./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1197731612 <...> 8355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8356] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8357] <... memfd_create resumed>) = 3 [pid 8355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] newfstatat(AT_FDCWD, "./322/binderfs", [pid 8355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8355] <... mmap resumed>) = 0x7f6713892000 [pid 5062] unlink("./322/binderfs" [pid 8357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8355] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... unlink resumed>) = 0 [pid 8357] <... mmap resumed>) = 0x7f670b400000 [pid 8355] <... mprotect resumed>) = 0 [pid 5062] umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8354] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... umount2 resumed>) = 0 [pid 8355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8355] <... clone3 resumed> => {parent_tid=[8358]}, 88) = 8358 [pid 5062] newfstatat(AT_FDCWD, "./322/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8355] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8358 attached [pid 8355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8358] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8355] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] openat(AT_FDCWD, "./322/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8358] <... rseq resumed>) = 0 [pid 8355] <... futex resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8358] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5062] newfstatat(4, "", [pid 8358] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] getdents64(4, [pid 8358] memfd_create("syzkaller", 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 8355] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] rmdir("./322/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./322") = 0 [pid 8358] <... memfd_create resumed>) = 3 [pid 5062] mkdir("./323", 0777 [pid 8358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8358] <... mmap resumed>) = 0x7f670b400000 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8354] <... write resumed>) = 2097152 [pid 8353] <... write resumed>) = 2097152 [pid 8354] munmap(0x7f670b400000, 138412032 [pid 8353] munmap(0x7f670b400000, 138412032 [pid 8357] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8354] <... munmap resumed>) = 0 [pid 8353] <... munmap resumed>) = 0 [pid 8353] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8354] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8354] ioctl(4, LOOP_SET_FD, 3 [pid 8353] ioctl(4, LOOP_SET_FD, 3 [pid 8354] <... ioctl resumed>) = 0 [pid 8354] close(3) = 0 [pid 8354] close(4) = 0 [pid 8354] mkdir("./file0", 0777) = 0 [pid 8354] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] <... ioctl resumed>) = 0 [pid 8358] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8354] <... mount resumed>) = 0 [pid 8354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8354] chdir("./file0" [pid 5062] close(3 [pid 8354] <... chdir resumed>) = 0 [ 279.240050][ T8353] loop3: detected capacity change from 0 to 4096 [ 279.240069][ T8354] loop1: detected capacity change from 0 to 4096 [pid 8354] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... close resumed>) = 0 [pid 8354] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8353] <... ioctl resumed>) = 0 [pid 8357] <... write resumed>) = 2097152 [pid 8354] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8353] close(3 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8354] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8353] <... close resumed>) = 0 [pid 8351] <... futex resumed>) = 0 [pid 8357] munmap(0x7f670b400000, 138412032 [pid 8351] exit_group(0 [pid 8353] close(4) = 0 [pid 8353] mkdir("./file0", 0777) = 0 [pid 8354] <... futex resumed>) = ? [pid 8351] <... exit_group resumed>) = ? [pid 8354] +++ exited with 0 +++ [pid 8353] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8351] +++ exited with 0 +++ [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8359 ./strace-static-x86_64: Process 8359 attached [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8351, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 8359] set_robust_list(0x5555569076a0, 24) = 0 [pid 8357] <... munmap resumed>) = 0 [pid 8359] chdir("./323" [pid 5063] umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8359] <... chdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8359] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8359] <... prctl resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8359] setpgid(0, 0 [pid 8357] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] newfstatat(3, "", [pid 8359] <... setpgid resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8357] <... openat resumed>) = 4 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8357] ioctl(4, LOOP_SET_FD, 3 [pid 5063] newfstatat(AT_FDCWD, "./330/binderfs", [pid 8358] <... write resumed>) = 2097152 [pid 8359] <... openat resumed>) = 3 [pid 8358] munmap(0x7f670b400000, 138412032 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8359] write(3, "1000", 4 [pid 5063] unlink("./330/binderfs" [pid 8359] <... write resumed>) = 4 [pid 5063] <... unlink resumed>) = 0 [pid 8359] close(3 [pid 5063] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8359] <... close resumed>) = 0 [pid 8358] <... munmap resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8359] symlink("/dev/binderfs", "./binderfs" [pid 8358] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8359] <... symlink resumed>) = 0 [pid 8358] <... openat resumed>) = 4 [pid 8358] ioctl(4, LOOP_SET_FD, 3 [pid 8359] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./330/file0", [pid 8359] <... futex resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8359] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8359] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8357] <... ioctl resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8357] close(3 [pid 5063] <... openat resumed>) = 4 [pid 8357] <... close resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 8357] close(4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8357] <... close resumed>) = 0 [pid 8357] mkdir("./file0", 0777 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8357] <... mkdir resumed>) = 0 [pid 5063] getdents64(4, [pid 8359] <... mmap resumed>) = 0x7f6713892000 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8359] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] close(4 [pid 8359] <... mprotect resumed>) = 0 [pid 8359] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... close resumed>) = 0 [pid 8359] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8357] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] rmdir("./330/file0" [pid 8359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 8359] <... clone3 resumed> => {parent_tid=[8360]}, 88) = 8360 [pid 8358] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8360 attached [pid 8359] rt_sigprocmask(SIG_SETMASK, [], [pid 8358] close(3 [pid 5063] close(3 [pid 8360] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8360] <... rseq resumed>) = 0 [pid 8359] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8358] <... close resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8359] <... futex resumed>) = 0 [pid 8358] close(4 [pid 5063] rmdir("./330" [pid 8360] set_robust_list(0x7f67138b29a0, 24 [pid 8359] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8358] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8360] <... set_robust_list resumed>) = 0 [pid 8358] mkdir("./file0", 0777 [pid 8353] <... mount resumed>) = 0 [pid 5063] mkdir("./331", 0777 [pid 8360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8360] memfd_create("syzkaller", 0 [pid 8358] <... mkdir resumed>) = 0 [ 279.335048][ T8357] loop4: detected capacity change from 0 to 4096 [ 279.361350][ T8358] loop2: detected capacity change from 0 to 4096 [pid 8353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8360] <... memfd_create resumed>) = 3 [pid 8358] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8353] <... openat resumed>) = 3 [pid 5063] <... mkdir resumed>) = 0 [pid 8360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8353] chdir("./file0" [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8353] <... chdir resumed>) = 0 [pid 8353] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8353] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8352] <... futex resumed>) = 0 [pid 8353] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8352] exit_group(0 [pid 8353] <... futex resumed>) = ? [pid 8352] <... exit_group resumed>) = ? [pid 8353] +++ exited with 0 +++ [pid 8352] +++ exited with 0 +++ [pid 8357] <... mount resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8352, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5065] umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8358] <... mount resumed>) = 0 [pid 8357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8360] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8357] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 8358] <... openat resumed>) = 3 [pid 8357] chdir("./file0" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8357] <... chdir resumed>) = 0 [pid 8357] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8358] chdir("./file0" [pid 5065] getdents64(3, [pid 8358] <... chdir resumed>) = 0 [pid 8357] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8358] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8357] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8358] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8357] <... futex resumed>) = 1 [pid 8358] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8356] <... futex resumed>) = 0 [pid 8357] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8358] <... futex resumed>) = 1 [pid 8355] <... futex resumed>) = 0 [pid 8356] exit_group(0 [pid 5065] newfstatat(AT_FDCWD, "./326/binderfs", [pid 8358] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8357] <... futex resumed>) = ? [pid 8355] exit_group(0 [pid 8356] <... exit_group resumed>) = ? [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8358] <... futex resumed>) = ? [pid 8357] +++ exited with 0 +++ [pid 8355] <... exit_group resumed>) = ? [pid 8356] +++ exited with 0 +++ [pid 5065] unlink("./326/binderfs" [pid 8358] +++ exited with 0 +++ [pid 8355] +++ exited with 0 +++ [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8356, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8355, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5065] umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(AT_FDCWD, "./326/file0", [pid 5064] openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(3, "", [pid 5064] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(3, "", [pid 5063] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... openat resumed>) = 4 [pid 5064] getdents64(3, [pid 5066] getdents64(3, ./strace-static-x86_64: Process 8361 attached [pid 5065] newfstatat(4, "", [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8361] set_robust_list(0x5555569076a0, 24) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8361 [pid 8361] chdir("./331" [pid 5066] umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8361] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./326/file0" [pid 8360] <... write resumed>) = 2097152 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8361] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] newfstatat(AT_FDCWD, "./326/binderfs", [pid 8361] <... prctl resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 8361] setpgid(0, 0 [pid 8360] munmap(0x7f670b400000, 138412032 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(AT_FDCWD, "./328/binderfs", [pid 8361] <... setpgid resumed>) = 0 [pid 5066] unlink("./326/binderfs" [pid 5065] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5065] close(3 [pid 5064] unlink("./328/binderfs" [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./326") = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5065] mkdir("./327", 0777 [pid 8361] <... openat resumed>) = 3 [pid 8360] <... munmap resumed>) = 0 [pid 5066] umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8361] write(3, "1000", 4 [pid 8360] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8361] <... write resumed>) = 4 [pid 8360] <... openat resumed>) = 4 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5066] umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./326/file0", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8361] close(3 [pid 8360] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5064] newfstatat(AT_FDCWD, "./328/file0", [pid 8361] <... close resumed>) = 0 [pid 5066] umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(4, [pid 5064] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./326/file0") = 0 [pid 5064] newfstatat(4, "", [pid 5066] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5064] getdents64(4, [pid 5066] rmdir("./326" [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./328/file0" [pid 8361] symlink("/dev/binderfs", "./binderfs" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5066] mkdir("./327", 0777 [pid 5064] <... rmdir resumed>) = 0 [pid 8361] <... symlink resumed>) = 0 [pid 8360] <... ioctl resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 8361] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8360] close(3 [pid 5064] getdents64(3, [pid 8361] <... futex resumed>) = 0 [pid 8360] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8361] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8360] close(4 [pid 8361] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... openat resumed>) = 3 [pid 8361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8360] <... close resumed>) = 0 [pid 5064] close(3 [pid 8361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8360] mkdir("./file0", 0777 [pid 5064] <... close resumed>) = 0 [pid 8361] <... mmap resumed>) = 0x7f6713892000 [pid 5064] rmdir("./328" [pid 8361] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8360] <... mkdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8360] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8361] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] mkdir("./329", 0777 [pid 8361] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 8361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8362 attached => {parent_tid=[8362]}, 88) = 8362 [pid 8361] rt_sigprