumed>) = 0 [pid 6016] chdir("./33") = 0 [pid 6016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6016] setpgid(0, 0) = 0 [pid 6016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6014] <... memfd_create resumed>) = 4 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 6016] write(3, "1000", 4 [pid 6014] <... mmap resumed>) = 0x7f0fce600000 [pid 6016] <... write resumed>) = 4 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6016] close(3) = 0 [pid 6016] symlink("/dev/binderfs", "./binderfs" [pid 6014] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6016] <... symlink resumed>) = 0 [pid 6014] <... write resumed>) = 32768 ./strace-static-x86_64: Process 6017 attached [pid 6016] write(1, "executing program\n", 18 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6017 [pid 6016] <... write resumed>) = 18 [pid 6017] set_robust_list(0x555579e09760, 24 [pid 6016] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6014] munmap(0x7f0fce600000, 138412032 [pid 6016] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6016] memfd_create("syzkaller", 0 [pid 6014] <... munmap resumed>) = 0 [pid 6017] <... set_robust_list resumed>) = 0 [pid 6017] chdir("./32" [pid 6014] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6016] <... memfd_create resumed>) = 3 [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6017] <... chdir resumed>) = 0 [pid 6014] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] close(4 [pid 6017] setpgid(0, 0 [pid 6014] <... close resumed>) = 0 [pid 6017] <... setpgid resumed>) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6014] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6017] <... openat resumed>) = 3 [pid 6014] <... prlimit64 resumed>NULL) = 0 [pid 6017] write(3, "1000", 4 [pid 6014] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6017] <... write resumed>) = 4 [pid 6014] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6017] close(3 [pid 6014] sched_setaffinity(0, 0, NULL [pid 6017] <... close resumed>) = 0 [pid 6014] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6017] symlink("/dev/binderfs", "./binderfs" [pid 6014] sched_setscheduler(0, SCHED_RR, NULL [pid 6017] <... symlink resumed>) = 0 [pid 6014] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6017] write(1, "executing program\n", 18 [pid 6014] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLYexecuting program ) = 4 [pid 6017] <... write resumed>) = 18 [pid 6017] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6014] read(4, [pid 6017] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6015] <... mount resumed>) = 0 [pid 6015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6015] chdir("./bus" [pid 6016] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6015] <... chdir resumed>) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6015] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6013] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6015] memfd_create("syzkaller", 0) = 4 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6013] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6013] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6015] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6013] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6013] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6015] <... write resumed>) = 32768 [pid 6013] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6015] munmap(0x7f0fce600000, 138412032) = 0 [pid 6013] <... openat resumed>) = 5 [pid 6013] exit_group(0) = ? [pid 6013] +++ exited with 0 +++ [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- [pid 6015] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6015] close(4) = 0 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6015] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6015] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6015] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6015] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] <... restart_syscall resumed>) = 0 [pid 6015] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6015] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6017] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6015] <... openat resumed>) = 4 [pid 5842] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6015] read(4, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./31/binderfs") = 0 [pid 5842] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5842] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./31/bus") = 0 [pid 6016] <... write resumed>) = 2097152 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./31" [pid 6016] munmap(0x7f0fce600000, 138412032 [pid 5842] <... rmdir resumed>) = 0 [pid 6016] <... munmap resumed>) = 0 [pid 5842] mkdir("./32", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6016] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6016] ioctl(4, LOOP_SET_FD, 3 [pid 6017] <... write resumed>) = 2097152 [pid 6016] <... ioctl resumed>) = 0 [pid 6017] munmap(0x7f0fce600000, 138412032 [pid 6016] close(3) = 0 [pid 6016] close(4) = 0 [pid 6016] mkdir("./bus", 0777) = 0 [pid 6016] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5842] <... close resumed>) = 0 [ 126.829399][ T6016] loop1: detected capacity change from 0 to 4096 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6017] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 6018 attached [pid 6017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6018] set_robust_list(0x555579e09760, 24 [pid 6017] <... openat resumed>) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3 [pid 6018] <... set_robust_list resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6018 [pid 6018] chdir("./32") = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6017] <... ioctl resumed>) = 0 [pid 6018] <... openat resumed>) = 3 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6018] write(1, "executing program\n", 18) = 18 [pid 6018] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6018] memfd_create("syzkaller", 0 [pid 6017] close(3 [pid 6018] <... memfd_create resumed>) = 3 [pid 6017] <... close resumed>) = 0 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6017] close(4 [pid 6018] <... mmap resumed>) = 0x7f0fce600000 [pid 6017] <... close resumed>) = 0 [pid 6017] mkdir("./bus", 0777) = 0 [ 126.929532][ T6017] loop3: detected capacity change from 0 to 4096 [pid 6017] mount("/dev/loop3", "./bus", "ntfs3", 0, "") = 0 [pid 6016] <... mount resumed>) = 0 [pid 6017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./bus") = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6017] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6017] memfd_create("syzkaller", 0) = 4 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6017] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6017] munmap(0x7f0fce600000, 138412032 [pid 6016] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6017] <... munmap resumed>) = 0 [pid 6016] <... openat resumed>) = 3 [pid 6017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6016] chdir("./bus" [pid 6017] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6016] <... chdir resumed>) = 0 [pid 6017] close(4 [pid 6016] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6017] <... close resumed>) = 0 [pid 6016] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6017] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6016] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6017] <... prlimit64 resumed>NULL) = 0 [pid 6016] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6017] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6016] memfd_create("syzkaller", 0 [pid 6017] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6018] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6017] sched_setaffinity(0, 0, NULL [pid 6016] <... memfd_create resumed>) = 4 [pid 6017] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6017] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6017] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6017] read(4, [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6016] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6016] munmap(0x7f0fce600000, 138412032) = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6016] close(4) = 0 [pid 6016] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6018] <... write resumed>) = 2097152 [pid 6016] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6015] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6016] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6015] sched_setaffinity(0, 0, NULL [pid 6016] sched_setaffinity(0, 0, NULL [pid 6015] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6018] munmap(0x7f0fce600000, 138412032 [pid 6016] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6015] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6018] <... munmap resumed>) = 0 [pid 6016] sched_setscheduler(0, SCHED_RR, NULL [pid 6015] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6016] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6015] rename(NULL, NULL [pid 6016] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6015] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6016] <... openat resumed>) = 4 [pid 6015] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6016] read(4, [pid 6018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6015] <... openat resumed>) = 5 [pid 6018] <... openat resumed>) = 4 [pid 6015] exit_group(0) = ? [pid 6018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6018] close(3) = 0 [pid 6018] close(4 [pid 6015] +++ exited with 0 +++ [pid 6018] <... close resumed>) = 0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 6018] mkdir("./bus", 0777) = 0 [pid 6018] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5838] <... restart_syscall resumed>) = 0 [pid 5838] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./31/binderfs") = 0 [ 127.175326][ T6018] loop4: detected capacity change from 0 to 4096 [pid 5838] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6014] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6014] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6014] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5838] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6014] rename(NULL, NULL [pid 5838] newfstatat(4, "", [pid 6014] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6014] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./31/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./31" [pid 6018] <... mount resumed>) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 6018] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6014] <... openat resumed>) = 5 [pid 5838] mkdir("./32", 0777 [pid 6018] <... openat resumed>) = 3 [pid 6014] exit_group(0 [pid 6018] chdir("./bus" [pid 6014] <... exit_group resumed>) = ? [pid 5838] <... mkdir resumed>) = 0 [pid 6018] <... chdir resumed>) = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6018] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6018] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6018] memfd_create("syzkaller", 0 [pid 5838] <... openat resumed>) = 3 [pid 6018] <... memfd_create resumed>) = 4 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6014] +++ exited with 0 +++ [pid 6018] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5838] <... ioctl resumed>) = 0 [pid 6018] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] close(3 [pid 6018] <... write resumed>) = 32768 [pid 5840] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6018] munmap(0x7f0fce600000, 138412032 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6018] <... munmap resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] getdents64(3, [pid 6018] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6018] close(4 [pid 5840] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6018] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5840] newfstatat(AT_FDCWD, "./31/binderfs", [pid 6018] <... prlimit64 resumed>NULL) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6018] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5840] unlink("./31/binderfs" [pid 6018] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... unlink resumed>) = 0 [pid 6018] sched_setaffinity(0, 0, NULL [pid 5840] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6018] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6018] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6018] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6018] read(4, [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6016] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 6016] sched_setaffinity(0, 0, NULL [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6016] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 6016] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] rmdir("./31/bus" [pid 6016] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6019 attached [pid 6016] rename(NULL, NULL [pid 5840] getdents64(3, [pid 6016] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6019] set_robust_list(0x555579e09760, 24 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6019 [pid 6019] <... set_robust_list resumed>) = 0 [pid 6016] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] close(3 [pid 6019] chdir("./32" [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./31" [pid 6019] <... chdir resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] mkdir("./32", 0777 [pid 6019] setpgid(0, 0) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6016] <... openat resumed>) = 5 [pid 6019] <... openat resumed>) = 3 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6019] write(3, "1000", 4 [pid 6016] exit_group(0 [pid 5840] <... openat resumed>) = 3 [pid 6019] <... write resumed>) = 4 [pid 6016] <... exit_group resumed>) = ? [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6019] close(3 [pid 5840] <... ioctl resumed>) = 0 [pid 6019] <... close resumed>) = 0 [pid 5840] close(3 [pid 6019] symlink("/dev/binderfs", "./binderfs" [pid 6016] +++ exited with 0 +++ [pid 6019] <... symlink resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6016, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6019] write(1, "executing program\n", 18 [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", executing program [pid 6019] <... write resumed>) = 18 [pid 6019] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6019] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] getdents64(3, [pid 6019] memfd_create("syzkaller", 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6019] <... memfd_create resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./33/binderfs" [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5840] <... close resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5839] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6020 attached [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6020 [pid 6020] set_robust_list(0x555579e09760, 24) = 0 [pid 6020] chdir("./32") = 0 [pid 5839] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6020] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6020] <... prctl resumed>) = 0 [pid 6020] setpgid(0, 0 [pid 5839] newfstatat(AT_FDCWD, "./33/bus", [pid 6020] <... setpgid resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6020] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6020] write(3, "1000", 4 [pid 5839] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6020] <... write resumed>) = 4 [pid 6020] close(3 [pid 5839] <... openat resumed>) = 4 [pid 6020] <... close resumed>) = 0 [pid 6020] symlink("/dev/binderfs", "./binderfs" [pid 5839] newfstatat(4, "", [pid 6020] <... symlink resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6020] write(1, "executing program\n", 18executing program ) = 18 [pid 5839] getdents64(4, [pid 6020] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6020] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 6020] memfd_create("syzkaller", 0) = 3 [pid 5839] <... close resumed>) = 0 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6019] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] rmdir("./33/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./33") = 0 [pid 5839] mkdir("./34", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6019] <... write resumed>) = 2097152 [pid 6019] munmap(0x7f0fce600000, 138412032) = 0 [pid 6018] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] <... close resumed>) = 0 [pid 6018] sched_setaffinity(0, 0, NULL [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6020] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6018] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6019] <... openat resumed>) = 4 [pid 6018] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6019] ioctl(4, LOOP_SET_FD, 3 [pid 6018] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 6021 attached [pid 6019] <... ioctl resumed>) = 0 [pid 6018] rename(NULL, NULL [pid 6021] set_robust_list(0x555579e09760, 24 [pid 6018] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6021 [pid 6018] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6021] <... set_robust_list resumed>) = 0 [pid 6021] chdir("./34") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6021] write(1, "executing program\n", 18) = 18 [pid 6021] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6019] close(3 [pid 6018] <... openat resumed>) = 5 [pid 6021] memfd_create("syzkaller", 0 [pid 6018] exit_group(0) = ? [pid 6019] <... close resumed>) = 0 [pid 6021] <... memfd_create resumed>) = 3 [pid 6019] close(4 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6019] <... close resumed>) = 0 [pid 6021] <... mmap resumed>) = 0x7f0fce600000 [pid 6019] mkdir("./bus", 0777 [pid 6018] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 6019] <... mkdir resumed>) = 0 [ 127.650337][ T6019] loop0: detected capacity change from 0 to 4096 [pid 6019] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5842] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./32/binderfs") = 0 [pid 5842] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6020] <... write resumed>) = 2097152 [pid 5842] <... umount2 resumed>) = 0 [pid 6020] munmap(0x7f0fce600000, 138412032) = 0 [pid 5842] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6020] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6021] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 6020] <... openat resumed>) = 4 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6020] ioctl(4, LOOP_SET_FD, 3 [pid 6019] <... mount resumed>) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6019] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] close(4) = 0 [pid 5842] rmdir("./32/bus" [pid 6019] <... openat resumed>) = 3 [pid 5842] <... rmdir resumed>) = 0 [pid 6020] <... ioctl resumed>) = 0 [pid 6020] close(3) = 0 [pid 6020] close(4) = 0 [pid 6020] mkdir("./bus", 0777 [pid 6019] chdir("./bus" [pid 6020] <... mkdir resumed>) = 0 [pid 6020] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 6019] <... chdir resumed>) = 0 [pid 5842] getdents64(3, [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6019] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] close(3 [pid 6019] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] <... close resumed>) = 0 [pid 6019] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5842] rmdir("./32") = 0 [pid 6019] memfd_create("syzkaller", 0 [pid 5842] mkdir("./33", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6019] <... memfd_create resumed>) = 4 [pid 5842] <... openat resumed>) = 3 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6020] <... mount resumed>) = 0 [pid 6019] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6020] chdir("./bus") = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6020] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6020] memfd_create("syzkaller", 0 [pid 6019] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6021] <... write resumed>) = 2097152 [pid 6020] <... memfd_create resumed>) = 4 [ 127.778000][ T6020] loop2: detected capacity change from 0 to 4096 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6021] munmap(0x7f0fce600000, 138412032 [pid 6019] <... write resumed>) = 32768 [pid 6017] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6020] <... mmap resumed>) = 0x7f0fce600000 [pid 6019] munmap(0x7f0fce600000, 138412032 [pid 6017] sched_setaffinity(0, 0, NULL [pid 5842] <... close resumed>) = 0 [pid 6019] <... munmap resumed>) = 0 [pid 6017] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6017] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY./strace-static-x86_64: Process 6022 attached [pid 6020] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6019] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6017] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6019] close(4 [pid 6017] rename(NULL, NULL [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6022 [pid 6019] <... close resumed>) = 0 [pid 6017] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6019] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6017] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6022] set_robust_list(0x555579e09760, 24 [pid 6019] <... prlimit64 resumed>NULL) = 0 [pid 6022] <... set_robust_list resumed>) = 0 [pid 6019] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6022] chdir("./33" [pid 6019] sched_setaffinity(0, 0, NULL [pid 6022] <... chdir resumed>) = 0 [pid 6019] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6019] sched_setscheduler(0, SCHED_RR, NULL [pid 6022] <... prctl resumed>) = 0 [pid 6019] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6022] setpgid(0, 0 [pid 6019] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6022] <... setpgid resumed>) = 0 [pid 6019] <... openat resumed>) = 4 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6019] read(4, [pid 6017] <... openat resumed>) = 5 [pid 6020] <... write resumed>) = 32768 [pid 6020] munmap(0x7f0fce600000, 138412032) = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6017] exit_group(0 [pid 6022] <... openat resumed>) = 3 [pid 6020] close(4 [pid 6017] <... exit_group resumed>) = ? [pid 6021] <... munmap resumed>) = 0 [pid 6022] write(3, "1000", 4 [pid 6020] <... close resumed>) = 0 [pid 6017] +++ exited with 0 +++ [pid 6022] <... write resumed>) = 4 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 6022] close(3) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs" [pid 5841] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6021] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6021] <... openat resumed>) = 4 [pid 5841] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6021] ioctl(4, LOOP_SET_FD, 3 [pid 6020] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] <... openat resumed>) = 3 [pid 6022] <... symlink resumed>) = 0 [pid 6020] <... prlimit64 resumed>NULL) = 0 [pid 5841] newfstatat(3, "", executing program [pid 6022] write(1, "executing program\n", 18) = 18 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6022] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6020] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6022] memfd_create("syzkaller", 0 [pid 6020] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./32/binderfs", [pid 6020] sched_setaffinity(0, 0, NULL [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6020] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] unlink("./32/binderfs" [pid 6022] <... memfd_create resumed>) = 3 [pid 6020] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... unlink resumed>) = 0 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6021] <... ioctl resumed>) = 0 [pid 6020] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6022] <... mmap resumed>) = 0x7f0fce600000 [pid 6021] close(3 [pid 6020] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6021] <... close resumed>) = 0 [pid 6020] <... openat resumed>) = 4 [pid 6021] close(4 [pid 6020] read(4, [pid 6021] <... close resumed>) = 0 [pid 6021] mkdir("./bus", 0777 [pid 5841] <... umount2 resumed>) = 0 [pid 6021] <... mkdir resumed>) = 0 [pid 6021] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5841] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./32/bus") = 0 [ 127.909715][ T6021] loop1: detected capacity change from 0 to 4096 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./32") = 0 [pid 5841] mkdir("./33", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6021] <... mount resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6021] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5841] <... ioctl resumed>) = 0 [pid 6021] <... openat resumed>) = 3 [pid 5841] close(3 [pid 6021] chdir("./bus") = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6021] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6022] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6021] memfd_create("syzkaller", 0) = 4 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6021] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6021] munmap(0x7f0fce600000, 138412032) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6021] close(4) = 0 [pid 6021] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6021] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6021] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6021] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6021] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6021] read(4, [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6023 attached [pid 6023] set_robust_list(0x555579e09760, 24) = 0 [pid 6023] chdir("./33") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6023 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6023] write(1, "executing program\n", 18) = 18 [pid 6023] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6023] memfd_create("syzkaller", 0) = 3 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6022] <... write resumed>) = 2097152 [pid 6022] munmap(0x7f0fce600000, 138412032 [pid 6019] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6019] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6019] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6019] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6019] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6022] <... munmap resumed>) = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6022] ioctl(4, LOOP_SET_FD, 3 [pid 6019] <... openat resumed>) = 5 [pid 6019] exit_group(0) = ? [pid 6022] <... ioctl resumed>) = 0 [pid 6022] close(3) = 0 [pid 6022] close(4 [pid 6023] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6022] <... close resumed>) = 0 [pid 6019] +++ exited with 0 +++ [ 128.214839][ T6022] loop4: detected capacity change from 0 to 4096 [pid 6022] mkdir("./bus", 0777 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6019, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 6022] <... mkdir resumed>) = 0 [pid 5838] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6022] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./32/binderfs") = 0 [pid 5838] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6023] <... write resumed>) = 2097152 [pid 5838] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6023] munmap(0x7f0fce600000, 138412032 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6023] <... munmap resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./32/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./32") = 0 [pid 5838] mkdir("./33", 0777 [pid 6023] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6022] <... mount resumed>) = 0 [pid 6023] <... openat resumed>) = 4 [pid 5838] <... mkdir resumed>) = 0 [pid 6023] ioctl(4, LOOP_SET_FD, 3 [pid 6022] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6023] <... ioctl resumed>) = 0 [pid 6022] chdir("./bus") = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6022] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6022] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6022] memfd_create("syzkaller", 0 [pid 5838] <... openat resumed>) = 3 [pid 6022] <... memfd_create resumed>) = 4 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... ioctl resumed>) = 0 [pid 6022] <... mmap resumed>) = 0x7f0fce600000 [pid 5838] close(3 [pid 6022] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6023] close(3 [pid 6022] <... write resumed>) = 32768 [pid 6023] <... close resumed>) = 0 [pid 6023] close(4) = 0 [pid 6023] mkdir("./bus", 0777) = 0 [pid 6022] munmap(0x7f0fce600000, 138412032 [pid 6023] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 6022] <... munmap resumed>) = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6022] close(4) = 0 [ 128.380895][ T6023] loop3: detected capacity change from 0 to 4096 [pid 5838] <... close resumed>) = 0 [pid 6022] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6022] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6022] sched_setaffinity(0, 0, NULL [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6024 attached [pid 6022] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6024] set_robust_list(0x555579e09760, 24) = 0 [pid 6024] chdir("./33" [pid 6022] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6022] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6024] <... chdir resumed>) = 0 [pid 6022] read(4, [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6024 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6024] write(1, "executing program\n", 18) = 18 [pid 6024] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6020] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6024] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6024] memfd_create("syzkaller", 0 [pid 6020] sched_setaffinity(0, 0, NULL [pid 6024] <... memfd_create resumed>) = 3 [pid 6020] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6020] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6024] <... mmap resumed>) = 0x7f0fce600000 [pid 6020] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6020] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6020] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6023] <... mount resumed>) = 0 [pid 6023] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6020] <... openat resumed>) = 5 [pid 6023] <... openat resumed>) = 3 [pid 6023] chdir("./bus") = 0 [pid 6020] exit_group(0 [pid 6023] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6020] <... exit_group resumed>) = ? [pid 6023] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6023] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6023] memfd_create("syzkaller", 0) = 4 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6023] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6020] +++ exited with 0 +++ [pid 6023] <... write resumed>) = 32768 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6020, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- [pid 6023] munmap(0x7f0fce600000, 138412032 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6023] <... munmap resumed>) = 0 [pid 6023] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6023] close(4) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6023] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5840] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6023] <... prlimit64 resumed>NULL) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6023] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5840] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6023] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6023] sched_setaffinity(0, 0, NULL [pid 5840] <... openat resumed>) = 3 [pid 6023] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(3, "", [pid 6023] sched_setscheduler(0, SCHED_RR, NULL [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6023] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(3, [pid 6023] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6023] <... openat resumed>) = 4 [pid 5840] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6023] read(4, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./32/binderfs") = 0 [pid 5840] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6024] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6021] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6021] sched_setaffinity(0, 0, NULL [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6021] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6021] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5840] <... openat resumed>) = 4 [pid 6021] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5840] newfstatat(4, "", [pid 6021] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./32/bus") = 0 [pid 6021] <... openat resumed>) = 5 [pid 6021] exit_group(0 [pid 5840] getdents64(3, [pid 6021] <... exit_group resumed>) = ? [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 6021] +++ exited with 0 +++ [pid 5840] <... close resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5840] rmdir("./32") = 0 [pid 5839] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] mkdir("./33", 0777 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6024] <... write resumed>) = 2097152 [pid 6024] munmap(0x7f0fce600000, 138412032 [pid 5840] <... mkdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./34/binderfs" [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... unlink resumed>) = 0 [pid 6024] <... munmap resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5839] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5840] <... ioctl resumed>) = 0 [pid 6024] ioctl(4, LOOP_SET_FD, 3 [pid 5840] close(3 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6024] <... ioctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6024] close(3 [pid 5839] newfstatat(AT_FDCWD, "./34/bus", [pid 6024] <... close resumed>) = 0 [pid 6024] close(4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6024] <... close resumed>) = 0 [pid 5839] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6024] mkdir("./bus", 0777 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6024] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6025 attached [pid 6025] set_robust_list(0x555579e09760, 24) = 0 [pid 6025] chdir("./33") = 0 [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6025] setpgid(0, 0) = 0 [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6024] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5839] <... openat resumed>) = 4 [pid 6025] <... openat resumed>) = 3 [pid 6025] write(3, "1000", 4 [ 128.692604][ T6024] loop0: detected capacity change from 0 to 4096 [pid 5839] newfstatat(4, "", [pid 6025] <... write resumed>) = 4 [pid 6025] close(3 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6025 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6025] <... close resumed>) = 0 [pid 6025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4executing program [pid 6025] write(1, "executing program\n", 18 [pid 5839] <... close resumed>) = 0 [pid 6025] <... write resumed>) = 18 [pid 5839] rmdir("./34/bus" [pid 6025] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 6025] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] <... close resumed>) = 0 [pid 6025] memfd_create("syzkaller", 0 [pid 5839] rmdir("./34" [pid 6025] <... memfd_create resumed>) = 3 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6025] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] mkdir("./35", 0777 [pid 6024] <... mount resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 6024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6024] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 6024] chdir("./bus" [pid 6022] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] <... ioctl resumed>) = 0 [pid 6024] <... chdir resumed>) = 0 [pid 5839] close(3 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6022] sched_setaffinity(0, 0, NULL [pid 5839] <... close resumed>) = 0 [pid 6022] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6024] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6022] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6024] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6022] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6024] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6022] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6024] memfd_create("syzkaller", 0 [pid 6022] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6024] <... memfd_create resumed>) = 4 [pid 6022] <... openat resumed>) = 5 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6022] exit_group(0) = ? [pid 6024] <... mmap resumed>) = 0x7f0fce600000 ./strace-static-x86_64: Process 6026 attached [pid 6024] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6022] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6022, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6026] set_robust_list(0x555579e09760, 24 [pid 6024] <... write resumed>) = 32768 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6026] <... set_robust_list resumed>) = 0 [pid 6024] munmap(0x7f0fce600000, 138412032 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6026 [pid 6026] chdir("./35" [pid 5842] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6024] <... munmap resumed>) = 0 [pid 6026] <... chdir resumed>) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6025] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... openat resumed>) = 3 [pid 6026] <... prctl resumed>) = 0 [pid 6026] setpgid(0, 0 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 6026] <... setpgid resumed>) = 0 [pid 6024] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6024] close(4 [pid 5842] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6026] <... openat resumed>) = 3 [pid 6024] <... close resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./33/binderfs", [pid 6026] write(3, "1000", 4 [pid 6024] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6026] <... write resumed>) = 4 [pid 6024] <... prlimit64 resumed>NULL) = 0 [pid 6026] close(3 [pid 6024] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6026] <... close resumed>) = 0 [pid 6024] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs" [pid 6024] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) executing program [pid 5842] unlink("./33/binderfs" [pid 6024] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5842] <... unlink resumed>) = 0 [pid 6026] <... symlink resumed>) = 0 [pid 6026] write(1, "executing program\n", 18 [pid 6024] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6026] <... write resumed>) = 18 [pid 6026] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6024] <... openat resumed>) = 4 [pid 5842] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6026] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6024] read(4, [pid 6026] memfd_create("syzkaller", 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6026] <... memfd_create resumed>) = 3 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./33/bus" [pid 6025] <... write resumed>) = 2097152 [pid 5842] <... rmdir resumed>) = 0 [pid 6025] munmap(0x7f0fce600000, 138412032 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./33") = 0 [pid 6025] <... munmap resumed>) = 0 [pid 5842] mkdir("./34", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6025] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6026] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6025] <... openat resumed>) = 4 [pid 6025] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... close resumed>) = 0 [pid 6025] <... ioctl resumed>) = 0 [pid 6025] close(3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6025] <... close resumed>) = 0 [pid 6025] close(4) = 0 ./strace-static-x86_64: Process 6027 attached [pid 6027] set_robust_list(0x555579e09760, 24 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6027 [pid 6027] <... set_robust_list resumed>) = 0 [pid 6027] chdir("./34") = 0 [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6027] setpgid(0, 0) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6027] write(3, "1000", 4) = 4 [pid 6027] close(3) = 0 [pid 6027] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6027] write(1, "executing program\n", 18 [pid 6025] mkdir("./bus", 0777 [pid 6027] <... write resumed>) = 18 [pid 6025] <... mkdir resumed>) = 0 [ 129.019314][ T6025] loop2: detected capacity change from 0 to 4096 [pid 6027] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6027] memfd_create("syzkaller", 0 [pid 6025] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 6026] <... write resumed>) = 2097152 [pid 6027] <... memfd_create resumed>) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6026] munmap(0x7f0fce600000, 138412032 [pid 6027] <... mmap resumed>) = 0x7f0fce600000 [pid 6026] <... munmap resumed>) = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6026] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6026] close(3) = 0 [pid 6023] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6026] close(4 [pid 6023] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6023] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6026] <... close resumed>) = 0 [pid 6023] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6026] mkdir("./bus", 0777) = 0 [pid 6023] rename(NULL, NULL [pid 6026] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6023] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6023] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [ 129.130281][ T6026] loop1: detected capacity change from 0 to 4096 [pid 6023] exit_group(0) = ? [pid 6023] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6025] <... mount resumed>) = 0 [pid 6025] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5841] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6025] <... openat resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6025] chdir("./bus" [pid 5841] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6025] <... chdir resumed>) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] <... openat resumed>) = 3 [pid 6025] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] newfstatat(3, "", [pid 6025] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6025] memfd_create("syzkaller", 0 [pid 5841] getdents64(3, [pid 6025] <... memfd_create resumed>) = 4 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6027] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6026] <... mount resumed>) = 0 [pid 6025] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6025] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5841] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./33/binderfs") = 0 [pid 5841] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6025] <... write resumed>) = 32768 [pid 6025] munmap(0x7f0fce600000, 138412032 [pid 6026] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] <... munmap resumed>) = 0 [pid 6026] chdir("./bus") = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] <... umount2 resumed>) = 0 [pid 6026] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6025] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6026] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6025] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6026] memfd_create("syzkaller", 0 [pid 6025] close(4 [pid 6026] <... memfd_create resumed>) = 4 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6025] <... close resumed>) = 0 [pid 5841] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6026] <... mmap resumed>) = 0x7f0fce600000 [pid 6025] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6025] <... prlimit64 resumed>NULL) = 0 [pid 5841] newfstatat(AT_FDCWD, "./33/bus", [pid 6025] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6026] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6025] sched_setaffinity(0, 0, NULL [pid 5841] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6025] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6025] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6025] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6026] <... write resumed>) = 32768 [pid 6025] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5841] <... openat resumed>) = 4 [pid 6026] munmap(0x7f0fce600000, 138412032 [pid 6025] <... openat resumed>) = 4 [pid 6026] <... munmap resumed>) = 0 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6025] read(4, [pid 5841] getdents64(4, [pid 6026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6026] close(4 [pid 5841] getdents64(4, [pid 6026] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 6027] <... write resumed>) = 2097152 [pid 6026] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] <... close resumed>) = 0 [pid 6026] <... prlimit64 resumed>NULL) = 0 [pid 5841] rmdir("./33/bus" [pid 6027] munmap(0x7f0fce600000, 138412032 [pid 6026] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5841] <... rmdir resumed>) = 0 [pid 6026] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6026] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] getdents64(3, [pid 6026] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6026] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5841] close(3 [pid 6026] read(4, [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./33" [pid 6027] <... munmap resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] mkdir("./34", 0777 [pid 6027] <... openat resumed>) = 4 [pid 5841] <... mkdir resumed>) = 0 [pid 6027] ioctl(4, LOOP_SET_FD, 3 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 6027] <... ioctl resumed>) = 0 [pid 6027] close(3) = 0 [ 129.315695][ T6027] loop4: detected capacity change from 0 to 4096 [pid 6027] close(4) = 0 [pid 6027] mkdir("./bus", 0777) = 0 [pid 6027] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6028 attached [pid 6028] set_robust_list(0x555579e09760, 24) = 0 [pid 6028] chdir("./34") = 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6028 [pid 6028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6028] setpgid(0, 0) = 0 [pid 6028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6028] write(3, "1000", 4) = 4 [pid 6028] close(3) = 0 executing program [pid 6028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6028] write(1, "executing program\n", 18) = 18 [pid 6028] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6028] memfd_create("syzkaller", 0 [pid 6027] <... mount resumed>) = 0 [pid 6027] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6028] <... memfd_create resumed>) = 3 [pid 6027] <... openat resumed>) = 3 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6027] chdir("./bus") = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6027] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6027] memfd_create("syzkaller", 0) = 4 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6027] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6027] munmap(0x7f0fce600000, 138412032) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6027] close(4) = 0 [pid 6027] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6027] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6027] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6027] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6027] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6027] read(4, [pid 6028] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6028] munmap(0x7f0fce600000, 138412032 [pid 6024] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6024] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6024] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6024] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6024] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6028] <... munmap resumed>) = 0 [pid 6024] exit_group(0 [pid 6028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6024] <... exit_group resumed>) = ? [pid 6024] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 6028] <... openat resumed>) = 4 [pid 6028] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5838] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./33/binderfs") = 0 [pid 5838] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5838] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./33/bus", [pid 6028] <... ioctl resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6028] close(3 [pid 5838] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6028] <... close resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6028] close(4 [pid 5838] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6028] <... close resumed>) = 0 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6028] mkdir("./bus", 0777 [pid 5838] getdents64(4, [pid 6028] <... mkdir resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6028] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [ 129.754161][ T6028] loop3: detected capacity change from 0 to 4096 [pid 5838] close(4) = 0 [pid 5838] rmdir("./33/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./33") = 0 [pid 5838] mkdir("./34", 0777 [pid 6026] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] <... mkdir resumed>) = 0 [pid 6026] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6026] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6026] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6026] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6028] <... mount resumed>) = 0 [pid 6026] <... openat resumed>) = 5 [pid 5838] <... openat resumed>) = 3 [pid 6026] exit_group(0) = ? [pid 6028] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6026] +++ exited with 0 +++ [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- [pid 5838] <... ioctl resumed>) = 0 [pid 5838] close(3 [pid 6028] <... openat resumed>) = 3 [pid 6028] chdir("./bus") = 0 [pid 5839] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6028] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", [pid 6028] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6028] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] getdents64(3, [pid 6028] memfd_create("syzkaller", 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] <... close resumed>) = 0 [pid 5839] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6028] <... memfd_create resumed>) = 4 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6029 attached [pid 6028] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] newfstatat(AT_FDCWD, "./35/binderfs", [pid 6029] set_robust_list(0x555579e09760, 24 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6029] <... set_robust_list resumed>) = 0 [pid 5839] unlink("./35/binderfs") = 0 [pid 6029] chdir("./34") = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6029 [pid 6028] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6028] <... write resumed>) = 32768 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3 [pid 6028] munmap(0x7f0fce600000, 138412032 [pid 6029] <... close resumed>) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6028] <... munmap resumed>) = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6029] write(1, "executing program\n", 18executing program ) = 18 [pid 6028] close(4 [pid 6029] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6028] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 6029] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6028] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6028] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6028] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6028] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6028] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6028] read(4, [pid 6029] memfd_create("syzkaller", 0 [pid 5839] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6029] <... memfd_create resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./35/bus", [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6029] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 6029] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] rmdir("./35/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./35") = 0 [pid 5839] mkdir("./36", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6027] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] <... close resumed>) = 0 [pid 6029] <... write resumed>) = 2097152 [pid 6027] sched_setaffinity(0, 0, NULL [pid 6025] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6027] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6029] munmap(0x7f0fce600000, 138412032 [pid 6027] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6025] sched_setaffinity(0, 0, NULL [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6025] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6025] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6027] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6027] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6027] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6027] exit_group(0) = ? ./strace-static-x86_64: Process 6030 attached [pid 6029] <... munmap resumed>) = 0 [pid 6027] +++ exited with 0 +++ [pid 6025] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6025] rename(NULL, NULL [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6030 [pid 6025] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6025] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6030] set_robust_list(0x555579e09760, 24 [pid 5842] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6030] <... set_robust_list resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6030] chdir("./36") = 0 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] getdents64(3, [pid 6030] <... prctl resumed>) = 0 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6030] setpgid(0, 0) = 0 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6025] <... openat resumed>) = 5 [pid 5842] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6030] <... openat resumed>) = 3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6030] write(3, "1000", 4) = 4 [pid 5842] unlink("./34/binderfs" [pid 6029] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... unlink resumed>) = 0 [pid 6030] close(3) = 0 [pid 6025] exit_group(0 [pid 5842] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 6030] symlink("/dev/binderfs", "./binderfs" [pid 6029] <... ioctl resumed>) = 0 [pid 6025] <... exit_group resumed>) = ? [pid 6025] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6025, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 6030] <... symlink resumed>) = 0 [pid 6029] close(3 [pid 6030] write(1, "executing program\n", 18 [pid 6029] <... close resumed>) = 0 [pid 6030] <... write resumed>) = 18 [pid 6030] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6029] close(4 [pid 5842] <... umount2 resumed>) = 0 [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6029] <... close resumed>) = 0 [pid 5842] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6029] mkdir("./bus", 0777 [pid 5840] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6029] <... mkdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6029] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5840] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6030] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./34/bus", [pid 5840] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./33/binderfs") = 0 [pid 5842] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./34/bus") = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [ 130.140468][ T6029] loop0: detected capacity change from 0 to 4096 [pid 5842] rmdir("./34") = 0 [pid 5842] mkdir("./35", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5840] <... umount2 resumed>) = 0 [pid 6029] <... mount resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5840] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 6029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6029] <... openat resumed>) = 3 [pid 5840] newfstatat(AT_FDCWD, "./33/bus", [pid 6029] chdir("./bus" [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6029] <... chdir resumed>) = 0 [pid 5840] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6029] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6029] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5840] <... openat resumed>) = 4 [pid 6029] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5842] <... close resumed>) = 0 [pid 5840] newfstatat(4, "", [pid 6029] memfd_create("syzkaller", 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6029] <... memfd_create resumed>) = 4 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6030] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6029] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] getdents64(4, [pid 6029] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, ./strace-static-x86_64: Process 6031 attached [pid 6029] <... write resumed>) = 32768 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 6031] set_robust_list(0x555579e09760, 24) = 0 [pid 6029] munmap(0x7f0fce600000, 138412032 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6031 [pid 5840] <... close resumed>) = 0 [pid 6031] chdir("./35" [pid 6029] <... munmap resumed>) = 0 [pid 5840] rmdir("./33/bus") = 0 [pid 6031] <... chdir resumed>) = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6029] close(4 [pid 5840] getdents64(3, [pid 6031] <... prctl resumed>) = 0 [pid 6029] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6031] setpgid(0, 0 [pid 6029] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5840] close(3 [pid 6031] <... setpgid resumed>) = 0 [pid 6029] <... prlimit64 resumed>NULL) = 0 [pid 6029] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./33" [pid 6029] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6029] sched_setaffinity(0, 0, NULL [pid 5840] <... rmdir resumed>) = 0 [pid 6029] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6029] sched_setscheduler(0, SCHED_RR, NULL [pid 5840] mkdir("./34", 0777 [pid 6029] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6029] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5840] <... mkdir resumed>) = 0 [pid 6029] read(4, [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6031] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6031] write(3, "1000", 4) = 4 [pid 6031] close(3 [pid 5840] <... ioctl resumed>) = 0 [pid 6031] <... close resumed>) = 0 [pid 6031] symlink("/dev/binderfs", "./binderfs" [pid 5840] close(3 [pid 6031] <... symlink resumed>) = 0 [pid 6031] write(1, "executing program\n", 18executing program ) = 18 [pid 6031] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6030] <... write resumed>) = 2097152 [pid 6030] munmap(0x7f0fce600000, 138412032 [pid 6031] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] <... close resumed>) = 0 [pid 6031] memfd_create("syzkaller", 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6032 attached [pid 6032] set_robust_list(0x555579e09760, 24) = 0 [pid 6032] chdir("./34" [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6032 [pid 6032] <... chdir resumed>) = 0 [pid 6032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6031] <... memfd_create resumed>) = 3 [pid 6032] setpgid(0, 0) = 0 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6030] <... munmap resumed>) = 0 [pid 6032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6031] <... mmap resumed>) = 0x7f0fce600000 [pid 6030] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3 [pid 6032] <... openat resumed>) = 3 [pid 6032] write(3, "1000", 4) = 4 [pid 6032] close(3) = 0 [pid 6032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6032] write(1, "executing program\n", 18 [pid 6030] <... ioctl resumed>) = 0 [pid 6030] close(3) = 0 [pid 6030] close(4) = 0 [pid 6030] mkdir("./bus", 0777executing program ) = 0 [pid 6032] <... write resumed>) = 18 [pid 6030] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6032] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6032] memfd_create("syzkaller", 0) = 3 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [ 130.407151][ T6030] loop1: detected capacity change from 0 to 4096 [pid 6030] <... mount resumed>) = 0 [pid 6031] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] chdir("./bus") = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6030] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6030] memfd_create("syzkaller", 0) = 4 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6030] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6030] munmap(0x7f0fce600000, 138412032) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6030] close(4) = 0 [pid 6030] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6030] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6030] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6030] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6030] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6030] read(4, [pid 6031] <... write resumed>) = 2097152 [pid 6031] munmap(0x7f0fce600000, 138412032 [pid 6028] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6031] <... munmap resumed>) = 0 [pid 6028] sched_setaffinity(0, 0, NULL [pid 6032] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6031] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6028] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6031] <... openat resumed>) = 4 [pid 6028] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6031] ioctl(4, LOOP_SET_FD, 3 [pid 6028] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6031] <... ioctl resumed>) = 0 [pid 6028] rename(NULL, NULL [pid 6031] close(3 [pid 6028] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6028] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6031] <... close resumed>) = 0 [pid 6031] close(4) = 0 [pid 6031] mkdir("./bus", 0777) = 0 [pid 6028] <... openat resumed>) = 5 [pid 6031] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 6028] exit_group(0) = ? [pid 6032] <... write resumed>) = 2097152 [pid 6032] munmap(0x7f0fce600000, 138412032) = 0 [pid 6028] +++ exited with 0 +++ [ 130.620208][ T6031] loop4: detected capacity change from 0 to 4096 [pid 6032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6028, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6032] <... openat resumed>) = 4 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6032] ioctl(4, LOOP_SET_FD, 3 [pid 5841] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6032] <... ioctl resumed>) = 0 [pid 5841] newfstatat(3, "", [pid 6032] close(3) = 0 [pid 6032] close(4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6032] <... close resumed>) = 0 [pid 6032] mkdir("./bus", 0777) = 0 [pid 6032] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./34/binderfs") = 0 [pid 5841] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6031] <... mount resumed>) = 0 [ 130.689102][ T6032] loop2: detected capacity change from 0 to 4096 [pid 6031] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5841] <... umount2 resumed>) = 0 [pid 6031] <... openat resumed>) = 3 [pid 6031] chdir("./bus") = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6031] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5841] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6031] memfd_create("syzkaller", 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6031] <... memfd_create resumed>) = 4 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] newfstatat(AT_FDCWD, "./34/bus", [pid 6031] <... mmap resumed>) = 0x7f0fce600000 [pid 6031] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6032] <... mount resumed>) = 0 [pid 5841] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6031] <... write resumed>) = 32768 [pid 6032] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6031] munmap(0x7f0fce600000, 138412032 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6032] <... openat resumed>) = 3 [pid 6032] chdir("./bus" [pid 6031] <... munmap resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6032] <... chdir resumed>) = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] <... openat resumed>) = 4 [pid 6032] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6031] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] newfstatat(4, "", [pid 6032] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6031] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6032] memfd_create("syzkaller", 0 [pid 6031] close(4 [pid 5841] getdents64(4, [pid 6032] <... memfd_create resumed>) = 4 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6031] <... close resumed>) = 0 [pid 6032] <... mmap resumed>) = 0x7f0fce600000 [pid 6032] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6031] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] getdents64(4, [pid 6031] <... prlimit64 resumed>NULL) = 0 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6031] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] close(4 [pid 6031] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6031] sched_setaffinity(0, 0, NULL [pid 5841] <... close resumed>) = 0 [pid 6032] munmap(0x7f0fce600000, 138412032 [pid 5841] rmdir("./34/bus" [pid 6031] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6032] <... munmap resumed>) = 0 [pid 6031] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... rmdir resumed>) = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6031] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6032] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6031] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5841] getdents64(3, [pid 6032] close(4) = 0 [pid 6031] <... openat resumed>) = 4 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6031] read(4, [pid 5841] close(3) = 0 [pid 6032] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6032] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6032] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6032] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6032] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6032] read(4, [pid 5841] rmdir("./34") = 0 [pid 5841] mkdir("./35", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6033 attached [pid 6033] set_robust_list(0x555579e09760, 24) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6033 [pid 6033] chdir("./35") = 0 [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6033] setpgid(0, 0) = 0 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6033] write(3, "1000", 4) = 4 [pid 6033] close(3) = 0 [pid 6033] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6033] write(1, "executing program\n", 18) = 18 [pid 6033] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6033] memfd_create("syzkaller", 0) = 3 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6029] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6029] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6029] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6029] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6029] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6029] exit_group(0) = ? [pid 6033] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6029] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5838] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./34/binderfs") = 0 [pid 5838] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6030] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6030] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6030] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6033] <... write resumed>) = 2097152 [pid 6030] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6033] munmap(0x7f0fce600000, 138412032 [pid 6030] rename(NULL, NULL [pid 5838] <... umount2 resumed>) = 0 [pid 6030] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5838] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6030] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6033] <... munmap resumed>) = 0 [pid 6030] <... openat resumed>) = 5 [pid 5838] newfstatat(AT_FDCWD, "./34/bus", [pid 6030] exit_group(0) = ? [pid 6030] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6033] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] newfstatat(4, "", [pid 6033] <... openat resumed>) = 4 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5838] getdents64(4, [pid 6033] ioctl(4, LOOP_SET_FD, 3 [pid 6032] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6032] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6032] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6032] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6032] rename(NULL, NULL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6032] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6032] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6033] <... ioctl resumed>) = 0 [pid 6032] <... openat resumed>) = 5 [pid 6031] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] getdents64(4, [pid 6033] close(3 [pid 6032] exit_group(0 [pid 6031] sched_setaffinity(0, 0, NULL [pid 5839] getdents64(3, [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6033] <... close resumed>) = 0 [pid 6032] <... exit_group resumed>) = ? [pid 6031] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(4 [pid 6033] close(4 [pid 6031] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] <... close resumed>) = 0 [pid 6033] <... close resumed>) = 0 [pid 6031] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] rmdir("./34/bus" [pid 6033] mkdir("./bus", 0777 [pid 6031] rename(NULL, NULL [pid 5838] <... rmdir resumed>) = 0 [pid 6033] <... mkdir resumed>) = 0 [pid 6031] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6031] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] close(3) = 0 [pid 5838] rmdir("./34") = 0 [pid 6033] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5838] mkdir("./35", 0777) = 0 [pid 5839] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6031] <... openat resumed>) = 5 [pid 6031] exit_group(0 [pid 6032] +++ exited with 0 +++ [pid 5839] newfstatat(AT_FDCWD, "./36/binderfs", [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6032, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./36/binderfs" [pid 6031] <... exit_group resumed>) = ? [pid 5839] <... unlink resumed>) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5840] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6033] <... mount resumed>) = 0 [pid 6031] +++ exited with 0 +++ [pid 5839] <... umount2 resumed>) = 0 [ 131.298086][ T6033] loop3: detected capacity change from 0 to 4096 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 6033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5840] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... ioctl resumed>) = 0 [pid 5838] close(3 [pid 6033] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./36/bus", [pid 5842] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(3, "", [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6033] chdir("./bus" [pid 5842] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] getdents64(3, [pid 6033] <... chdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6033] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5842] <... openat resumed>) = 3 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6033] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] newfstatat(3, "", [pid 5840] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(4, "", [pid 6033] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 6033] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5842] getdents64(3, [pid 5840] newfstatat(AT_FDCWD, "./34/binderfs", [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] <... close resumed>) = 0 [pid 6033] memfd_create("syzkaller", 0 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] getdents64(4, [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6033] <... memfd_create resumed>) = 4 [pid 5842] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] unlink("./34/binderfs" [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5839] close(4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... close resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./35/binderfs", [pid 5840] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] rmdir("./36/bus" [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./35/binderfs" [pid 5839] <... rmdir resumed>) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5839] getdents64(3, [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] close(3 [pid 6033] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./36") = 0 [pid 5839] mkdir("./37", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3./strace-static-x86_64: Process 6034 attached [pid 6034] set_robust_list(0x555579e09760, 24) = 0 [pid 6034] chdir("./35" [pid 5842] <... umount2 resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 6033] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6034 [pid 6033] <... write resumed>) = 32768 [pid 6034] <... chdir resumed>) = 0 [pid 6033] munmap(0x7f0fce600000, 138412032 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6034] setpgid(0, 0 [pid 6033] <... munmap resumed>) = 0 [pid 6034] <... setpgid resumed>) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6033] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6034] <... openat resumed>) = 3 [pid 6033] close(4 [pid 5840] <... umount2 resumed>) = 0 [pid 6033] <... close resumed>) = 0 [pid 5842] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6034] write(3, "1000", 4 [pid 6033] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6033] <... prlimit64 resumed>NULL) = 0 [pid 6034] <... write resumed>) = 4 [pid 6033] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5842] newfstatat(AT_FDCWD, "./35/bus", [pid 6033] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6034] close(3 [pid 6033] sched_setaffinity(0, 0, NULL [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6033] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6033] sched_setscheduler(0, SCHED_RR, NULL [pid 6034] <... close resumed>) = 0 [pid 6033] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6033] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6034] symlink("/dev/binderfs", "./binderfs" [pid 6033] <... openat resumed>) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6034] <... symlink resumed>) = 0 [pid 6033] read(4, [pid 5842] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, executing program ./strace-static-x86_64: Process 6035 attached [pid 6034] write(1, "executing program\n", 18 [pid 5840] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6035 [pid 6035] set_robust_list(0x555579e09760, 24 [pid 6034] <... write resumed>) = 18 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6034] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] getdents64(4, [pid 5840] newfstatat(AT_FDCWD, "./34/bus", [pid 6034] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6035] <... set_robust_list resumed>) = 0 [pid 6034] memfd_create("syzkaller", 0 [pid 5842] close(4 [pid 5840] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6035] chdir("./37" [pid 5842] <... close resumed>) = 0 [pid 6035] <... chdir resumed>) = 0 [pid 5842] rmdir("./35/bus" [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... rmdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6035] <... prctl resumed>) = 0 [pid 6035] setpgid(0, 0 [pid 5840] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6035] <... setpgid resumed>) = 0 [pid 5842] getdents64(3, [pid 5840] <... openat resumed>) = 4 [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6034] <... memfd_create resumed>) = 3 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] newfstatat(4, "", [pid 6035] <... openat resumed>) = 3 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] close(3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6035] write(3, "1000", 4 [pid 6034] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... close resumed>) = 0 [pid 5840] getdents64(4, [pid 6035] <... write resumed>) = 4 [pid 5842] rmdir("./35" [pid 6035] close(3 [pid 5842] <... rmdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6035] <... close resumed>) = 0 [pid 5842] mkdir("./36", 0777 [pid 5840] getdents64(4, [pid 6035] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... mkdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4executing program [pid 6035] <... symlink resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 6035] write(1, "executing program\n", 18 [pid 5840] rmdir("./34/bus" [pid 6035] <... write resumed>) = 18 [pid 6035] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... rmdir resumed>) = 0 [pid 6035] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... openat resumed>) = 3 [pid 5840] getdents64(3, [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 5842] close(3 [pid 5840] <... close resumed>) = 0 [pid 6035] memfd_create("syzkaller", 0) = 3 [pid 5840] rmdir("./34" [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./35", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6036 attached [pid 6035] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 6036] set_robust_list(0x555579e09760, 24) = 0 [pid 6036] chdir("./36") = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached [pid 6036] <... openat resumed>) = 3 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6036 [pid 6037] set_robust_list(0x555579e09760, 24) = 0 [pid 6036] write(3, "1000", 4 [pid 6037] chdir("./35" [pid 6036] <... write resumed>) = 4 [pid 6036] close(3 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6037 [pid 6036] <... close resumed>) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6036] write(1, "executing program\n", 18) = 18 [pid 6037] <... chdir resumed>) = 0 [pid 6036] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6034] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6036] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6037] <... prctl resumed>) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6036] memfd_create("syzkaller", 0) = 3 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6037] <... openat resumed>) = 3 [pid 6036] <... mmap resumed>) = 0x7f0fce600000 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6037] write(1, "executing program\n", 18) = 18 [pid 6037] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6035] <... write resumed>) = 2097152 [pid 6034] <... write resumed>) = 2097152 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6035] munmap(0x7f0fce600000, 138412032 [pid 6034] munmap(0x7f0fce600000, 138412032 [pid 6035] <... munmap resumed>) = 0 [pid 6036] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6037] <... mmap resumed>) = 0x7f0fce600000 [pid 6035] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6034] <... munmap resumed>) = 0 [pid 6035] <... openat resumed>) = 4 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6035] ioctl(4, LOOP_SET_FD, 3 [pid 6034] ioctl(4, LOOP_SET_FD, 3 [pid 6036] <... write resumed>) = 2097152 [pid 6035] <... ioctl resumed>) = 0 [pid 6034] <... ioctl resumed>) = 0 [pid 6034] close(3 [pid 6036] munmap(0x7f0fce600000, 138412032 [pid 6035] close(3 [pid 6034] <... close resumed>) = 0 [pid 6034] close(4) = 0 [pid 6034] mkdir("./bus", 0777 [pid 6035] <... close resumed>) = 0 [pid 6035] close(4) = 0 [pid 6035] mkdir("./bus", 0777) = 0 [pid 6034] <... mkdir resumed>) = 0 [pid 6035] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6034] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6036] <... munmap resumed>) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 131.754431][ T6035] loop1: detected capacity change from 0 to 4096 [ 131.762627][ T6034] loop0: detected capacity change from 0 to 4096 [pid 6036] ioctl(4, LOOP_SET_FD, 3 [pid 6037] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6034] <... mount resumed>) = 0 [pid 6034] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6036] <... ioctl resumed>) = 0 [pid 6036] close(3) = 0 [pid 6036] close(4) = 0 [pid 6036] mkdir("./bus", 0777 [pid 6034] <... openat resumed>) = 3 [pid 6034] chdir("./bus") = 0 [pid 6036] <... mkdir resumed>) = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6036] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 6034] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6034] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6034] memfd_create("syzkaller", 0) = 4 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6034] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6034] munmap(0x7f0fce600000, 138412032) = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6035] <... mount resumed>) = 0 [pid 6034] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 131.814447][ T6036] loop4: detected capacity change from 0 to 4096 [pid 6034] close(4) = 0 [pid 6035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6034] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6035] <... openat resumed>) = 3 [pid 6034] <... prlimit64 resumed>NULL) = 0 [pid 6034] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6035] chdir("./bus") = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6035] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6034] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6035] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6034] sched_setaffinity(0, 0, NULL [pid 6035] memfd_create("syzkaller", 0 [pid 6034] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6035] <... memfd_create resumed>) = 4 [pid 6034] sched_setscheduler(0, SCHED_RR, NULL [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6034] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6035] <... mmap resumed>) = 0x7f0fce600000 [pid 6034] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6035] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6034] <... openat resumed>) = 4 [pid 6034] read(4, [pid 6035] <... write resumed>) = 32768 [pid 6037] <... write resumed>) = 2097152 [pid 6035] munmap(0x7f0fce600000, 138412032 [pid 6037] munmap(0x7f0fce600000, 138412032 [pid 6035] <... munmap resumed>) = 0 [pid 6037] <... munmap resumed>) = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6036] <... mount resumed>) = 0 [pid 6035] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6036] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6035] close(4 [pid 6036] <... openat resumed>) = 3 [pid 6035] <... close resumed>) = 0 [pid 6035] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6037] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6036] chdir("./bus" [pid 6035] <... prlimit64 resumed>NULL) = 0 [pid 6036] <... chdir resumed>) = 0 [pid 6035] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6037] <... openat resumed>) = 4 [pid 6036] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6035] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6037] ioctl(4, LOOP_SET_FD, 3 [pid 6036] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6035] sched_setaffinity(0, 0, NULL [pid 6036] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6035] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6036] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6035] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6036] memfd_create("syzkaller", 0 [pid 6035] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6037] <... ioctl resumed>) = 0 [pid 6037] close(3 [pid 6036] <... memfd_create resumed>) = 4 [pid 6035] <... openat resumed>) = 4 [pid 6035] read(4, [pid 6037] <... close resumed>) = 0 [pid 6037] close(4) = 0 [pid 6037] mkdir("./bus", 0777) = 0 [pid 6037] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6036] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [ 131.950733][ T6037] loop2: detected capacity change from 0 to 4096 [pid 6036] munmap(0x7f0fce600000, 138412032) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6036] close(4) = 0 [pid 6036] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6036] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6036] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6036] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6036] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6036] read(4, [pid 6037] <... mount resumed>) = 0 [pid 6037] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6037] chdir("./bus") = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6037] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6037] memfd_create("syzkaller", 0) = 4 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6037] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6037] munmap(0x7f0fce600000, 138412032) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6037] close(4) = 0 [pid 6037] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6037] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6037] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6037] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6037] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6037] read(4, [pid 6033] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6033] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6033] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6033] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6033] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6033] exit_group(0) = ? [pid 6033] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./35/binderfs") = 0 [pid 5841] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6035] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6035] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6035] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6035] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6035] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] <... umount2 resumed>) = 0 [pid 6035] <... openat resumed>) = 5 [pid 5841] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6035] exit_group(0) = ? [pid 5841] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6035] +++ exited with 0 +++ [pid 5841] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5841] newfstatat(4, "", [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./35/bus") = 0 [pid 5839] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] newfstatat(3, "", [pid 5841] close(3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... close resumed>) = 0 [pid 5839] getdents64(3, [pid 5841] rmdir("./35" [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] <... rmdir resumed>) = 0 [pid 5839] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] mkdir("./36", 0777 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... mkdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./37/binderfs") = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5839] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 6037] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6034] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6037] sched_setaffinity(0, 0, NULL [pid 6034] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6037] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6037] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6034] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6037] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6034] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] <... umount2 resumed>) = 0 [pid 6037] rename(NULL, NULL [pid 6034] rename(NULL, NULL [pid 6037] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6034] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6037] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6034] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] <... close resumed>) = 0 [pid 5839] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6037] <... openat resumed>) = 5 [pid 6034] <... openat resumed>) = 5 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6034] exit_group(0./strace-static-x86_64: Process 6038 attached [pid 5839] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 6038] set_robust_list(0x555579e09760, 24 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6038] <... set_robust_list resumed>) = 0 [pid 5839] getdents64(4, [pid 6038] chdir("./36" [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6038] <... chdir resumed>) = 0 [pid 5839] close(4 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... close resumed>) = 0 [pid 6038] <... prctl resumed>) = 0 [pid 5839] rmdir("./37/bus" [pid 6038] setpgid(0, 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6038] <... setpgid resumed>) = 0 [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6037] exit_group(0 [pid 6034] <... exit_group resumed>) = ? [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6038 [pid 6038] <... openat resumed>) = 3 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6038] write(3, "1000", 4 [pid 5839] close(3 [pid 6038] <... write resumed>) = 4 [pid 6037] <... exit_group resumed>) = ? [pid 5839] <... close resumed>) = 0 [pid 6038] close(3 [pid 5839] rmdir("./37" [pid 6038] <... close resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs" [pid 6037] +++ exited with 0 +++ [pid 6034] +++ exited with 0 +++ executing program [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 6038] <... symlink resumed>) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 6038] write(1, "executing program\n", 18) = 18 [pid 5839] mkdir("./38", 0777 [pid 6038] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5839] <... mkdir resumed>) = 0 [pid 5838] <... restart_syscall resumed>) = 0 [pid 6038] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] memfd_create("syzkaller", 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5838] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5838] <... openat resumed>) = 3 [pid 5840] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... ioctl resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] close(3 [pid 5838] newfstatat(3, "", [pid 6038] <... memfd_create resumed>) = 3 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6038] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] newfstatat(AT_FDCWD, "./35/binderfs", [pid 5838] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./35/binderfs" [pid 5838] unlink("./35/binderfs" [pid 5840] <... unlink resumed>) = 0 [pid 5838] <... unlink resumed>) = 0 [pid 5840] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5840] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./35/bus", [pid 5840] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] newfstatat(4, "", [pid 5838] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(4, [pid 5838] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 5839] <... close resumed>) = 0 [pid 5838] getdents64(4, [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] close(4 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] getdents64(4, [pid 5840] <... close resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6039 attached [pid 5838] close(4 [pid 5840] rmdir("./35/bus" [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./35/bus") = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 6039] set_robust_list(0x555579e09760, 24 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6039 [pid 5838] getdents64(3, [pid 6039] <... set_robust_list resumed>) = 0 [pid 6039] chdir("./38" [pid 5840] getdents64(3, [pid 6039] <... chdir resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6038] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6039] <... prctl resumed>) = 0 [pid 6039] setpgid(0, 0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6039] <... setpgid resumed>) = 0 [pid 5840] close(3 [pid 5838] close(3 [pid 5840] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] rmdir("./35" [pid 5838] rmdir("./35" [pid 5840] <... rmdir resumed>) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5840] mkdir("./36", 0777 [pid 5838] mkdir("./36", 0777 [pid 5840] <... mkdir resumed>) = 0 [pid 6039] <... openat resumed>) = 3 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6039] write(3, "1000", 4 [pid 5838] <... mkdir resumed>) = 0 [pid 6039] <... write resumed>) = 4 [pid 5840] <... openat resumed>) = 3 [pid 6039] close(3 [pid 6036] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6039] <... close resumed>) = 0 [pid 6036] sched_setaffinity(0, 0, NULL [pid 6039] symlink("/dev/binderfs", "./binderfs" [pid 6036] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... ioctl resumed>) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5840] close(3 [pid 6039] <... symlink resumed>) = 0 [pid 6036] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5838] ioctl(3, LOOP_CLR_FDexecuting program [pid 6039] write(1, "executing program\n", 18 [pid 6036] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6039] <... write resumed>) = 18 [pid 6036] rename(NULL, NULL [pid 5838] <... ioctl resumed>) = 0 [pid 5838] close(3 [pid 6039] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6038] <... write resumed>) = 2097152 [pid 6036] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6039] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6039] memfd_create("syzkaller", 0) = 3 [pid 6038] munmap(0x7f0fce600000, 138412032 [pid 6036] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] <... close resumed>) = 0 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6038] <... munmap resumed>) = 0 [pid 6036] <... openat resumed>) = 5 [pid 6039] <... mmap resumed>) = 0x7f0fce600000 [pid 6036] exit_group(0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6036] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 6040 attached [pid 6036] +++ exited with 0 +++ [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6040 [pid 5840] <... close resumed>) = 0 [pid 6040] set_robust_list(0x555579e09760, 24 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- [pid 6040] <... set_robust_list resumed>) = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6040] chdir("./36" [pid 6038] <... openat resumed>) = 4 [pid 6040] <... chdir resumed>) = 0 [pid 6038] ioctl(4, LOOP_SET_FD, 3 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6040] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6038] <... ioctl resumed>) = 0 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6040] <... prctl resumed>) = 0 [pid 6038] close(3 [pid 6040] setpgid(0, 0 [pid 6038] <... close resumed>) = 0 [pid 6040] <... setpgid resumed>) = 0 [pid 6038] close(4 [pid 5842] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6038] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6040] <... openat resumed>) = 3 [pid 6038] mkdir("./bus", 0777 [pid 5842] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6040] write(3, "1000", 4 [pid 6038] <... mkdir resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 6040] <... write resumed>) = 4 [pid 6038] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5842] newfstatat(3, "", ./strace-static-x86_64: Process 6041 attached [pid 6040] close(3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6040] <... close resumed>) = 0 [pid 5842] getdents64(3, [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6041 [pid 6041] set_robust_list(0x555579e09760, 24executing program [pid 6040] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6041] <... set_robust_list resumed>) = 0 [pid 6040] <... symlink resumed>) = 0 [pid 5842] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6040] write(1, "executing program\n", 18 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6040] <... write resumed>) = 18 [pid 5842] newfstatat(AT_FDCWD, "./36/binderfs", [pid 6040] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6040] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] unlink("./36/binderfs" [pid 6041] chdir("./36" [pid 6040] memfd_create("syzkaller", 0 [pid 5842] <... unlink resumed>) = 0 [pid 6041] <... chdir resumed>) = 0 [pid 5842] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6040] <... memfd_create resumed>) = 3 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6041] <... prctl resumed>) = 0 [pid 6041] setpgid(0, 0 [pid 6040] <... mmap resumed>) = 0x7f0fce600000 [pid 6041] <... setpgid resumed>) = 0 [ 132.910045][ T6038] loop3: detected capacity change from 0 to 4096 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6039] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6041] close(3) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6041] write(1, "executing program\n", 18 [pid 5842] <... umount2 resumed>) = 0 [pid 6041] <... write resumed>) = 18 [pid 6041] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5842] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6041] memfd_create("syzkaller", 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] <... mount resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./36/bus", [pid 6038] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6038] <... openat resumed>) = 3 [pid 5842] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] chdir("./bus" [pid 6041] <... memfd_create resumed>) = 3 [pid 6038] <... chdir resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6038] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6041] <... mmap resumed>) = 0x7f0fce600000 [pid 6038] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] <... openat resumed>) = 4 [pid 6038] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5842] newfstatat(4, "", [pid 6038] memfd_create("syzkaller", 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6038] <... memfd_create resumed>) = 4 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] getdents64(4, [pid 6038] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6038] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] close(4) = 0 [pid 5842] rmdir("./36/bus" [pid 6038] <... write resumed>) = 32768 [pid 5842] <... rmdir resumed>) = 0 [pid 6038] munmap(0x7f0fce600000, 138412032 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 6038] <... munmap resumed>) = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] rmdir("./36" [pid 6038] close(4 [pid 5842] <... rmdir resumed>) = 0 [pid 6038] <... close resumed>) = 0 [pid 5842] mkdir("./37", 0777) = 0 [pid 6038] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6038] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6038] sched_setaffinity(0, 0, NULL [pid 6039] <... write resumed>) = 2097152 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6038] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6038] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6039] munmap(0x7f0fce600000, 138412032 [pid 6041] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6039] <... munmap resumed>) = 0 [pid 6038] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6038] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6040] <... write resumed>) = 2097152 [pid 6040] munmap(0x7f0fce600000, 138412032 [pid 6038] <... openat resumed>) = 4 [pid 6039] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6040] <... munmap resumed>) = 0 [pid 6038] read(4, [pid 5842] <... close resumed>) = 0 [pid 6039] <... openat resumed>) = 4 [pid 6039] ioctl(4, LOOP_SET_FD, 3 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6039] <... ioctl resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6039] close(3./strace-static-x86_64: Process 6042 attached [pid 6041] <... write resumed>) = 2097152 [pid 6040] <... openat resumed>) = 4 [pid 6042] set_robust_list(0x555579e09760, 24 [pid 6040] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6042 [pid 6042] <... set_robust_list resumed>) = 0 [pid 6039] <... close resumed>) = 0 [pid 6041] munmap(0x7f0fce600000, 138412032 [pid 6039] close(4) = 0 [pid 6042] chdir("./37" [pid 6039] mkdir("./bus", 0777) = 0 [pid 6039] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6042] <... chdir resumed>) = 0 [pid 6040] <... ioctl resumed>) = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6040] close(3 [pid 6042] <... prctl resumed>) = 0 [pid 6042] setpgid(0, 0 [pid 6040] <... close resumed>) = 0 [pid 6042] <... setpgid resumed>) = 0 [pid 6040] close(4 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6040] <... close resumed>) = 0 [pid 6040] mkdir("./bus", 0777 [pid 6042] <... openat resumed>) = 3 [pid 6040] <... mkdir resumed>) = 0 [pid 6042] write(3, "1000", 4) = 4 [pid 6040] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs" [pid 6041] <... munmap resumed>) = 0 [pid 6042] <... symlink resumed>) = 0 [pid 6039] <... mount resumed>) = 0 [ 133.098960][ T6039] loop1: detected capacity change from 0 to 4096 [ 133.120532][ T6040] loop0: detected capacity change from 0 to 4096 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6042] write(1, "executing program\n", 18 [pid 6041] <... openat resumed>) = 4 [pid 6039] <... openat resumed>) = 3 executing program [pid 6039] chdir("./bus" [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 6042] <... write resumed>) = 18 [pid 6042] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6039] <... chdir resumed>) = 0 [pid 6042] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6039] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6042] memfd_create("syzkaller", 0 [pid 6039] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6042] <... memfd_create resumed>) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6039] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6039] memfd_create("syzkaller", 0) = 4 [pid 6041] <... ioctl resumed>) = 0 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6041] close(3 [pid 6039] <... mmap resumed>) = 0x7f0fce600000 [pid 6041] <... close resumed>) = 0 [pid 6039] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6041] close(4) = 0 [pid 6039] <... write resumed>) = 32768 [pid 6041] mkdir("./bus", 0777 [pid 6039] munmap(0x7f0fce600000, 138412032 [pid 6041] <... mkdir resumed>) = 0 [pid 6039] <... munmap resumed>) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6039] close(4) = 0 [pid 6041] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 6039] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6039] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6039] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6039] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6039] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [ 133.199146][ T6041] loop2: detected capacity change from 0 to 4096 [pid 6039] read(4, [pid 6040] <... mount resumed>) = 0 [pid 6040] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6040] chdir("./bus") = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6040] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6040] memfd_create("syzkaller", 0) = 4 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6040] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6040] munmap(0x7f0fce600000, 138412032) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6040] close(4) = 0 [pid 6040] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6040] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6042] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6040] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6040] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6040] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6040] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6041] <... mount resumed>) = 0 [pid 6040] read(4, [pid 6041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./bus") = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6041] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6041] memfd_create("syzkaller", 0) = 4 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6041] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6041] munmap(0x7f0fce600000, 138412032) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6041] close(4) = 0 [pid 6041] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6041] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6041] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6041] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6041] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6041] read(4, [pid 6042] <... write resumed>) = 2097152 [pid 6042] munmap(0x7f0fce600000, 138412032) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6042] close(3) = 0 [pid 6042] close(4) = 0 [pid 6042] mkdir("./bus", 0777) = 0 [ 133.508479][ T6042] loop4: detected capacity change from 0 to 4096 [pid 6042] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 6038] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6042] <... mount resumed>) = 0 [pid 6038] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6038] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6038] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6038] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] chdir("./bus") = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6038] <... openat resumed>) = 5 [pid 6042] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6038] exit_group(0 [pid 6042] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6038] <... exit_group resumed>) = ? [pid 6042] memfd_create("syzkaller", 0) = 4 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6042] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6038] +++ exited with 0 +++ [pid 6042] <... write resumed>) = 32768 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6042] munmap(0x7f0fce600000, 138412032) = 0 [pid 5841] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", [pid 6042] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6042] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] getdents64(3, [pid 6042] close(4 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6042] <... close resumed>) = 0 [pid 5841] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6042] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6042] <... prlimit64 resumed>NULL) = 0 [pid 5841] newfstatat(AT_FDCWD, "./36/binderfs", [pid 6042] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6042] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] unlink("./36/binderfs" [pid 6042] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5841] <... unlink resumed>) = 0 [pid 6042] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6042] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6042] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6042] read(4, [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./36/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 6039] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6039] sched_setaffinity(0, 0, NULL [pid 5841] <... close resumed>) = 0 [pid 6039] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5841] rmdir("./36" [pid 6039] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6039] rename(NULL, NULL [pid 5841] <... rmdir resumed>) = 0 [pid 6039] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6039] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5841] mkdir("./37", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6039] <... openat resumed>) = 5 [pid 6039] exit_group(0) = ? [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 6039] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5839] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./38/binderfs") = 0 [pid 5839] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5839] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, ./strace-static-x86_64: Process 6043 attached [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6043 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6043] set_robust_list(0x555579e09760, 24 [pid 5839] getdents64(4, [pid 6043] <... set_robust_list resumed>) = 0 [pid 6043] chdir("./37" [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6043] <... chdir resumed>) = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] close(4 [pid 6043] <... prctl resumed>) = 0 [pid 6043] setpgid(0, 0 [pid 5839] <... close resumed>) = 0 [pid 6043] <... setpgid resumed>) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] rmdir("./38/bus" [pid 6043] <... openat resumed>) = 3 [pid 5839] <... rmdir resumed>) = 0 [pid 6043] write(3, "1000", 4) = 4 [pid 6043] close(3) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs" [pid 6040] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] getdents64(3, [pid 6043] <... symlink resumed>) = 0 [pid 6040] sched_setaffinity(0, 0, NULL [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6040] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5839] close(3 [pid 6043] write(1, "executing program\n", 18 [pid 6040] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6043] <... write resumed>) = 18 [pid 6040] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] <... close resumed>) = 0 [pid 6043] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6040] rename(NULL, NULL [pid 6043] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6040] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6040] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] rmdir("./38" [pid 6043] memfd_create("syzkaller", 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./39", 0777) = 0 [pid 6043] <... memfd_create resumed>) = 3 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6040] <... openat resumed>) = 5 [pid 6040] exit_group(0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6040] <... exit_group resumed>) = ? [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6040] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6040, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5838] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./36/binderfs") = 0 [pid 5838] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6043] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... close resumed>) = 0 [pid 5838] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6044 attached [pid 5838] newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6044] set_robust_list(0x555579e09760, 24) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6044 [pid 5838] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] chdir("./39" [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, [pid 6044] <... chdir resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./36/bus") = 0 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5838] getdents64(3, [pid 6044] <... prctl resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6044] setpgid(0, 0 [pid 5838] close(3 [pid 6044] <... setpgid resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] rmdir("./36" [pid 6044] <... openat resumed>) = 3 [pid 5838] <... rmdir resumed>) = 0 [pid 6044] write(3, "1000", 4 [pid 5838] mkdir("./37", 0777 [pid 6044] <... write resumed>) = 4 [pid 5838] <... mkdir resumed>) = 0 [pid 6044] close(3) = 0 [pid 6044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 6044] write(1, "executing program\n", 18 [pid 5838] <... openat resumed>) = 3 [pid 6044] <... write resumed>) = 18 [pid 6044] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 6044] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] <... ioctl resumed>) = 0 [pid 5838] close(3 [pid 6044] memfd_create("syzkaller", 0) = 3 [pid 6043] <... write resumed>) = 2097152 [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6043] munmap(0x7f0fce600000, 138412032) = 0 [pid 5838] <... close resumed>) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6043] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6045 attached [pid 6043] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6045 [pid 6045] set_robust_list(0x555579e09760, 24) = 0 [pid 6045] chdir("./37") = 0 [pid 6043] <... ioctl resumed>) = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6043] close(3) = 0 [pid 6043] close(4) = 0 [pid 6043] mkdir("./bus", 0777 [pid 6045] <... prctl resumed>) = 0 [pid 6043] <... mkdir resumed>) = 0 [pid 6043] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [ 134.199256][ T6043] loop3: detected capacity change from 0 to 4096 [pid 6045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6044] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6041] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 executing program [pid 6045] write(1, "executing program\n", 18 [pid 6041] sched_setaffinity(0, 0, NULL [pid 6045] <... write resumed>) = 18 [pid 6041] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6041] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6045] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6041] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6045] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6041] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6041] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6045] memfd_create("syzkaller", 0 [pid 6041] <... openat resumed>) = 5 [pid 6045] <... memfd_create resumed>) = 3 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6041] exit_group(0) = ? [pid 6041] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6043] <... mount resumed>) = 0 [pid 5840] newfstatat(3, "", [pid 6043] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6043] <... openat resumed>) = 3 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6043] chdir("./bus") = 0 [pid 5840] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6043] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6043] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6043] memfd_create("syzkaller", 0 [pid 5840] unlink("./36/binderfs" [pid 6043] <... memfd_create resumed>) = 4 [pid 5840] <... unlink resumed>) = 0 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6044] <... write resumed>) = 2097152 [pid 6043] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5840] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] munmap(0x7f0fce600000, 138412032 [pid 6043] <... write resumed>) = 32768 [pid 6043] munmap(0x7f0fce600000, 138412032 [pid 5840] <... umount2 resumed>) = 0 [pid 6043] <... munmap resumed>) = 0 [pid 6044] <... munmap resumed>) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6043] close(4 [pid 6045] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6044] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6043] <... close resumed>) = 0 [pid 6043] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6044] <... openat resumed>) = 4 [pid 6043] <... prlimit64 resumed>NULL) = 0 [pid 5840] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6043] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] sched_setaffinity(0, 0, NULL [pid 5840] newfstatat(AT_FDCWD, "./36/bus", [pid 6044] ioctl(4, LOOP_SET_FD, 3 [pid 6043] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6043] sched_setscheduler(0, SCHED_RR, NULL [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6043] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6043] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5840] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6043] <... openat resumed>) = 4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] read(4, [pid 5840] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 6044] <... ioctl resumed>) = 0 [pid 5840] rmdir("./36/bus") = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./36") = 0 [pid 5840] mkdir("./37", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6044] close(3) = 0 [pid 5840] <... openat resumed>) = 3 [pid 6044] close(4 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6045] <... write resumed>) = 2097152 [pid 6044] <... close resumed>) = 0 [pid 6044] mkdir("./bus", 0777 [pid 6045] munmap(0x7f0fce600000, 138412032 [pid 6044] <... mkdir resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 6044] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6045] <... munmap resumed>) = 0 [ 134.381161][ T6044] loop1: detected capacity change from 0 to 4096 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... close resumed>) = 0 [pid 6045] <... openat resumed>) = 4 [pid 6045] ioctl(4, LOOP_SET_FD, 3 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6045] <... ioctl resumed>) = 0 [pid 6045] close(3) = 0 [pid 6045] close(4) = 0 [pid 6045] mkdir("./bus", 0777./strace-static-x86_64: Process 6046 attached ) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6046 [pid 6045] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6046] set_robust_list(0x555579e09760, 24) = 0 [pid 6046] chdir("./37") = 0 [pid 6046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6046] setpgid(0, 0) = 0 [pid 6046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6046] write(3, "1000", 4) = 4 [pid 6046] close(3) = 0 [pid 6046] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6046] write(1, "executing program\n", 18) = 18 [pid 6046] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6044] <... mount resumed>) = 0 [pid 6046] memfd_create("syzkaller", 0 [ 134.459320][ T6045] loop0: detected capacity change from 0 to 4096 [pid 6044] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6044] chdir("./bus") = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6044] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6044] memfd_create("syzkaller", 0) = 4 [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6046] <... memfd_create resumed>) = 3 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6044] <... mmap resumed>) = 0x7f0fce600000 [pid 6046] <... mmap resumed>) = 0x7f0fce600000 [pid 6044] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6044] munmap(0x7f0fce600000, 138412032) = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6045] <... mount resumed>) = 0 [pid 6044] close(4) = 0 [pid 6045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6044] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6045] <... openat resumed>) = 3 [pid 6044] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6044] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6044] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6045] chdir("./bus" [pid 6044] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6045] <... chdir resumed>) = 0 [pid 6044] <... openat resumed>) = 4 [pid 6044] read(4, [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6045] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6045] memfd_create("syzkaller", 0) = 4 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6045] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6045] munmap(0x7f0fce600000, 138412032) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6045] close(4) = 0 [pid 6045] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6042] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6042] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6042] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6042] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6042] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6042] exit_group(0 [pid 6045] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6042] <... exit_group resumed>) = ? [pid 6045] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6045] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6045] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6045] read(4, [pid 6046] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6042] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./37/binderfs") = 0 [pid 5842] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5842] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./37/bus") = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./37") = 0 [pid 5842] mkdir("./38", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6046] <... write resumed>) = 2097152 [pid 6043] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6046] munmap(0x7f0fce600000, 138412032 [pid 6043] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6043] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6043] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6043] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6046] <... munmap resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6046] ioctl(4, LOOP_SET_FD, 3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6043] <... openat resumed>) = 5 [pid 6043] exit_group(0) = ? ./strace-static-x86_64: Process 6047 attached [pid 6046] <... ioctl resumed>) = 0 [pid 6043] +++ exited with 0 +++ [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6047 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 6046] close(3) = 0 [pid 6046] close(4) = 0 [pid 6046] mkdir("./bus", 0777) = 0 [pid 6047] set_robust_list(0x555579e09760, 24) = 0 [pid 6047] chdir("./38") = 0 [pid 6047] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6046] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5841] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6047] <... prctl resumed>) = 0 [pid 6047] setpgid(0, 0) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6047] <... openat resumed>) = 3 [pid 5841] <... openat resumed>) = 3 [pid 6047] write(3, "1000", 4) = 4 [pid 6047] close(3) = 0 [ 134.833850][ T6046] loop2: detected capacity change from 0 to 4096 [pid 6047] symlink("/dev/binderfs", "./binderfs" [pid 5841] newfstatat(3, "", executing program [pid 6047] <... symlink resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6047] write(1, "executing program\n", 18) = 18 [pid 6047] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6047] memfd_create("syzkaller", 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6047] <... memfd_create resumed>) = 3 [pid 5841] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./37/binderfs") = 0 [pid 5841] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6046] <... mount resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 6046] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6046] chdir("./bus" [pid 5841] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6046] <... chdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6046] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] newfstatat(AT_FDCWD, "./37/bus", [pid 6046] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6046] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5841] getdents64(4, [pid 6046] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5841] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6046] memfd_create("syzkaller", 0 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6046] <... memfd_create resumed>) = 4 [pid 5841] close(4 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... close resumed>) = 0 [pid 6046] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] rmdir("./37/bus" [pid 6046] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6047] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6046] <... write resumed>) = 32768 [pid 5841] <... rmdir resumed>) = 0 [pid 6046] munmap(0x7f0fce600000, 138412032 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 6046] <... munmap resumed>) = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] <... close resumed>) = 0 [pid 6046] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] rmdir("./37" [pid 6046] close(4 [pid 5841] <... rmdir resumed>) = 0 [pid 6046] <... close resumed>) = 0 [pid 5841] mkdir("./38", 0777) = 0 [pid 6046] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6046] <... prlimit64 resumed>NULL) = 0 [pid 6046] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] <... openat resumed>) = 3 [pid 6046] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6046] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5841] <... ioctl resumed>) = 0 [pid 6046] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] close(3 [pid 6046] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6046] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6046] read(4, [pid 6047] <... write resumed>) = 2097152 [pid 6047] munmap(0x7f0fce600000, 138412032 [pid 6045] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6047] <... munmap resumed>) = 0 [pid 6045] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6045] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6045] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6045] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6047] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6045] <... openat resumed>) = 5 [pid 5841] <... close resumed>) = 0 [pid 6047] <... openat resumed>) = 4 [pid 6045] exit_group(0) = ? [pid 6047] ioctl(4, LOOP_SET_FD, 3 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6048 attached [pid 6048] set_robust_list(0x555579e09760, 24 [pid 6047] <... ioctl resumed>) = 0 [pid 6045] +++ exited with 0 +++ [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6048 [pid 6048] <... set_robust_list resumed>) = 0 [pid 6047] close(3 [pid 6048] chdir("./38" [pid 6047] <... close resumed>) = 0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6045, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 6048] <... chdir resumed>) = 0 [pid 6047] close(4 [pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6047] <... close resumed>) = 0 [pid 6048] setpgid(0, 0 [pid 6047] mkdir("./bus", 0777 [pid 6048] <... setpgid resumed>) = 0 [pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6047] <... mkdir resumed>) = 0 [pid 6048] <... openat resumed>) = 3 [pid 6048] write(3, "1000", 4 [pid 6047] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5838] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6048] <... write resumed>) = 4 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6048] close(3 [pid 5838] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6048] <... close resumed>) = 0 [pid 5838] newfstatat(3, "", [pid 6048] symlink("/dev/binderfs", "./binderfs" [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, [pid 6048] <... symlink resumed>) = 0 [pid 6048] write(1, "executing program\n", 18 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 executing program [pid 6048] <... write resumed>) = 18 [pid 5838] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6048] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5838] newfstatat(AT_FDCWD, "./37/binderfs", [pid 6048] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6048] memfd_create("syzkaller", 0 [pid 5838] unlink("./37/binderfs") = 0 [pid 5838] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6048] <... memfd_create resumed>) = 3 [pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5838] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 135.126977][ T6047] loop4: detected capacity change from 0 to 4096 [pid 5838] newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6044] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6044] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5838] <... openat resumed>) = 4 [pid 6044] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5838] newfstatat(4, "", [pid 6044] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6044] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6047] <... mount resumed>) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4 [pid 6047] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6044] <... openat resumed>) = 5 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./37/bus" [pid 6044] exit_group(0) = ? [pid 6047] <... openat resumed>) = 3 [pid 5838] <... rmdir resumed>) = 0 [pid 5838] getdents64(3, [pid 6047] chdir("./bus" [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6047] <... chdir resumed>) = 0 [pid 5838] close(3 [pid 6047] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./37" [pid 6047] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... rmdir resumed>) = 0 [pid 6047] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] mkdir("./38", 0777 [pid 6047] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5838] <... mkdir resumed>) = 0 [pid 6047] memfd_create("syzkaller", 0) = 4 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6044] +++ exited with 0 +++ [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6047] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5838] <... ioctl resumed>) = 0 [pid 5838] close(3 [pid 6047] <... write resumed>) = 32768 [pid 5839] <... restart_syscall resumed>) = 0 [pid 6047] munmap(0x7f0fce600000, 138412032) = 0 [pid 5839] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6047] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", [pid 6048] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6047] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6047] close(4) = 0 [pid 5839] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6047] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6047] <... prlimit64 resumed>NULL) = 0 [pid 5839] newfstatat(AT_FDCWD, "./39/binderfs", [pid 6047] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6047] sched_setaffinity(0, 0, NULL [pid 5839] unlink("./39/binderfs" [pid 6047] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6047] sched_setscheduler(0, SCHED_RR, NULL [pid 5839] <... unlink resumed>) = 0 [pid 6047] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6047] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6047] read(4, [pid 5839] <... umount2 resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6048] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 6049 attached [pid 5839] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6049 [pid 6049] set_robust_list(0x555579e09760, 24 [pid 6048] munmap(0x7f0fce600000, 138412032 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6049] <... set_robust_list resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6049] chdir("./38" [pid 5839] <... openat resumed>) = 4 [pid 6049] <... chdir resumed>) = 0 [pid 5839] newfstatat(4, "", [pid 6049] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6049] <... prctl resumed>) = 0 [pid 6048] <... munmap resumed>) = 0 [pid 5839] getdents64(4, [pid 6049] setpgid(0, 0) = 0 [pid 6049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, [pid 6049] <... openat resumed>) = 3 [pid 6049] write(3, "1000", 4) = 4 [pid 6049] close(3 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6049] <... close resumed>) = 0 [pid 6049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6049] write(1, "executing program\n", 18executing program ) = 18 [pid 6049] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6048] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] close(4 [pid 6048] <... openat resumed>) = 4 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./39/bus" [pid 6048] ioctl(4, LOOP_SET_FD, 3 [pid 6049] memfd_create("syzkaller", 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6049] <... memfd_create resumed>) = 3 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6048] <... ioctl resumed>) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./39" [pid 6048] close(3 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./40", 0777 [pid 6048] <... close resumed>) = 0 [pid 6048] close(4) = 0 [pid 5839] <... mkdir resumed>) = 0 [ 135.391027][ T6048] loop3: detected capacity change from 0 to 4096 [pid 6048] mkdir("./bus", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6048] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6049] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... close resumed>) = 0 [pid 6048] <... mount resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6050 attached [pid 6048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6050] set_robust_list(0x555579e09760, 24 [pid 6048] <... openat resumed>) = 3 [pid 6050] <... set_robust_list resumed>) = 0 [pid 6048] chdir("./bus" [pid 6050] chdir("./40" [pid 6048] <... chdir resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6050 [pid 6050] <... chdir resumed>) = 0 [pid 6048] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6048] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6048] memfd_create("syzkaller", 0) = 4 [pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6048] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6050] setpgid(0, 0 [pid 6048] <... write resumed>) = 32768 [pid 6050] <... setpgid resumed>) = 0 [pid 6050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6048] munmap(0x7f0fce600000, 138412032 [pid 6050] <... openat resumed>) = 3 [pid 6048] <... munmap resumed>) = 0 [pid 6050] write(3, "1000", 4) = 4 [pid 6048] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6050] close(3 [pid 6048] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6050] <... close resumed>) = 0 [pid 6048] close(4 [pid 6050] symlink("/dev/binderfs", "./binderfs" [pid 6049] <... write resumed>) = 2097152 [pid 6048] <... close resumed>) = 0 [pid 6050] <... symlink resumed>) = 0 [pid 6049] munmap(0x7f0fce600000, 138412032 [pid 6048] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6050] write(1, "executing program\n", 18 [pid 6048] <... prlimit64 resumed>NULL) = 0 executing program [pid 6050] <... write resumed>) = 18 [pid 6048] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6050] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6048] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6048] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6049] <... munmap resumed>) = 0 [pid 6050] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6048] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6048] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6048] read(4, [pid 6050] memfd_create("syzkaller", 0) = 3 [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6050] <... mmap resumed>) = 0x7f0fce600000 [pid 6049] <... openat resumed>) = 4 [pid 6049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6049] close(3) = 0 [pid 6049] close(4) = 0 [pid 6049] mkdir("./bus", 0777) = 0 [ 135.652250][ T6049] loop0: detected capacity change from 0 to 4096 [pid 6049] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6050] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6049] <... mount resumed>) = 0 [pid 6049] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6049] chdir("./bus") = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6049] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6049] memfd_create("syzkaller", 0) = 4 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6049] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6049] munmap(0x7f0fce600000, 138412032) = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6049] close(4) = 0 [pid 6049] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6049] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6049] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6049] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6049] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6049] read(4, [pid 6046] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6046] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6046] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6046] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6046] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6046] exit_group(0) = ? [pid 6050] <... write resumed>) = 2097152 [pid 6046] +++ exited with 0 +++ [pid 6050] munmap(0x7f0fce600000, 138412032 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6046, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6050] <... munmap resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6050] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./37/binderfs" [pid 6050] <... openat resumed>) = 4 [pid 6050] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... unlink resumed>) = 0 [pid 5840] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6050] <... ioctl resumed>) = 0 [pid 6050] close(3) = 0 [pid 6050] close(4) = 0 [pid 6050] mkdir("./bus", 0777) = 0 [pid 6050] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6047] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6047] sched_setaffinity(0, 0, NULL [ 135.980897][ T6050] loop1: detected capacity change from 0 to 4096 [pid 5840] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6047] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6047] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5840] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6047] rename(NULL, NULL [pid 5840] <... openat resumed>) = 4 [pid 6047] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 6047] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./37/bus") = 0 [pid 6047] <... openat resumed>) = 5 [pid 5840] getdents64(3, [pid 6047] exit_group(0 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 6047] <... exit_group resumed>) = ? [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./37") = 0 [pid 5840] mkdir("./38", 0777 [pid 6047] +++ exited with 0 +++ [pid 5840] <... mkdir resumed>) = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6047, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... restart_syscall resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5842] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6050] <... mount resumed>) = 0 [pid 6050] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6050] chdir("./bus") = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... ioctl resumed>) = 0 [pid 6050] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5840] close(3 [pid 6050] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5842] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6050] memfd_create("syzkaller", 0 [pid 5842] <... openat resumed>) = 3 [pid 6050] <... memfd_create resumed>) = 4 [pid 5842] newfstatat(3, "", [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6050] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] getdents64(3, [pid 6050] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6050] <... write resumed>) = 32768 [pid 5842] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./38/binderfs", [pid 6050] munmap(0x7f0fce600000, 138412032 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6050] <... munmap resumed>) = 0 [pid 5842] unlink("./38/binderfs") = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6050] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6050] close(4) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 6050] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6050] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6050] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6050] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6050] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6050] read(4, [pid 5842] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./38/bus") = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./38") = 0 [pid 6048] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6048] sched_setaffinity(0, 0, NULL [pid 5842] mkdir("./39", 0777) = 0 [pid 6048] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6048] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5840] <... close resumed>) = 0 [pid 6048] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6048] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6048] exit_group(0) = ? [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6051 attached [pid 6048] +++ exited with 0 +++ [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6051 [pid 6051] set_robust_list(0x555579e09760, 24 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6048, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6051] <... set_robust_list resumed>) = 0 [pid 5841] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./38/binderfs") = 0 [pid 5841] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6051] chdir("./38") = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] <... close resumed>) = 0 [pid 6051] write(1, "executing program\n", 18executing program ) = 18 [pid 6051] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6051] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6052 attached ) = 3 [pid 5841] <... umount2 resumed>) = 0 [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5841] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./38/bus", [pid 6052] set_robust_list(0x555579e09760, 24 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6052] <... set_robust_list resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6052 [pid 5841] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6052] chdir("./39" [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6052] <... chdir resumed>) = 0 [pid 6052] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] newfstatat(4, "", [pid 6052] <... prctl resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6052] setpgid(0, 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6052] <... setpgid resumed>) = 0 [pid 6052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./38/bus" [pid 6052] write(3, "1000", 4 [pid 5841] <... rmdir resumed>) = 0 [pid 6052] <... write resumed>) = 4 [pid 6052] close(3) = 0 [pid 6052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] getdents64(3, executing program 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6052] write(1, "executing program\n", 18 [pid 5841] close(3 [pid 6052] <... write resumed>) = 18 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./38" [pid 6052] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5841] <... rmdir resumed>) = 0 [pid 6052] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6052] memfd_create("syzkaller", 0 [pid 5841] mkdir("./39", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6052] <... memfd_create resumed>) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6052] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 6051] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6049] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6053 attached [pid 6053] set_robust_list(0x555579e09760, 24 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6053 [pid 6053] <... set_robust_list resumed>) = 0 [pid 6053] chdir("./39") = 0 [pid 6053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6053] setpgid(0, 0) = 0 [pid 6053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6052] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6053] <... openat resumed>) = 3 [pid 6053] write(3, "1000", 4) = 4 [pid 6053] close(3) = 0 [pid 6053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6053] write(1, "executing program\n", 18 [pid 6049] sched_setaffinity(0, 0, NULLexecuting program [pid 6053] <... write resumed>) = 18 [pid 6053] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6049] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6053] memfd_create("syzkaller", 0 [pid 6049] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6049] rename(NULL, NULL [pid 6053] <... memfd_create resumed>) = 3 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6051] <... write resumed>) = 2097152 [pid 6049] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6049] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6051] munmap(0x7f0fce600000, 138412032 [pid 6049] <... openat resumed>) = 5 [pid 6049] exit_group(0 [pid 6051] <... munmap resumed>) = 0 [pid 6050] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6049] <... exit_group resumed>) = ? [pid 6049] +++ exited with 0 +++ [pid 6050] sched_setaffinity(0, 0, NULL [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6049, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 6050] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6050] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6050] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6050] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6051] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6051] ioctl(4, LOOP_SET_FD, 3 [pid 6052] <... write resumed>) = 2097152 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5838] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6052] munmap(0x7f0fce600000, 138412032 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6050] <... openat resumed>) = 5 [pid 5838] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6050] exit_group(0 [pid 5838] <... openat resumed>) = 3 [pid 6050] <... exit_group resumed>) = ? [pid 5838] newfstatat(3, "", [pid 6053] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6050] +++ exited with 0 +++ [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6050, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5838] getdents64(3, [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... restart_syscall resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6052] <... munmap resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] unlink("./38/binderfs" [pid 6051] <... ioctl resumed>) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... unlink resumed>) = 0 [pid 6052] <... openat resumed>) = 4 [pid 6051] close(3 [pid 5839] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6051] <... close resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 6051] close(4 [pid 5839] newfstatat(3, "", [pid 6052] ioctl(4, LOOP_SET_FD, 3 [pid 6051] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5839] getdents64(3, [pid 6051] mkdir("./bus", 0777 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./40/binderfs", [pid 5838] newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./40/binderfs" [pid 5838] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 136.416868][ T6051] loop2: detected capacity change from 0 to 4096 [pid 5838] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6052] <... ioctl resumed>) = 0 [pid 5838] getdents64(4, [pid 6052] close(3 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6052] <... close resumed>) = 0 [pid 5838] getdents64(4, [pid 6052] close(4) = 0 [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6052] mkdir("./bus", 0777 [pid 5838] close(4) = 0 [pid 6051] <... mkdir resumed>) = 0 [pid 6051] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 6053] <... write resumed>) = 2097152 [pid 6052] <... mkdir resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5838] rmdir("./38/bus" [pid 6053] munmap(0x7f0fce600000, 138412032 [pid 6052] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5839] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... rmdir resumed>) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./38") = 0 [pid 6053] <... munmap resumed>) = 0 [pid 5839] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [ 136.464765][ T6052] loop4: detected capacity change from 0 to 4096 [pid 5838] mkdir("./39", 0777 [pid 6053] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... mkdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./40/bus", [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5839] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] ioctl(3, LOOP_CLR_FD [pid 6053] <... openat resumed>) = 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... ioctl resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6053] ioctl(4, LOOP_SET_FD, 3 [pid 5838] close(3 [pid 6051] <... mount resumed>) = 0 [pid 6052] <... mount resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", [pid 6052] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6051] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 6051] <... openat resumed>) = 3 [pid 6051] chdir("./bus") = 0 [pid 6052] <... openat resumed>) = 3 [pid 6051] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6052] chdir("./bus") = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6051] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6052] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6051] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6051] memfd_create("syzkaller", 0 [pid 6052] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6051] <... memfd_create resumed>) = 4 [pid 6052] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6052] memfd_create("syzkaller", 0 [pid 6051] <... mmap resumed>) = 0x7f0fce600000 [pid 6053] <... ioctl resumed>) = 0 [pid 6052] <... memfd_create resumed>) = 4 [pid 6051] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6053] close(3 [pid 5839] getdents64(4, [pid 6053] <... close resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6053] close(4 [pid 5839] close(4 [pid 6053] <... close resumed>) = 0 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6051] <... write resumed>) = 32768 [pid 6053] mkdir("./bus", 0777 [pid 5839] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5839] rmdir("./40/bus" [pid 6052] <... mmap resumed>) = 0x7f0fce600000 [pid 6051] munmap(0x7f0fce600000, 138412032 [pid 6053] <... mkdir resumed>) = 0 [pid 6052] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6051] <... munmap resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6053] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 5839] getdents64(3, [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6052] <... write resumed>) = 32768 [pid 6051] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6052] munmap(0x7f0fce600000, 138412032 [pid 6051] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6054 attached [pid 6052] <... munmap resumed>) = 0 [pid 5839] close(3 [pid 6051] close(4 [pid 5839] <... close resumed>) = 0 [pid 6051] <... close resumed>) = 0 [pid 5839] rmdir("./40" [pid 6054] set_robust_list(0x555579e09760, 24 [pid 6052] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6054] <... set_robust_list resumed>) = 0 [pid 6052] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... rmdir resumed>) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6054 [pid 6054] chdir("./39" [pid 6052] close(4 [pid 6051] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5839] mkdir("./41", 0777 [pid 6052] <... close resumed>) = 0 [pid 6051] <... prlimit64 resumed>NULL) = 0 [pid 6051] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6051] sched_setaffinity(0, 0, NULL [pid 6052] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6051] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... mkdir resumed>) = 0 [pid 6052] <... prlimit64 resumed>NULL) = 0 [pid 6052] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6051] sched_setscheduler(0, SCHED_RR, NULL [pid 6052] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6051] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6052] sched_setaffinity(0, 0, NULL [pid 6051] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5839] <... openat resumed>) = 3 [pid 6054] <... chdir resumed>) = 0 [pid 6052] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6051] <... openat resumed>) = 4 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 6052] sched_setscheduler(0, SCHED_RR, NULL [pid 6054] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6052] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... ioctl resumed>) = 0 [pid 6054] <... prctl resumed>) = 0 [pid 6052] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6051] read(4, [pid 5839] close(3 [ 136.539125][ T6053] loop3: detected capacity change from 0 to 4096 [pid 6054] setpgid(0, 0) = 0 [pid 6052] <... openat resumed>) = 4 [pid 6054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6052] read(4, [pid 6054] <... openat resumed>) = 3 [pid 6054] write(3, "1000", 4) = 4 [pid 6054] close(3) = 0 [pid 6054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6054] write(1, "executing program\n", 18executing program ) = 18 [pid 6054] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6054] memfd_create("syzkaller", 0) = 3 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6055 attached [pid 6055] set_robust_list(0x555579e09760, 24 [pid 6053] <... mount resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6055 [pid 6055] <... set_robust_list resumed>) = 0 [pid 6055] chdir("./41") = 0 [pid 6053] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6053] <... openat resumed>) = 3 [pid 6055] <... prctl resumed>) = 0 [pid 6053] chdir("./bus" [pid 6055] setpgid(0, 0) = 0 [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6053] <... chdir resumed>) = 0 [pid 6055] write(3, "1000", 4 [pid 6053] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6055] <... write resumed>) = 4 [pid 6053] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6053] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6055] close(3 [pid 6054] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6053] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6055] <... close resumed>) = 0 [pid 6053] memfd_create("syzkaller", 0 [pid 6055] symlink("/dev/binderfs", "./binderfs" [pid 6053] <... memfd_create resumed>) = 4 [pid 6055] <... symlink resumed>) = 0 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 6055] write(1, "executing program\n", 18 [pid 6053] <... mmap resumed>) = 0x7f0fce600000 [pid 6055] <... write resumed>) = 18 [pid 6055] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6053] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6055] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6055] memfd_create("syzkaller", 0 [pid 6053] <... write resumed>) = 32768 [pid 6053] munmap(0x7f0fce600000, 138412032 [pid 6055] <... memfd_create resumed>) = 3 [pid 6053] <... munmap resumed>) = 0 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6053] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6055] <... mmap resumed>) = 0x7f0fce600000 [pid 6053] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6053] close(4) = 0 [pid 6054] <... write resumed>) = 2097152 [pid 6053] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6054] munmap(0x7f0fce600000, 138412032 [pid 6053] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6054] <... munmap resumed>) = 0 [pid 6053] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6053] sched_setaffinity(0, 0, NULL [pid 6055] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6054] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6053] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6054] <... openat resumed>) = 4 [pid 6053] sched_setscheduler(0, SCHED_RR, NULL [pid 6054] ioctl(4, LOOP_SET_FD, 3 [pid 6053] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6053] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6053] read(4, [pid 6054] <... ioctl resumed>) = 0 [pid 6054] close(3) = 0 [pid 6054] close(4) = 0 [ 136.823586][ T6054] loop0: detected capacity change from 0 to 4096 [pid 6054] mkdir("./bus", 0777 [pid 6052] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6052] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6052] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6054] <... mkdir resumed>) = 0 [pid 6054] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6052] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6052] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6052] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6055] <... write resumed>) = 2097152 [pid 6055] munmap(0x7f0fce600000, 138412032 [pid 6052] <... openat resumed>) = 5 [pid 6052] exit_group(0) = ? [pid 6055] <... munmap resumed>) = 0 [pid 6052] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6052, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 6055] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5842] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6055] ioctl(4, LOOP_SET_FD, 3 [pid 5842] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6055] <... ioctl resumed>) = 0 [pid 5842] getdents64(3, [pid 6055] close(3) = 0 [pid 6055] close(4 [pid 6054] <... mount resumed>) = 0 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6055] <... close resumed>) = 0 [pid 6054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] mkdir("./bus", 0777 [pid 6054] <... openat resumed>) = 3 [pid 5842] newfstatat(AT_FDCWD, "./39/binderfs", [pid 6055] <... mkdir resumed>) = 0 [pid 6054] chdir("./bus" [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6054] <... chdir resumed>) = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 136.924408][ T6055] loop1: detected capacity change from 0 to 4096 [pid 5842] unlink("./39/binderfs") = 0 [pid 6055] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6054] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5842] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6054] memfd_create("syzkaller", 0) = 4 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6054] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6054] munmap(0x7f0fce600000, 138412032) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6054] close(4) = 0 [pid 6054] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6054] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6054] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6054] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6054] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5842] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6054] <... openat resumed>) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6054] read(4, [pid 5842] newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6055] <... mount resumed>) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 6055] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5842] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6055] <... openat resumed>) = 3 [pid 5842] close(4) = 0 [pid 6055] chdir("./bus" [pid 5842] rmdir("./39/bus" [pid 6055] <... chdir resumed>) = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6055] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] <... rmdir resumed>) = 0 [pid 6055] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6055] memfd_create("syzkaller", 0 [pid 5842] getdents64(3, [pid 6055] <... memfd_create resumed>) = 4 [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] close(3 [pid 6055] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./39" [pid 6055] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] <... rmdir resumed>) = 0 [pid 6055] <... write resumed>) = 32768 [pid 5842] mkdir("./40", 0777 [pid 6055] munmap(0x7f0fce600000, 138412032) = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... mkdir resumed>) = 0 [pid 6055] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6055] close(4 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 6055] <... close resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 6055] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] close(3 [pid 6055] <... prlimit64 resumed>NULL) = 0 [pid 6055] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6055] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6055] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6055] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6055] read(4, [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6056 attached [pid 6056] set_robust_list(0x555579e09760, 24 [pid 6051] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6056 [pid 6056] <... set_robust_list resumed>) = 0 [pid 6051] sched_setaffinity(0, 0, NULL [pid 6056] chdir("./40" [pid 6051] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6056] <... chdir resumed>) = 0 [pid 6051] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6051] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6051] rename(NULL, NULL [pid 6056] <... prctl resumed>) = 0 [pid 6056] setpgid(0, 0 [pid 6051] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6056] <... setpgid resumed>) = 0 [pid 6051] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] <... openat resumed>) = 5 [pid 6056] write(3, "1000", 4 [pid 6051] exit_group(0 [pid 6056] <... write resumed>) = 4 [pid 6056] close(3 [pid 6051] <... exit_group resumed>) = ? [pid 6056] <... close resumed>) = 0 [pid 6051] +++ exited with 0 +++ [pid 6056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>executing program [pid 6056] write(1, "executing program\n", 18) = 18 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6056] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 5840] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] memfd_create("syzkaller", 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", [pid 6056] <... memfd_create resumed>) = 3 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6056] <... mmap resumed>) = 0x7f0fce600000 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./38/binderfs") = 0 [pid 5840] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5840] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./38/bus") = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./38") = 0 [pid 5840] mkdir("./39", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 6056] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6057 attached [pid 6057] set_robust_list(0x555579e09760, 24) = 0 [pid 6057] chdir("./39" [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6057 [pid 6057] <... chdir resumed>) = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6057] write(3, "1000", 4) = 4 [pid 6057] close(3) = 0 [pid 6057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6055] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6057] write(1, "executing program\n", 18executing program ) = 18 [pid 6057] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6055] sched_setaffinity(0, 0, NULL [pid 6057] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6055] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6057] memfd_create("syzkaller", 0 [pid 6055] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6057] <... memfd_create resumed>) = 3 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6055] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6055] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6055] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6055] exit_group(0) = ? [pid 6055] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6055, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5839] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] <... write resumed>) = 2097152 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./41/binderfs" [pid 6056] munmap(0x7f0fce600000, 138412032 [pid 5839] <... unlink resumed>) = 0 [pid 5839] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] <... munmap resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6056] ioctl(4, LOOP_SET_FD, 3 [pid 6057] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6056] <... ioctl resumed>) = 0 [pid 5839] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6053] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6053] sched_setaffinity(0, 0, NULL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6053] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./41/bus", [pid 6053] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6053] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6053] rename(NULL, NULL [pid 5839] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6053] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6053] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5839] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6056] close(3 [pid 6053] <... openat resumed>) = 5 [pid 5839] close(4 [pid 6056] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./41/bus" [pid 6053] exit_group(0 [pid 6056] close(4) = 0 [pid 6056] mkdir("./bus", 0777) = 0 [pid 6053] <... exit_group resumed>) = ? [pid 5839] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, [pid 6056] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./41") = 0 [pid 5839] mkdir("./42", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [ 137.619487][ T6056] loop4: detected capacity change from 0 to 4096 [pid 6053] +++ exited with 0 +++ [pid 5839] close(3 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6053, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- [pid 5841] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./39/binderfs") = 0 [pid 5841] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6057] <... write resumed>) = 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6057] munmap(0x7f0fce600000, 138412032 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 6057] <... munmap resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6056] <... mount resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 6057] <... openat resumed>) = 4 [pid 6056] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6057] ioctl(4, LOOP_SET_FD, 3 [pid 6056] chdir("./bus" [pid 5841] rmdir("./39/bus" [pid 6056] <... chdir resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] close(3 [pid 6056] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./39") = 0 [pid 5841] mkdir("./40", 0777) = 0 [pid 6056] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6056] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6056] memfd_create("syzkaller", 0 [pid 6057] <... ioctl resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6057] close(3 [pid 6056] <... memfd_create resumed>) = 4 [pid 5841] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6058 attached [pid 6057] <... close resumed>) = 0 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6058] set_robust_list(0x555579e09760, 24 [pid 6057] close(4 [pid 6056] <... mmap resumed>) = 0x7f0fce600000 [pid 6057] <... close resumed>) = 0 [pid 6056] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6057] mkdir("./bus", 0777 [pid 6056] <... write resumed>) = 32768 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6058 [pid 6057] <... mkdir resumed>) = 0 [pid 6056] munmap(0x7f0fce600000, 138412032 [pid 5841] <... ioctl resumed>) = 0 [pid 6058] <... set_robust_list resumed>) = 0 [pid 6057] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 6056] <... munmap resumed>) = 0 [pid 5841] close(3 [pid 6056] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6056] close(4) = 0 [pid 6056] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6056] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6056] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6056] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6056] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6058] chdir("./42" [pid 6056] <... openat resumed>) = 4 [pid 6058] <... chdir resumed>) = 0 [ 137.762149][ T6057] loop2: detected capacity change from 0 to 4096 [pid 6056] read(4, [pid 6058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6058] setpgid(0, 0) = 0 [pid 6058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] <... close resumed>) = 0 [pid 6058] <... openat resumed>) = 3 [pid 6058] write(3, "1000", 4) = 4 [pid 6058] close(3) = 0 [pid 6058] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6058] write(1, "executing program\n", 18) = 18 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6059 attached [pid 6058] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6059] set_robust_list(0x555579e09760, 24) = 0 [pid 6059] chdir("./40" [pid 6058] memfd_create("syzkaller", 0 [pid 6059] <... chdir resumed>) = 0 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6059] setpgid(0, 0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6059 [pid 6059] <... setpgid resumed>) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6059] write(3, "1000", 4) = 4 [pid 6059] close(3) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6057] <... mount resumed>) = 0 [pid 6058] <... memfd_create resumed>) = 3 executing program [pid 6059] write(1, "executing program\n", 18) = 18 [pid 6059] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6059] memfd_create("syzkaller", 0 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6059] <... memfd_create resumed>) = 3 [pid 6058] <... mmap resumed>) = 0x7f0fce600000 [pid 6057] <... openat resumed>) = 3 [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6057] chdir("./bus") = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6057] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6057] memfd_create("syzkaller", 0) = 4 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6057] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6057] munmap(0x7f0fce600000, 138412032) = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6057] close(4) = 0 [pid 6057] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6057] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6057] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6057] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6057] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6057] read(4, [pid 6054] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6054] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6054] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6054] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6054] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6054] exit_group(0) = ? [pid 6054] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6054, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5838] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6059] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./39/binderfs") = 0 [pid 5838] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6058] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./39/bus") = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./39") = 0 [pid 5838] mkdir("./40", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 6059] <... write resumed>) = 2097152 [pid 6059] munmap(0x7f0fce600000, 138412032) = 0 [pid 6058] <... write resumed>) = 2097152 [pid 6059] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] <... close resumed>) = 0 [pid 6059] <... openat resumed>) = 4 [pid 6059] ioctl(4, LOOP_SET_FD, 3 [pid 6058] munmap(0x7f0fce600000, 138412032) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6060 attached , child_tidptr=0x555579e09750) = 6060 [pid 6060] set_robust_list(0x555579e09760, 24 [pid 6059] <... ioctl resumed>) = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6059] close(3 [pid 6060] <... set_robust_list resumed>) = 0 [pid 6059] <... close resumed>) = 0 [pid 6058] <... openat resumed>) = 4 [pid 6059] close(4 [pid 6058] ioctl(4, LOOP_SET_FD, 3 [pid 6060] chdir("./40" [pid 6059] <... close resumed>) = 0 [pid 6060] <... chdir resumed>) = 0 [pid 6059] mkdir("./bus", 0777 [pid 6060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6060] setpgid(0, 0 [pid 6059] <... mkdir resumed>) = 0 [pid 6060] <... setpgid resumed>) = 0 [pid 6060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6059] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 6058] <... ioctl resumed>) = 0 [pid 6060] <... openat resumed>) = 3 [pid 6060] write(3, "1000", 4 [pid 6058] close(3) = 0 [pid 6060] <... write resumed>) = 4 [pid 6058] close(4 [pid 6060] close(3 [pid 6058] <... close resumed>) = 0 [pid 6060] <... close resumed>) = 0 [pid 6058] mkdir("./bus", 0777 [pid 6060] symlink("/dev/binderfs", "./binderfs" [pid 6058] <... mkdir resumed>) = 0 [pid 6058] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6060] <... symlink resumed>) = 0 [pid 6060] write(1, "executing program\n", 18executing program ) = 18 [pid 6060] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [ 138.115995][ T6059] loop3: detected capacity change from 0 to 4096 [ 138.131000][ T6058] loop1: detected capacity change from 0 to 4096 [pid 6060] memfd_create("syzkaller", 0) = 3 [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6059] <... mount resumed>) = 0 [pid 6059] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6059] chdir("./bus") = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6059] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6059] memfd_create("syzkaller", 0) = 4 [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6059] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6058] <... mount resumed>) = 0 [pid 6058] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6059] <... write resumed>) = 32768 [pid 6058] <... openat resumed>) = 3 [pid 6059] munmap(0x7f0fce600000, 138412032) = 0 [pid 6058] chdir("./bus" [pid 6059] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6059] close(4) = 0 [pid 6059] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6058] <... chdir resumed>) = 0 [pid 6057] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6058] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6059] <... prlimit64 resumed>NULL) = 0 [pid 6059] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6058] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6059] sched_setaffinity(0, 0, NULL [pid 6058] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6057] sched_setaffinity(0, 0, NULL [pid 6059] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6057] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6059] sched_setscheduler(0, SCHED_RR, NULL [pid 6057] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6058] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6059] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6058] memfd_create("syzkaller", 0 [pid 6057] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6059] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6058] <... memfd_create resumed>) = 4 [pid 6060] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6057] rename(NULL, NULL [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6059] <... openat resumed>) = 4 [pid 6058] <... mmap resumed>) = 0x7f0fce600000 [pid 6057] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6059] read(4, [pid 6057] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6058] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6057] <... openat resumed>) = 5 [pid 6058] <... write resumed>) = 32768 [pid 6058] munmap(0x7f0fce600000, 138412032) = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6057] exit_group(0 [pid 6058] close(4) = 0 [pid 6057] <... exit_group resumed>) = ? [pid 6058] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6057] +++ exited with 0 +++ [pid 6058] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6057, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [pid 6058] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6058] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6058] sched_setscheduler(0, SCHED_RR, NULL [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6058] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6058] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5840] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6058] <... openat resumed>) = 4 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 6058] read(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./39/binderfs") = 0 [pid 5840] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5840] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6056] sched_setaffinity(0, 0, NULL [pid 5840] newfstatat(AT_FDCWD, "./39/bus", [pid 6056] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6056] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 5840] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] rename(NULL, NULL [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6056] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6056] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 6056] <... openat resumed>) = 5 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6056] exit_group(0) = ? [pid 5840] getdents64(4, [pid 6060] <... write resumed>) = 2097152 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./39/bus") = 0 [pid 5840] getdents64(3, [pid 6060] munmap(0x7f0fce600000, 138412032 [pid 6056] +++ exited with 0 +++ [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5840] close(3) = 0 [pid 5840] rmdir("./39" [pid 6060] <... munmap resumed>) = 0 [pid 5842] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... rmdir resumed>) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6060] <... openat resumed>) = 4 [pid 5842] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6060] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... openat resumed>) = 3 [pid 5840] mkdir("./40", 0777 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./40/binderfs", [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./40/binderfs" [pid 5840] <... openat resumed>) = 3 [pid 5842] <... unlink resumed>) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5842] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6060] <... ioctl resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 6060] close(3) = 0 [pid 6060] close(4 [pid 5842] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6060] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6060] mkdir("./bus", 0777 [pid 5842] newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6060] <... mkdir resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 6060] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [ 138.461237][ T6060] loop0: detected capacity change from 0 to 4096 [pid 5840] <... close resumed>) = 0 [pid 5842] rmdir("./40/bus" [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6061 attached [pid 5842] <... rmdir resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6061 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6061] set_robust_list(0x555579e09760, 24 [pid 5842] close(3) = 0 [pid 6061] <... set_robust_list resumed>) = 0 [pid 5842] rmdir("./40" [pid 6061] chdir("./40" [pid 5842] <... rmdir resumed>) = 0 [pid 6061] <... chdir resumed>) = 0 [pid 6061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6061] setpgid(0, 0) = 0 [pid 6061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] mkdir("./41", 0777 [pid 6061] <... openat resumed>) = 3 [pid 5842] <... mkdir resumed>) = 0 [pid 6061] write(3, "1000", 4) = 4 [pid 6061] close(3) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 6061] write(1, "executing program\n", 18 [pid 5842] close(3executing program [pid 6061] <... write resumed>) = 18 [pid 6061] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6061] memfd_create("syzkaller", 0) = 3 [pid 6060] <... mount resumed>) = 0 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6061] <... mmap resumed>) = 0x7f0fce600000 [pid 6060] <... openat resumed>) = 3 [pid 6060] chdir("./bus") = 0 [pid 5842] <... close resumed>) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6060] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6060] memfd_create("syzkaller", 0) = 4 [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6060] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6060] munmap(0x7f0fce600000, 138412032) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6060] close(4 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6060] <... close resumed>) = 0 [pid 6060] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6060] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6060] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6060] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6060] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6060] read(4, ./strace-static-x86_64: Process 6062 attached [pid 6062] set_robust_list(0x555579e09760, 24) = 0 [pid 6062] chdir("./41") = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6062] setpgid(0, 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6062 [pid 6062] <... setpgid resumed>) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6062] write(3, "1000", 4) = 4 [pid 6062] close(3) = 0 [pid 6062] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6062] write(1, "executing program\n", 18) = 18 [pid 6062] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6062] memfd_create("syzkaller", 0) = 3 [pid 6061] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6058] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6058] sched_setaffinity(0, 0, NULL [pid 6061] <... write resumed>) = 2097152 [pid 6062] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6058] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6061] munmap(0x7f0fce600000, 138412032 [pid 6058] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6058] rename(NULL, NULL [pid 6061] <... munmap resumed>) = 0 [pid 6058] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6058] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6061] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6058] <... openat resumed>) = 5 [pid 6058] exit_group(0) = ? [pid 6061] <... openat resumed>) = 4 [pid 6061] ioctl(4, LOOP_SET_FD, 3 [pid 6058] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6058, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./42/binderfs") = 0 [pid 5839] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6061] <... ioctl resumed>) = 0 [pid 6059] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5839] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6061] close(3 [pid 6059] sched_setaffinity(0, 0, NULL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6061] <... close resumed>) = 0 [pid 6059] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./42/bus", [pid 6062] <... write resumed>) = 2097152 [pid 6061] close(4 [pid 6059] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6061] <... close resumed>) = 0 [pid 6062] munmap(0x7f0fce600000, 138412032 [pid 5839] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6062] <... munmap resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6062] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6061] mkdir("./bus", 0777 [pid 6059] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5839] <... openat resumed>) = 4 [pid 6059] rename(NULL, NULL [pid 5839] newfstatat(4, "", [pid 6062] <... openat resumed>) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6061] <... mkdir resumed>) = 0 [pid 6059] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6062] ioctl(4, LOOP_SET_FD, 3 [pid 5839] getdents64(4, [pid 6059] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6061] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./42/bus") = 0 [ 138.763604][ T6061] loop2: detected capacity change from 0 to 4096 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6059] <... openat resumed>) = 5 [pid 5839] close(3) = 0 [pid 5839] rmdir("./42" [pid 6059] exit_group(0) = ? [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./43", 0777) = 0 [pid 6059] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6059, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] newfstatat(AT_FDCWD, "./40/binderfs", [pid 5839] <... openat resumed>) = 3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5841] unlink("./40/binderfs" [pid 5839] <... ioctl resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5839] close(3 [pid 5841] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6062] <... ioctl resumed>) = 0 [pid 6062] close(3) = 0 [pid 6062] close(4) = 0 [pid 6062] mkdir("./bus", 0777) = 0 [pid 6062] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 5841] <... umount2 resumed>) = 0 [ 138.823910][ T6062] loop4: detected capacity change from 0 to 4096 [pid 6061] <... mount resumed>) = 0 [pid 5841] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6061] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6061] chdir("./bus") = 0 [pid 6061] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6061] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 5839] <... close resumed>) = 0 [pid 6061] memfd_create("syzkaller", 0 [pid 5841] newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6061] <... memfd_create resumed>) = 4 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6061] <... mmap resumed>) = 0x7f0fce600000 [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 6063 attached [pid 6062] <... mount resumed>) = 0 [pid 6061] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5841] getdents64(4, [pid 6063] set_robust_list(0x555579e09760, 24 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6063 [pid 6063] <... set_robust_list resumed>) = 0 [pid 6062] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6061] <... write resumed>) = 32768 [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6063] chdir("./43" [pid 6062] <... openat resumed>) = 3 [pid 6061] munmap(0x7f0fce600000, 138412032 [pid 5841] close(4) = 0 [pid 5841] rmdir("./40/bus" [pid 6063] <... chdir resumed>) = 0 [pid 6062] chdir("./bus" [pid 6061] <... munmap resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 6062] <... chdir resumed>) = 0 [pid 6061] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6062] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6061] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] getdents64(3, [pid 6063] <... prctl resumed>) = 0 [pid 6062] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6061] close(4 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6063] setpgid(0, 0 [pid 6062] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6061] <... close resumed>) = 0 [pid 5841] close(3 [pid 6063] <... setpgid resumed>) = 0 [pid 6062] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6061] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5841] <... close resumed>) = 0 [pid 6062] memfd_create("syzkaller", 0 [pid 6061] <... prlimit64 resumed>NULL) = 0 [pid 5841] rmdir("./40" [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6062] <... memfd_create resumed>) = 4 [pid 6061] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5841] <... rmdir resumed>) = 0 [pid 6061] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6061] sched_setaffinity(0, 0, NULL [pid 5841] mkdir("./41", 0777 [pid 6061] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6063] <... openat resumed>) = 3 [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6061] sched_setscheduler(0, SCHED_RR, NULL [pid 5841] <... mkdir resumed>) = 0 [pid 6063] write(3, "1000", 4 [pid 6062] <... mmap resumed>) = 0x7f0fce600000 [pid 6061] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6063] <... write resumed>) = 4 [pid 6063] close(3 [pid 6061] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6061] <... openat resumed>) = 4 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6063] <... close resumed>) = 0 [pid 6062] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6061] read(4, [pid 5841] <... ioctl resumed>) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs" [pid 6062] <... write resumed>) = 32768 [pid 5841] close(3 [pid 6063] <... symlink resumed>) = 0 [pid 6062] munmap(0x7f0fce600000, 138412032executing program [pid 6063] write(1, "executing program\n", 18 [pid 6062] <... munmap resumed>) = 0 [pid 6063] <... write resumed>) = 18 [pid 6062] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6063] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6062] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6063] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6062] close(4 [pid 6063] memfd_create("syzkaller", 0 [pid 6062] <... close resumed>) = 0 [pid 6062] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6062] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6062] sched_setaffinity(0, 0, NULL [pid 6063] <... memfd_create resumed>) = 3 [pid 6062] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6062] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6062] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6063] <... mmap resumed>) = 0x7f0fce600000 [pid 6062] <... openat resumed>) = 4 [pid 6062] read(4, [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6064 attached [pid 6064] set_robust_list(0x555579e09760, 24 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6064 [pid 6064] <... set_robust_list resumed>) = 0 [pid 6064] chdir("./41") = 0 [pid 6064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6064] setpgid(0, 0) = 0 [pid 6064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6064] write(3, "1000", 4 [pid 6060] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6064] <... write resumed>) = 4 [pid 6060] sched_setaffinity(0, 0, NULL [pid 6064] close(3) = 0 [pid 6064] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6064] write(1, "executing program\n", 18) = 18 [pid 6064] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6064] memfd_create("syzkaller", 0 [pid 6063] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6060] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6064] <... memfd_create resumed>) = 3 [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6060] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6060] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6060] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6060] exit_group(0) = ? [pid 6060] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6060, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6064] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6063] <... write resumed>) = 2097152 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6063] munmap(0x7f0fce600000, 138412032 [pid 5838] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6063] <... munmap resumed>) = 0 [pid 5838] <... openat resumed>) = 3 [pid 6063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6063] <... openat resumed>) = 4 [pid 5838] getdents64(3, [pid 6063] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5838] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./40/binderfs") = 0 [pid 5838] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6063] <... ioctl resumed>) = 0 [pid 5838] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6063] close(3 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6063] <... close resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./40/bus", [pid 6063] close(4 [pid 6064] <... write resumed>) = 2097152 [pid 6063] <... close resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6063] mkdir("./bus", 0777 [pid 5838] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6063] <... mkdir resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6063] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 5838] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./40/bus" [pid 6064] munmap(0x7f0fce600000, 138412032 [pid 5838] <... rmdir resumed>) = 0 [pid 6064] <... munmap resumed>) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./40") = 0 [ 139.202012][ T6063] loop1: detected capacity change from 0 to 4096 [pid 5838] mkdir("./41", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 6064] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] <... close resumed>) = 0 [pid 6064] <... openat resumed>) = 4 [pid 6064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] <... mount resumed>) = 0 [pid 6063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./bus") = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6064] close(3 [pid 6063] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6063] socketpair(AF_TIPC, SOCK_STREAM, 0, ./strace-static-x86_64: Process 6065 attached [pid 6064] <... close resumed>) = 0 [pid 6063] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6065] set_robust_list(0x555579e09760, 24 [pid 6064] close(4 [pid 6063] memfd_create("syzkaller", 0 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6065 [pid 6065] <... set_robust_list resumed>) = 0 [pid 6064] <... close resumed>) = 0 [pid 6065] chdir("./41" [pid 6063] <... memfd_create resumed>) = 4 [pid 6062] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6065] <... chdir resumed>) = 0 [pid 6064] mkdir("./bus", 0777 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6062] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6062] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6062] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6064] <... mkdir resumed>) = 0 [pid 6062] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [ 139.320374][ T6064] loop3: detected capacity change from 0 to 4096 [pid 6063] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6064] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 6063] <... write resumed>) = 32768 [pid 6065] <... prctl resumed>) = 0 [pid 6065] setpgid(0, 0 [pid 6063] munmap(0x7f0fce600000, 138412032 [pid 6065] <... setpgid resumed>) = 0 [pid 6063] <... munmap resumed>) = 0 [pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6062] <... openat resumed>) = 5 [pid 6063] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6062] exit_group(0 [pid 6065] <... openat resumed>) = 3 [pid 6062] <... exit_group resumed>) = ? [pid 6063] close(4 [pid 6065] write(3, "1000", 4 [pid 6063] <... close resumed>) = 0 [pid 6063] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6065] <... write resumed>) = 4 [pid 6063] <... prlimit64 resumed>NULL) = 0 [pid 6065] close(3 [pid 6063] sched_setscheduler(0, SCHED_FIFO, NULL [pid 6065] <... close resumed>) = 0 [pid 6063] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6065] symlink("/dev/binderfs", "./binderfs" [pid 6063] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6062] +++ exited with 0 +++ executing program [pid 6065] <... symlink resumed>) = 0 [pid 6064] <... mount resumed>) = 0 [pid 6063] sched_setscheduler(0, SCHED_RR, NULL [pid 6065] write(1, "executing program\n", 18 [pid 6064] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6063] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 6065] <... write resumed>) = 18 [pid 6063] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6065] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6064] <... openat resumed>) = 3 [pid 6063] <... openat resumed>) = 4 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6065] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6064] chdir("./bus" [pid 6063] read(4, [pid 6065] memfd_create("syzkaller", 0 [pid 6064] <... chdir resumed>) = 0 [pid 5842] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6064] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6065] <... memfd_create resumed>) = 3 [pid 6064] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6064] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5842] <... openat resumed>) = 3 [pid 5842] newfstatat(3, "", [pid 6064] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6064] memfd_create("syzkaller", 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6064] <... memfd_create resumed>) = 4 [pid 5842] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6065] <... mmap resumed>) = 0x7f0fce600000 [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./41/binderfs", [pid 6064] <... mmap resumed>) = 0x7f0fce600000 [pid 6064] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6064] <... write resumed>) = 32768 [pid 5842] unlink("./41/binderfs") = 0 [pid 6064] munmap(0x7f0fce600000, 138412032 [pid 5842] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6064] <... munmap resumed>) = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6064] close(4 [pid 5842] <... umount2 resumed>) = 0 [pid 6064] <... close resumed>) = 0 [pid 5842] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6064] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6064] <... prlimit64 resumed>NULL) = 0 [pid 5842] newfstatat(AT_FDCWD, "./41/bus", [pid 6064] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6065] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6064] sched_setaffinity(0, 0, NULL [pid 5842] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6064] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6064] sched_setscheduler(0, SCHED_RR, NULL [pid 5842] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6064] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... openat resumed>) = 4 [pid 6064] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5842] newfstatat(4, "", [pid 6064] <... openat resumed>) = 4 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6064] read(4, [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./41/bus") = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 6061] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] <... close resumed>) = 0 [pid 6061] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5842] rmdir("./41" [pid 6061] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5842] <... rmdir resumed>) = 0 [pid 6061] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6061] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6061] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5842] mkdir("./42", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6061] <... openat resumed>) = 5 [pid 6061] exit_group(0) = ? [pid 6061] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6061, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 6065] <... write resumed>) = 2097152 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6065] munmap(0x7f0fce600000, 138412032 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6065] <... munmap resumed>) = 0 [pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... openat resumed>) = 3 [pid 6065] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6066 attached [pid 6065] ioctl(4, LOOP_SET_FD, 3 [pid 5840] newfstatat(3, "", [pid 6066] set_robust_list(0x555579e09760, 24) = 0 [pid 6065] <... ioctl resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6066 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6066] chdir("./42" [pid 6065] close(3 [pid 6066] <... chdir resumed>) = 0 [pid 6065] <... close resumed>) = 0 [pid 5840] getdents64(3, [pid 6066] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6065] close(4 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6066] <... prctl resumed>) = 0 [pid 6065] <... close resumed>) = 0 [pid 6065] mkdir("./bus", 0777 [pid 6066] setpgid(0, 0) = 0 [pid 6065] <... mkdir resumed>) = 0 [pid 5840] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6065] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./40/binderfs", [pid 6066] <... openat resumed>) = 3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6066] write(3, "1000", 4 [pid 5840] unlink("./40/binderfs" [pid 6066] <... write resumed>) = 4 [pid 6066] close(3 [pid 5840] <... unlink resumed>) = 0 [ 139.620850][ T6065] loop0: detected capacity change from 0 to 4096 [pid 6066] <... close resumed>) = 0 [pid 6065] <... mount resumed>) = 0 [pid 5840] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6065] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6066] write(1, "executing program\n", 18 executing program [pid 6065] chdir("./bus" [pid 6066] <... write resumed>) = 18 [pid 6065] <... chdir resumed>) = 0 [pid 6066] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6066] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6065] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6066] memfd_create("syzkaller", 0 [pid 6065] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6065] memfd_create("syzkaller", 0 [pid 5840] <... umount2 resumed>) = 0 [pid 6065] <... memfd_create resumed>) = 4 [pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6065] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6066] <... memfd_create resumed>) = 3 [pid 6066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6065] <... write resumed>) = 32768 [pid 6066] <... mmap resumed>) = 0x7f0fce600000 [pid 6063] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6065] munmap(0x7f0fce600000, 138412032) = 0 [pid 6063] sched_setaffinity(0, 0, NULL [pid 5840] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6063] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6063] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6063] rename(NULL, NULL [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6063] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] newfstatat(AT_FDCWD, "./40/bus", [pid 6065] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6063] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6065] close(4 [pid 5840] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6065] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6065] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 5840] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6065] <... prlimit64 resumed>NULL) = 0 [pid 6063] <... openat resumed>) = 5 [pid 5840] <... openat resumed>) = 4 [pid 6065] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6065] sched_setaffinity(0, 0, NULL [pid 5840] newfstatat(4, "", [pid 6065] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6065] sched_setscheduler(0, SCHED_RR, NULL [pid 6063] exit_group(0 [pid 5840] getdents64(4, [pid 6065] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6063] <... exit_group resumed>) = ? [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6065] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5840] getdents64(4, [pid 6065] <... openat resumed>) = 4 [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 6065] read(4, [pid 6063] +++ exited with 0 +++ [pid 5840] rmdir("./40/bus") = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5840] getdents64(3, [pid 5839] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] close(3 [pid 5839] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... close resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5840] rmdir("./40" [pid 5839] newfstatat(3, "", [pid 5840] <... rmdir resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5839] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] mkdir("./41", 0777 [pid 5839] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5840] <... mkdir resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./43/binderfs") = 0 [pid 5839] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5839] <... umount2 resumed>) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 6066] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./43/bus") = 0 [pid 5839] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./43") = 0 [pid 5839] mkdir("./44", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6067 attached [pid 6067] set_robust_list(0x555579e09760, 24) = 0 [pid 6067] chdir("./41" [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6067 [pid 6067] <... chdir resumed>) = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6067] setpgid(0, 0) = 0 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6067] write(3, "1000", 4) = 4 [pid 6067] close(3) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6066] <... write resumed>) = 2097152 [pid 6067] write(1, "executing program\n", 18executing program ) = 18 [pid 6067] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6066] munmap(0x7f0fce600000, 138412032 [pid 6067] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6067] memfd_create("syzkaller", 0 [pid 6066] <... munmap resumed>) = 0 [pid 6067] <... memfd_create resumed>) = 3 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6067] <... mmap resumed>) = 0x7f0fce600000 [pid 6066] <... openat resumed>) = 4 [pid 6066] ioctl(4, LOOP_SET_FD, 3 [pid 5839] <... close resumed>) = 0 [pid 6066] <... ioctl resumed>) = 0 [pid 6066] close(3) = 0 [pid 6066] close(4) = 0 [pid 6066] mkdir("./bus", 0777 [ 139.951175][ T6066] loop4: detected capacity change from 0 to 4096 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6068 attached , child_tidptr=0x555579e09750) = 6068 [pid 6068] set_robust_list(0x555579e09760, 24) = 0 [pid 6066] <... mkdir resumed>) = 0 [pid 6068] chdir("./44" [pid 6066] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 6068] <... chdir resumed>) = 0 [pid 6068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6068] setpgid(0, 0) = 0 [pid 6067] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6068] write(3, "1000", 4) = 4 [pid 6068] close(3) = 0 [pid 6068] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6068] write(1, "executing program\n", 18) = 18 [pid 6068] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6068] memfd_create("syzkaller", 0) = 3 [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6067] <... write resumed>) = 2097152 [pid 6067] munmap(0x7f0fce600000, 138412032 [pid 6066] <... mount resumed>) = 0 [pid 6067] <... munmap resumed>) = 0 [pid 6066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6066] <... openat resumed>) = 3 [pid 6067] <... openat resumed>) = 4 [pid 6066] chdir("./bus" [pid 6067] ioctl(4, LOOP_SET_FD, 3 [pid 6066] <... chdir resumed>) = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6068] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6067] <... ioctl resumed>) = 0 [pid 6066] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6067] close(3 [pid 6066] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6067] <... close resumed>) = 0 [pid 6066] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6067] close(4 [pid 6066] memfd_create("syzkaller", 0 [pid 6067] <... close resumed>) = 0 [pid 6066] <... memfd_create resumed>) = 4 [pid 6066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6066] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6066] munmap(0x7f0fce600000, 138412032) = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6066] close(4) = 0 [ 140.182699][ T6067] loop2: detected capacity change from 0 to 4096 [pid 6067] mkdir("./bus", 0777) = 0 [pid 6066] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6068] <... write resumed>) = 2097152 [pid 6067] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 6066] <... prlimit64 resumed>NULL) = 0 [pid 6066] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6066] sched_setaffinity(0, 0, NULL [pid 6068] munmap(0x7f0fce600000, 138412032 [pid 6066] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6066] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6066] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6066] read(4, [pid 6068] <... munmap resumed>) = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6068] close(3) = 0 [pid 6068] close(4) = 0 [pid 6068] mkdir("./bus", 0777) = 0 [pid 6068] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6067] <... mount resumed>) = 0 [ 140.281582][ T6068] loop1: detected capacity change from 0 to 4096 [pid 6067] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6067] chdir("./bus") = 0 [pid 6064] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6064] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6064] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 6067] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6064] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 6067] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6064] rename(NULL, NULL [pid 6067] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 6064] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6067] memfd_create("syzkaller", 0 [pid 6064] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6067] <... memfd_create resumed>) = 4 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6067] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6064] <... openat resumed>) = 5 [pid 6067] <... write resumed>) = 32768 [pid 6064] exit_group(0 [pid 6065] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6067] munmap(0x7f0fce600000, 138412032 [pid 6064] <... exit_group resumed>) = ? [pid 6067] <... munmap resumed>) = 0 [pid 6065] sched_setaffinity(0, 0, NULL [pid 6067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6065] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6067] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6065] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6065] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6065] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6067] close(4) = 0 [pid 6067] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6067] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6067] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6067] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6067] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6067] read(4, [pid 6065] <... openat resumed>) = 5 [pid 6065] exit_group(0 [pid 6064] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6064, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6065] <... exit_group resumed>) = ? [pid 5841] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6065] +++ exited with 0 +++ [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6068] <... mount resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5841] <... openat resumed>) = 3 [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6068] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./41/binderfs" [pid 5838] <... restart_syscall resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5838] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6068] <... openat resumed>) = 3 [pid 5838] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6068] chdir("./bus" [pid 5838] <... openat resumed>) = 3 [pid 6068] <... chdir resumed>) = 0 [pid 5838] newfstatat(3, "", [pid 6068] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6068] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] getdents64(3, [pid 6068] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6068] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5838] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] memfd_create("syzkaller", 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./41/binderfs", [pid 6068] <... memfd_create resumed>) = 4 [pid 5841] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] unlink("./41/binderfs" [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6068] <... mmap resumed>) = 0x7f0fce600000 [pid 6068] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5838] <... unlink resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./41/bus", [pid 5838] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6068] munmap(0x7f0fce600000, 138412032) = 0 [pid 5841] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6068] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6068] close(4) = 0 [pid 6068] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6068] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6068] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6068] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6068] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6068] read(4, [pid 5841] <... openat resumed>) = 4 [pid 5838] <... umount2 resumed>) = 0 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(4, [pid 5838] newfstatat(AT_FDCWD, "./41/bus", [pid 5841] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] close(4) = 0 [pid 5838] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] rmdir("./41/bus" [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... rmdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, [pid 5841] getdents64(3, [pid 5838] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4 [pid 5841] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./41/bus" [pid 5841] close(3) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5841] rmdir("./41" [pid 5838] getdents64(3, [pid 5841] <... rmdir resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3 [pid 5841] mkdir("./42", 0777 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./41") = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5838] mkdir("./42", 0777 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] <... mkdir resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5841] <... ioctl resumed>) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5841] close(3 [pid 5838] <... ioctl resumed>) = 0 [pid 5838] close(3 [pid 5841] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6069 attached [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6069 ./strace-static-x86_64: Process 6070 attached [pid 6069] set_robust_list(0x555579e09760, 24 [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6070 [pid 6069] <... set_robust_list resumed>) = 0 [pid 6069] chdir("./42" [pid 6070] set_robust_list(0x555579e09760, 24 [pid 6069] <... chdir resumed>) = 0 [pid 6066] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6066] sched_setaffinity(0, 0, NULL [pid 6070] <... set_robust_list resumed>) = 0 [pid 6069] setpgid(0, 0 [pid 6066] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6070] chdir("./42" [pid 6069] <... setpgid resumed>) = 0 [pid 6066] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6066] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6070] <... chdir resumed>) = 0 [pid 6069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6066] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6070] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6069] <... openat resumed>) = 3 [pid 6066] <... openat resumed>) = 5 [pid 6070] <... prctl resumed>) = 0 [pid 6069] write(3, "1000", 4 [pid 6066] exit_group(0 [pid 6070] setpgid(0, 0 [pid 6069] <... write resumed>) = 4 [pid 6066] <... exit_group resumed>) = ? [pid 6069] close(3 [pid 6070] <... setpgid resumed>) = 0 [pid 6069] <... close resumed>) = 0 [pid 6070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6069] symlink("/dev/binderfs", "./binderfs" [pid 6066] +++ exited with 0 +++ [pid 6069] <... symlink resumed>) = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6066, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6070] <... openat resumed>) = 3 [pid 6070] write(3, "1000", 4 [pid 6069] write(1, "executing program\n", 18executing program [pid 6070] <... write resumed>) = 4 [pid 6069] <... write resumed>) = 18 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6070] close(3 [pid 6069] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6070] <... close resumed>) = 0 [pid 6069] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 6070] symlink("/dev/binderfs", "./binderfs" [pid 6069] memfd_create("syzkaller", 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6070] <... symlink resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./42/binderfs", [pid 6070] write(1, "executing program\n", 18 [pid 6069] <... memfd_create resumed>) = 3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6070] <... write resumed>) = 18 [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] unlink("./42/binderfs" [pid 6070] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6069] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] <... unlink resumed>) = 0 [pid 6070] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6070] memfd_create("syzkaller", 0 [pid 5842] <... umount2 resumed>) = 0 [pid 6070] <... memfd_create resumed>) = 3 [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 5842] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./42/bus") = 0 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./42") = 0 [pid 6069] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6067] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5842] mkdir("./43", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 6067] sched_setaffinity(0, 0, NULL [pid 5842] close(3 [pid 6067] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6067] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6067] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6067] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 6067] exit_group(0 [pid 6070] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6067] <... exit_group resumed>) = ? [pid 6067] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6067, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5842] <... close resumed>) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", [pid 6068] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./41/binderfs") = 0 [pid 5840] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] sched_setaffinity(0, 0, NULL [pid 5840] <... umount2 resumed>) = 0 [pid 6068] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6068] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5840] newfstatat(AT_FDCWD, "./41/bus", [pid 6068] rename(NULL, NULL [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6068] <... rename resumed>) = -1 EFAULT (Bad address) [pid 5840] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", [pid 6069] <... write resumed>) = 2097152 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6069] munmap(0x7f0fce600000, 138412032 [pid 5840] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./41/bus") = 0 [pid 5840] getdents64(3, [pid 6068] <... openat resumed>) = 5 [pid 5840] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6068] exit_group(0) = ? [pid 5840] close(3 [pid 6068] +++ exited with 0 +++ [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./41") = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6070] <... write resumed>) = 2097152 [pid 6069] <... munmap resumed>) = 0 [pid 5840] mkdir("./42", 0777./strace-static-x86_64: Process 6071 attached [pid 6070] munmap(0x7f0fce600000, 138412032 [pid 6069] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6068, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6071] set_robust_list(0x555579e09760, 24 [pid 6069] <... openat resumed>) = 4 [pid 5839] <... restart_syscall resumed>) = 0 [pid 6071] <... set_robust_list resumed>) = 0 [pid 6069] ioctl(4, LOOP_SET_FD, 3 [pid 6071] chdir("./43" [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6071 [pid 5840] <... mkdir resumed>) = 0 [pid 6071] <... chdir resumed>) = 0 [pid 6070] <... munmap resumed>) = 0 [pid 6071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6069] <... ioctl resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6071] <... prctl resumed>) = 0 [pid 6070] <... openat resumed>) = 4 [pid 6069] close(3 [pid 5840] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6071] setpgid(0, 0 [pid 6070] ioctl(4, LOOP_SET_FD, 3 [pid 6069] <... close resumed>) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6071] <... setpgid resumed>) = 0 [pid 6069] close(4 [pid 5840] <... ioctl resumed>) = 0 [pid 6071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] close(3 [pid 5839] <... openat resumed>) = 3 [pid 6071] <... openat resumed>) = 3 [pid 6071] write(3, "1000", 4 [pid 6069] <... close resumed>) = 0 [pid 6069] mkdir("./bus", 0777) = 0 [pid 6069] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 6071] <... write resumed>) = 4 [pid 6070] <... ioctl resumed>) = 0 [pid 5839] newfstatat(3, "", [pid 6071] close(3 [pid 6070] close(3 [pid 6071] <... close resumed>) = 0 [pid 6070] <... close resumed>) = 0 [pid 6071] symlink("/dev/binderfs", "./binderfs" [pid 6070] close(4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6071] <... symlink resumed>) = 0 [pid 6070] <... close resumed>) = 0 executing program [pid 6071] write(1, "executing program\n", 18 [pid 6070] mkdir("./bus", 0777 [pid 5839] getdents64(3, [pid 6071] <... write resumed>) = 18 [pid 6071] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6070] <... mkdir resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6071] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6070] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 5839] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6071] memfd_create("syzkaller", 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6071] <... memfd_create resumed>) = 3 [pid 5839] newfstatat(AT_FDCWD, "./44/binderfs", [pid 6071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./44/binderfs" [pid 6071] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] <... unlink resumed>) = 0 [pid 5839] umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... close resumed>) = 0 [pid 6069] <... mount resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [ 140.836107][ T6069] loop3: detected capacity change from 0 to 4096 [ 140.860868][ T6070] loop0: detected capacity change from 0 to 4096 [pid 6069] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6072 attached [pid 6069] <... openat resumed>) = 3 [pid 6069] chdir("./bus" [pid 6072] set_robust_list(0x555579e09760, 24 [pid 5839] umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6072] <... set_robust_list resumed>) = 0 [pid 6072] chdir("./42" [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6072 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6072] <... chdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./44/bus", [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6069] <... chdir resumed>) = 0 [pid 6072] <... prctl resumed>) = 0 [pid 6069] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6072] setpgid(0, 0 [pid 6069] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6072] <... setpgid resumed>) = 0 [pid 6069] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 5839] umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6069] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6072] <... openat resumed>) = 3 [pid 6069] memfd_create("syzkaller", 0 [pid 5839] openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6072] write(3, "1000", 4 [pid 6069] <... memfd_create resumed>) = 4 [pid 6072] <... write resumed>) = 4 [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6072] close(3 [pid 6069] <... mmap resumed>) = 0x7f0fce600000 [pid 6072] <... close resumed>) = 0 [pid 6069] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6072] symlink("/dev/binderfs", "./binderfs" [pid 6069] <... write resumed>) = 32768 [pid 6072] <... symlink resumed>) = 0 [pid 6069] munmap(0x7f0fce600000, 138412032) = 0 [pid 5839] <... openat resumed>) = 4 executing program [pid 6072] write(1, "executing program\n", 18 [pid 6069] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6072] <... write resumed>) = 18 [pid 6072] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6069] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] getdents64(4, [pid 6072] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6069] close(4 [pid 6072] memfd_create("syzkaller", 0 [pid 6069] <... close resumed>) = 0 [pid 6071] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 6069] prlimit64(0, RLIMIT_RTPRIO, NULL, [pid 6072] <... memfd_create resumed>) = 3 [pid 6069] <... prlimit64 resumed>NULL) = 0 [pid 5839] getdents64(4, [pid 6072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6070] <... mount resumed>) = 0 [pid 6069] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5839] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6072] <... mmap resumed>) = 0x7f0fce600000 [pid 6069] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6070] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6069] sched_setaffinity(0, 0, NULL [pid 5839] close(4) = 0 [pid 6070] <... openat resumed>) = 3 [pid 6069] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6070] chdir("./bus" [pid 5839] rmdir("./44/bus" [pid 6070] <... chdir resumed>) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6069] sched_setscheduler(0, SCHED_RR, NULL [pid 6070] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6069] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 6070] socketpair(AF_TIPC, SOCK_STREAM, 0, [pid 6069] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 5839] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, [pid 6070] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5839] <... getdents64 resumed>0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6070] memfd_create("syzkaller", 0 [pid 6069] <... openat resumed>) = 4 [pid 5839] close(3 [pid 6070] <... memfd_create resumed>) = 4 [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6069] read(4, [pid 5839] <... close resumed>) = 0 [pid 6070] <... mmap resumed>) = 0x7f0fce600000 [pid 5839] rmdir("./44" [pid 6070] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./45", 0777 [pid 6070] <... write resumed>) = 32768 [pid 5839] <... mkdir resumed>) = 0 [pid 6070] munmap(0x7f0fce600000, 138412032 [pid 5839] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6070] <... munmap resumed>) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6070] close(4) = 0 [pid 6070] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6070] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6070] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6071] <... write resumed>) = 2097152 [pid 6070] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6070] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6070] read(4, [pid 6072] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6071] munmap(0x7f0fce600000, 138412032 [pid 5839] <... close resumed>) = 0 [pid 6071] <... munmap resumed>) = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6071] ioctl(4, LOOP_SET_FD, 3) = 0 ./strace-static-x86_64: Process 6073 attached [pid 6073] set_robust_list(0x555579e09760, 24) = 0 [pid 6073] chdir("./45") = 0 [pid 6071] close(3 [pid 5839] <... clone resumed>, child_tidptr=0x555579e09750) = 6073 [pid 6073] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6071] <... close resumed>) = 0 [pid 6073] <... prctl resumed>) = 0 [pid 6071] close(4 [pid 6073] setpgid(0, 0) = 0 [pid 6073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6072] <... write resumed>) = 2097152 [pid 6071] <... close resumed>) = 0 [pid 6073] <... openat resumed>) = 3 [pid 6071] mkdir("./bus", 0777 [pid 6072] munmap(0x7f0fce600000, 138412032 [pid 6073] write(3, "1000", 4 [pid 6071] <... mkdir resumed>) = 0 [pid 6073] <... write resumed>) = 4 [pid 6073] close(3) = 0 [pid 6071] mount("/dev/loop4", "./bus", "ntfs3", 0, "" [pid 6073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6072] <... munmap resumed>) = 0 [pid 6073] write(1, "executing program\n", 18executing program ) = 18 [ 141.089838][ T6071] loop4: detected capacity change from 0 to 4096 [pid 6073] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6072] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6073] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6072] <... openat resumed>) = 4 [pid 6072] ioctl(4, LOOP_SET_FD, 3 [pid 6073] memfd_create("syzkaller", 0) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6072] <... ioctl resumed>) = 0 [pid 6071] <... mount resumed>) = 0 [pid 6072] close(3) = 0 [pid 6072] close(4) = 0 [pid 6072] mkdir("./bus", 0777) = 0 [pid 6072] mount("/dev/loop2", "./bus", "ntfs3", 0, "" [pid 6071] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6071] chdir("./bus") = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6071] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6071] memfd_create("syzkaller", 0) = 4 [pid 6071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6071] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [ 141.154021][ T6072] loop2: detected capacity change from 0 to 4096 [pid 6071] munmap(0x7f0fce600000, 138412032) = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6073] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6071] close(4) = 0 [pid 6071] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6071] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6071] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6071] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6071] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY [pid 6072] <... mount resumed>) = 0 [pid 6071] <... openat resumed>) = 4 [pid 6071] read(4, [pid 6072] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6072] chdir("./bus") = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6072] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6072] memfd_create("syzkaller", 0) = 4 [pid 6072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6072] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6072] munmap(0x7f0fce600000, 138412032) = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6072] close(4) = 0 [pid 6072] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 6072] sched_setscheduler(0, SCHED_FIFO, NULL) = -1 EINVAL (Invalid argument) [pid 6072] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6072] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 6072] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 6072] read(4, [pid 6073] <... write resumed>) = 2097152 [pid 6073] munmap(0x7f0fce600000, 138412032 [pid 6069] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 6073] <... munmap resumed>) = 0 [pid 6069] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 6069] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6069] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6069] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6073] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6069] <... openat resumed>) = 5 [pid 6073] <... openat resumed>) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3 [pid 6069] exit_group(0) = ? [pid 6069] +++ exited with 0 +++ [pid 6073] <... ioctl resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6069, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 6073] close(3 [pid 5841] <... restart_syscall resumed>) = 0 [pid 6073] <... close resumed>) = 0 [pid 6073] close(4) = 0 [pid 6070] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5841] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] mkdir("./bus", 0777 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6070] sched_setaffinity(0, 0, NULL [pid 6073] <... mkdir resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 6073] mount("/dev/loop1", "./bus", "ntfs3", 0, "" [pid 6070] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 6070] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6070] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6070] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6070] exit_group(0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 6070] <... exit_group resumed>) = ? [ 141.339943][ T6073] loop1: detected capacity change from 0 to 4096 [pid 6073] <... mount resumed>) = 0 [pid 6070] +++ exited with 0 +++ [pid 5841] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6070, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 6073] <... openat resumed>) = 3 [pid 5841] newfstatat(AT_FDCWD, "./42/binderfs", [pid 6073] chdir("./bus" [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6073] <... chdir resumed>) = 0 [pid 5841] unlink("./42/binderfs" [pid 6073] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6073] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6073] memfd_create("syzkaller", 0 [pid 5841] <... unlink resumed>) = 0 [pid 6073] <... memfd_create resumed>) = 4 [pid 5841] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6073] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 5838] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] <... write resumed>) = 32768 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... umount2 resumed>) = 0 [pid 5838] <... openat resumed>) = 3 [pid 6073] munmap(0x7f0fce600000, 138412032 [pid 5841] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] newfstatat(3, "", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] newfstatat(AT_FDCWD, "./42/bus", [pid 5838] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] newfstatat(AT_FDCWD, "./42/binderfs", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] unlink("./42/binderfs" [pid 5841] <... openat resumed>) = 4 [pid 5838] <... unlink resumed>) = 0 [pid 5841] newfstatat(4, "", [pid 5838] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./42/bus") = 0 [pid 5841] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6073] <... munmap resumed>) = 0 [pid 5841] close(3) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] rmdir("./42") = 0 [pid 5841] mkdir("./43", 0777 [pid 6073] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 6073] close(4 [pid 5841] close(3 [pid 6073] <... close resumed>) = 0 [pid 6073] prlimit64(0, RLIMIT_RTPRIO, NULL, NULL) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 6073] sched_setscheduler(0, SCHED_FIFO, NULL [pid 5838] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] <... sched_setscheduler resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6073] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6073] sched_setscheduler(0, SCHED_RR, NULL) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6073] openat(AT_FDCWD, "/dev/cpu/0/msr", O_RDONLY) = 4 [pid 5838] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6073] read(4, [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./42/bus" [pid 6072] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5838] <... rmdir resumed>) = 0 [pid 5838] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 6072] sched_setaffinity(0, 0, NULL) = -1 EINVAL (Invalid argument) [pid 5841] <... close resumed>) = 0 [pid 5838] rmdir("./42" [pid 6072] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY) = -1 EBADF (Bad file descriptor) [pid 6072] rename(NULL, NULL [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... rmdir resumed>) = 0 [pid 6072] <... rename resumed>) = -1 EFAULT (Bad address) [pid 6072] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 5838] mkdir("./43", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6074 attached [pid 6072] <... openat resumed>) = 5 [pid 5838] <... openat resumed>) = 3 [pid 6074] set_robust_list(0x555579e09760, 24 [pid 6072] exit_group(0 [pid 5841] <... clone resumed>, child_tidptr=0x555579e09750) = 6074 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 6074] <... set_robust_list resumed>) = 0 [pid 6072] <... exit_group resumed>) = ? [pid 6074] chdir("./43" [pid 5838] close(3 [pid 6074] <... chdir resumed>) = 0 [pid 6074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6074] setpgid(0, 0) = 0 [pid 6074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6072] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6074] write(3, "1000", 4) = 4 [pid 6074] close(3) = 0 [pid 6074] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6074] write(1, "executing program\n", 18) = 18 [pid 6074] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16) = -1 EBADF (Bad file descriptor) [pid 6071] <... read resumed>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 102392) = 102392 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5840] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6074] memfd_create("syzkaller", 0 [pid 5840] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./42/binderfs") = 0 [pid 6074] <... memfd_create resumed>) = 3 [pid 6071] sched_setaffinity(0, 0, NULL [pid 5838] <... close resumed>) = 0 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6071] <... sched_setaffinity resumed>) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6074] <... mmap resumed>) = 0x7f0fce600000 [pid 6071] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_BATCH|MSG_ZEROCOPY./strace-static-x86_64: Process 6075 attached ) = -1 EBADF (Bad file descriptor) [pid 5838] <... clone resumed>, child_tidptr=0x555579e09750) = 6075 [pid 6075] set_robust_list(0x555579e09760, 24 [pid 6071] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 6071] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000 [pid 6075] <... set_robust_list resumed>) = 0 [pid 6075] chdir("./43") = 0 [pid 6075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6071] <... openat resumed>) = 5 [pid 6075] setpgid(0, 0) = 0 [pid 6075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6071] exit_group(0 [pid 5840] <... umount2 resumed>) = 0 [pid 6071] <... exit_group resumed>) = ? [pid 6075] <... openat resumed>) = 3 [pid 6071] +++ exited with 0 +++ [pid 6075] write(3, "1000", 4) = 4 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6071, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 6075] close(3 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6075] <... close resumed>) = 0 [pid 6075] symlink("/dev/binderfs", "./binderfs" [pid 5840] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... restart_syscall resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./42/bus", [pid 6075] <... symlink resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6075] write(1, "executing program\n", 18 [pid 5842] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6075] <... write resumed>) = 18 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6075] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 5842] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 4 [pid 5842] newfstatat(3, "", [pid 5840] newfstatat(4, "", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6075] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 5842] getdents64(3, [pid 5840] getdents64(4, [pid 5842] <... getdents64 resumed>0x555579e0a7f0 /* 4 entries */, 32768) = 104 [pid 5842] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5840] getdents64(4, [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./43/binderfs" [pid 5840] <... getdents64 resumed>0x555579e12830 /* 0 entries */, 32768) = 0 [pid 6075] memfd_create("syzkaller", 0 [pid 5842] <... unlink resumed>) = 0 [pid 5842] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(4 [pid 6075] <... memfd_create resumed>) = 3 [pid 5842] <... umount2 resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./42/bus" [pid 6075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 6075] <... mmap resumed>) = 0x7f0fce600000 [pid 5842] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./42") = 0 [pid 5842] newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x555579e12830 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x555579e12830 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./43/bus") = 0 [pid 5840] mkdir("./43", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5842] getdents64(3, 0x555579e0a7f0 /* 0 entries */, 32768) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3) = 0 [pid 5840] close(3 [pid 5842] rmdir("./43") = 0 [pid 5842] mkdir("./44", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6074] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6076 attached [pid 6075] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6077 attached [pid 5840] <... clone resumed>, child_tidptr=0x555579e09750) = 6076 [pid 5842] <... clone resumed>, child_tidptr=0x555579e09750) = 6077 [pid 6077] set_robust_list(0x555579e09760, 24 [pid 6076] set_robust_list(0x555579e09760, 24 [pid 6077] <... set_robust_list resumed>) = 0 [pid 6076] <... set_robust_list resumed>) = 0 [pid 6077] chdir("./44" [pid 6076] chdir("./43" [pid 6077] <... chdir resumed>) = 0 [pid 6076] <... chdir resumed>) = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6076] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6077] <... prctl resumed>) = 0 [pid 6076] <... prctl resumed>) = 0 [pid 6077] setpgid(0, 0 [pid 6076] setpgid(0, 0 [pid 6077] <... setpgid resumed>) = 0 [pid 6076] <... setpgid resumed>) = 0 [pid 6076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6076] <... openat resumed>) = 3 [pid 6076] write(3, "1000", 4 [pid 6077] <... openat resumed>) = 3 [pid 6076] <... write resumed>) = 4 [pid 6074] <... write resumed>) = 2097152 [pid 6077] write(3, "1000", 4 [pid 6076] close(3 [pid 6077] <... write resumed>) = 4 [pid 6076] <... close resumed>) = 0 [pid 6074] munmap(0x7f0fce600000, 138412032executing program executing program [pid 6077] close(3 [pid 6076] symlink("/dev/binderfs", "./binderfs" [pid 6077] <... close resumed>) = 0 [pid 6076] <... symlink resumed>) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6076] write(1, "executing program\n", 18) = 18 [pid 6077] write(1, "executing program\n", 18 [pid 6076] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6077] <... write resumed>) = 18 [pid 6076] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6077] bind(-1, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("2.1.1.0")}, 16 [pid 6076] memfd_create("syzkaller", 0 [pid 6077] <... bind resumed>) = -1 EBADF (Bad file descriptor) [pid 6074] <... munmap resumed>) = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6077] memfd_create("syzkaller", 0 [pid 6076] <... memfd_create resumed>) = 3 [pid 6074] <... openat resumed>) = 4 [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6074] ioctl(4, LOOP_SET_FD, 3 [pid 6076] <... mmap resumed>) = 0x7f0fce600000 [pid 6077] <... memfd_create resumed>) = 3 [pid 6075] <... write resumed>) = 2097152 [pid 6077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0fce600000 [pid 6075] munmap(0x7f0fce600000, 138412032 [pid 6074] <... ioctl resumed>) = 0 [pid 6074] close(3) = 0 [pid 6074] close(4) = 0 [pid 6074] mkdir("./bus", 0777) = 0 [pid 6074] mount("/dev/loop3", "./bus", "ntfs3", 0, "" [pid 6075] <... munmap resumed>) = 0 [ 141.821993][ T6074] loop3: detected capacity change from 0 to 4096 [pid 6075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6075] ioctl(4, LOOP_SET_FD, 3 [pid 6076] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6075] <... ioctl resumed>) = 0 [pid 6077] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6075] close(3) = 0 [pid 6075] close(4) = 0 [ 141.885293][ T6075] loop0: detected capacity change from 0 to 4096 [pid 6075] mkdir("./bus", 0777) = 0 [pid 6075] mount("/dev/loop0", "./bus", "ntfs3", 0, "" [pid 6074] <... mount resumed>) = 0 [pid 6074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6074] chdir("./bus") = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6074] socketpair(AF_TIPC, SOCK_STREAM, 0, NULL) = -1 EFAULT (Bad address) [pid 6077] <... write resumed>) = 2097152 [pid 6074] memfd_create("syzkaller", 0 [pid 6076] <... write resumed>) = 2097152 [pid 6074] <... memfd_create resumed>) = 4 [pid 6076] munmap(0x7f0fce600000, 138412032 [pid 6077] munmap(0x7f0fce600000, 138412032 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6077] <... munmap resumed>) = 0 [pid 6076] <... munmap resumed>) = 0 [pid 6074] <... mmap resumed>) = 0x7f0fce600000 [pid 6076] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6074] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6077] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6076] <... openat resumed>) = 4 [pid 6074] <... write resumed>) = 32768 [pid 6077] ioctl(4, LOOP_SET_FD, 3 [pid 6076] ioctl(4, LOOP_SET_FD, 3 [pid 6075] <... mount resumed>) = 0 [ 141.989692][ C0] ================================================================== [ 141.997827][ C0] BUG: KASAN: out-of-bounds in end_buffer_read_sync+0xc1/0xd0 [ 142.005358][ C0] Write of size 4 at addr ffffc900044c7660 by task ksoftirqd/0/15 [ 142.007570][ T6077] loop4: detected capacity change from 0 to 4096 [ 142.013174][ C0] [ 142.013189][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.14.0-next-20250404-syzkaller #0 PREEMPT(full) [ 142.013210][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 142.013220][ C0] Call Trace: [ 142.013228][ C0] [ 142.013236][ C0] dump_stack_lvl+0x241/0x360 [ 142.013265][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.013287][ C0] ? __pfx__printk+0x10/0x10 [ 142.013308][ C0] ? _printk+0xd5/0x120 [ 142.013329][ C0] print_report+0x16e/0x5b0 [ 142.013352][ C0] ? __virt_addr_valid+0xbd/0x530 [ 142.013374][ C0] ? end_buffer_read_sync+0xc1/0xd0 [ 142.013390][ C0] kasan_report+0x143/0x180 [ 142.013410][ C0] ? wake_up_bit+0x154/0x1a0 [ 142.013432][ C0] ? end_buffer_read_sync+0xc1/0xd0 [ 142.013450][ C0] kasan_check_range+0x28f/0x2a0 [ 142.013472][ C0] ? __pfx_end_buffer_read_sync+0x10/0x10 [ 142.013487][ C0] end_buffer_read_sync+0xc1/0xd0 [ 142.013503][ C0] end_bio_bh_io_sync+0xbf/0x120 [ 142.013523][ C0] blk_update_request+0x5e5/0x1160 [ 142.013552][ C0] blk_mq_end_request+0x3e/0x70 [ 142.013574][ C0] blk_done_softirq+0x100/0x150 [ 142.013595][ C0] handle_softirqs+0x2d6/0x9b0 [ 142.013615][ C0] ? __irq_exit_rcu+0xfb/0x220 [ 142.013632][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 142.013648][ C0] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 142.013679][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 142.013696][ C0] __irq_exit_rcu+0xfb/0x220 [ 142.013712][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 142.013727][ C0] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 142.013749][ C0] ? rcu_is_watching+0x15/0xb0 [ 142.013771][ C0] irq_exit_rcu+0x9/0x30 [ 142.013785][ C0] sysvec_call_function_single+0xa3/0xc0 [ 142.013809][ C0] [ 142.013815][ C0] [ 142.013821][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 142.013839][ C0] RIP: 0010:finish_task_switch+0x1ea/0x870 [ 142.013857][ C0] Code: c9 50 e8 09 2f 0d 00 48 83 c4 08 4c 89 f7 e8 ad 41 00 00 0f 1f 44 00 00 4c 89 f7 e8 40 13 a2 0a e8 5b 7f 39 00 fb 48 8b 5d c0 <48> 8d bb 18 16 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc [ 142.013871][ C0] RSP: 0018:ffffc90000147ac8 EFLAGS: 00000282 [ 142.013888][ C0] RAX: 065ef4801f2c4200 RBX: ffff88801c68bc00 RCX: ffffffff81cb4d7c [ 142.013900][ C0] RDX: 0000000000000000 RSI: ffffffff8e6a4c4b RDI: ffffffff8ca1e060 [ 142.013911][ C0] RBP: ffffc90000147b10 R08: ffffffff905ffd37 R09: 1ffffffff20bffa6 [ 142.013923][ C0] R10: dffffc0000000000 R11: fffffbfff20bffa7 R12: 1ffff110170c7526 [ 142.013935][ C0] R13: dffffc0000000000 R14: ffff8880b8639b00 R15: ffff8880b863a930 [ 142.013950][ C0] ? trace_irq_enable+0x2c/0x120 [ 142.013969][ C0] ? finish_task_switch+0x1e5/0x870 [ 142.013986][ C0] __schedule+0x1b90/0x5240 [ 142.014012][ C0] ? schedule+0x163/0x360 [ 142.014038][ C0] ? __pfx___schedule+0x10/0x10 [ 142.014061][ C0] ? schedule+0x90/0x360 [ 142.014078][ C0] ? schedule+0x90/0x360 [ 142.014094][ C0] schedule+0x163/0x360 [ 142.014112][ C0] ? __pfx_ksoftirqd_should_run+0x10/0x10 [ 142.014130][ C0] smpboot_thread_fn+0x606/0xaa0 [ 142.014150][ C0] ? smpboot_thread_fn+0x46/0xaa0 [ 142.014169][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 142.014188][ C0] kthread+0x7b7/0x940 [ 142.014210][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 142.014229][ C0] ? __pfx_kthread+0x10/0x10 [ 142.014249][ C0] ? __pfx_kthread+0x10/0x10 [ 142.014269][ C0] ? __pfx_kthread+0x10/0x10 [ 142.014289][ C0] ? __pfx_kthread+0x10/0x10 [ 142.014310][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 142.014326][ C0] ? lockdep_hardirqs_on+0x9d/0x150 [ 142.014344][ C0] ? __pfx_kthread+0x10/0x10 [ 142.014364][ C0] ret_from_fork+0x4b/0x80 [ 142.014381][ C0] ? __pfx_kthread+0x10/0x10 [ 142.014401][ C0] ret_from_fork_asm+0x1a/0x30 [ 142.014422][ C0] [ 142.014428][ C0] [ 142.020474][ T6076] loop2: detected capacity change from 0 to 4096 [ 142.021884][ C0] The buggy address belongs to the virtual mapping at [ 142.021884][ C0] [ffffc900044c0000, ffffc900044c9000) created by: [ 142.021884][ C0] copy_process+0x5dc/0x3d10 [ 142.413901][ C0] [ 142.416232][ C0] The buggy address belongs to the physical page: [ 142.422639][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x47 pfn:0x2fb98 [ 142.431486][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 142.438644][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 142.447254][ C0] raw: 0000000000000047 0000000000000000 00000001ffffffff 0000000000000000 [ 142.455846][ C0] page dumped because: kasan: bad access detected [ 142.462267][ C0] page_owner tracks the page as allocated [ 142.467981][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5842, tgid 5842 (syz-executor372), ts 125671245984, free_ts 125301709214 [ 142.487632][ C0] post_alloc_hook+0x1f4/0x240 [ 142.492427][ C0] get_page_from_freelist+0x356d/0x3700 [ 142.497975][ C0] __alloc_frozen_pages_noprof+0x211/0x5b0 [ 142.503809][ C0] alloc_pages_mpol+0x339/0x690 [ 142.508677][ C0] alloc_pages_noprof+0x121/0x190 [ 142.513719][ C0] __vmalloc_node_range_noprof+0x9cb/0x1390 [ 142.519620][ C0] __vmalloc_node_noprof+0x80/0xa0 [ 142.524731][ C0] dup_task_struct+0x3f7/0x870 [ 142.529497][ C0] copy_process+0x5dc/0x3d10 [ 142.534084][ C0] kernel_clone+0x242/0x930 [ 142.538588][ C0] __x64_sys_clone+0x268/0x2e0 [ 142.543353][ C0] do_syscall_64+0xf3/0x230 [ 142.547857][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.553752][ C0] page last free pid 5841 tgid 5841 stack trace: [ 142.560074][ C0] free_unref_folios+0xe0e/0x17f0 [ 142.565095][ C0] folios_put_refs+0x70a/0x800 [ 142.569861][ C0] truncate_inode_pages_range+0x462/0x10e0 [ 142.575664][ C0] blkdev_flush_mapping+0x108/0x270 [ 142.580861][ C0] bdev_release+0x460/0x700 [ 142.585364][ C0] blkdev_release+0x15/0x20 [ 142.589881][ C0] __fput+0x3e9/0x9f0 [ 142.593865][ C0] task_work_run+0x251/0x310 [ 142.598452][ C0] ptrace_notify+0x2dc/0x390 [ 142.603043][ C0] syscall_exit_work+0xc7/0x1d0 [ 142.607894][ C0] syscall_exit_to_user_mode+0x24a/0x340 [ 142.613528][ C0] do_syscall_64+0x100/0x230 [ 142.618120][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.624036][ C0] [ 142.626360][ C0] Memory state around the buggy address: [ 142.632105][ C0] ffffc900044c7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.640172][ C0] ffffc900044c7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.648231][ C0] >ffffc900044c7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.656286][ C0] ^ [ 142.663738][ C0] ffffc900044c7680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.671796][ C0] ffffc900044c7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.679853][ C0] ================================================================== [ 142.688030][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 142.695259][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.14.0-next-20250404-syzkaller #0 PREEMPT(full) [ 142.706293][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 142.716355][ C0] Call Trace: [ 142.719643][ C0] [ 142.722489][ C0] dump_stack_lvl+0x241/0x360 [ 142.727175][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.732378][ C0] ? __pfx__printk+0x10/0x10 [ 142.736970][ C0] ? __irq_exit_rcu+0x109/0x220 [ 142.741827][ C0] ? vscnprintf+0x5d/0x90 [ 142.746160][ C0] panic+0x349/0x880 [ 142.750062][ C0] ? check_panic_on_warn+0x21/0xb0 [ 142.755205][ C0] ? __pfx_panic+0x10/0x10 [ 142.759661][ C0] ? trace_irq_enable+0x2c/0x120 [ 142.764643][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x140 [ 142.770547][ C0] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 142.776441][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 142.782770][ C0] ? print_report+0x519/0x5b0 [ 142.787456][ C0] check_panic_on_warn+0x86/0xb0 [ 142.792401][ C0] ? end_buffer_read_sync+0xc1/0xd0 [ 142.797598][ C0] end_report+0x77/0x160 [ 142.801847][ C0] kasan_report+0x154/0x180 [ 142.806352][ C0] ? wake_up_bit+0x154/0x1a0 [ 142.810953][ C0] ? end_buffer_read_sync+0xc1/0xd0 [ 142.816155][ C0] kasan_check_range+0x28f/0x2a0 [ 142.821100][ C0] ? __pfx_end_buffer_read_sync+0x10/0x10 [ 142.826818][ C0] end_buffer_read_sync+0xc1/0xd0 [ 142.831840][ C0] end_bio_bh_io_sync+0xbf/0x120 [ 142.836782][ C0] blk_update_request+0x5e5/0x1160 [ 142.841904][ C0] blk_mq_end_request+0x3e/0x70 [ 142.846765][ C0] blk_done_softirq+0x100/0x150 [ 142.851619][ C0] handle_softirqs+0x2d6/0x9b0 [ 142.856389][ C0] ? __irq_exit_rcu+0xfb/0x220 [ 142.861176][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 142.866458][ C0] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 142.872351][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 142.877559][ C0] __irq_exit_rcu+0xfb/0x220 [ 142.882146][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 142.887340][ C0] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 142.892980][ C0] ? rcu_is_watching+0x15/0xb0 [ 142.897749][ C0] irq_exit_rcu+0x9/0x30 [ 142.901992][ C0] sysvec_call_function_single+0xa3/0xc0 [ 142.907625][ C0] [ 142.910562][ C0] [ 142.913493][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 142.919490][ C0] RIP: 0010:finish_task_switch+0x1ea/0x870 [ 142.925295][ C0] Code: c9 50 e8 09 2f 0d 00 48 83 c4 08 4c 89 f7 e8 ad 41 00 00 0f 1f 44 00 00 4c 89 f7 e8 40 13 a2 0a e8 5b 7f 39 00 fb 48 8b 5d c0 <48> 8d bb 18 16 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc [ 142.944907][ C0] RSP: 0018:ffffc90000147ac8 EFLAGS: 00000282 [ 142.950983][ C0] RAX: 065ef4801f2c4200 RBX: ffff88801c68bc00 RCX: ffffffff81cb4d7c [ 142.958956][ C0] RDX: 0000000000000000 RSI: ffffffff8e6a4c4b RDI: ffffffff8ca1e060 [ 142.966953][ C0] RBP: ffffc90000147b10 R08: ffffffff905ffd37 R09: 1ffffffff20bffa6 [ 142.974928][ C0] R10: dffffc0000000000 R11: fffffbfff20bffa7 R12: 1ffff110170c7526 [ 142.982910][ C0] R13: dffffc0000000000 R14: ffff8880b8639b00 R15: ffff8880b863a930 [ 142.990887][ C0] ? trace_irq_enable+0x2c/0x120 [ 142.995827][ C0] ? finish_task_switch+0x1e5/0x870 [ 143.001112][ C0] __schedule+0x1b90/0x5240 [ 143.005624][ C0] ? schedule+0x163/0x360 [ 143.009954][ C0] ? __pfx___schedule+0x10/0x10 [ 143.014810][ C0] ? schedule+0x90/0x360 [ 143.019055][ C0] ? schedule+0x90/0x360 [ 143.023299][ C0] schedule+0x163/0x360 [ 143.027453][ C0] ? __pfx_ksoftirqd_should_run+0x10/0x10 [ 143.033173][ C0] smpboot_thread_fn+0x606/0xaa0 [ 143.038114][ C0] ? smpboot_thread_fn+0x46/0xaa0 [ 143.043161][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 143.048621][ C0] kthread+0x7b7/0x940 [ 143.052695][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 143.058162][ C0] ? __pfx_kthread+0x10/0x10 [ 143.062757][ C0] ? __pfx_kthread+0x10/0x10 [ 143.067361][ C0] ? __pfx_kthread+0x10/0x10 [ 143.071954][ C0] ? __pfx_kthread+0x10/0x10 [ 143.076546][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 143.081750][ C0] ? lockdep_hardirqs_on+0x9d/0x150 [ 143.086952][ C0] ? __pfx_kthread+0x10/0x10 [ 143.091546][ C0] ret_from_fork+0x4b/0x80 [ 143.095961][ C0] ? __pfx_kthread+0x10/0x10 [ 143.100555][ C0] ret_from_fork_asm+0x1a/0x30 [ 143.105325][ C0] [ 143.108481][ C0] Kernel Offset: disabled [ 143.112806][ C0] Rebooting in 86400 seconds..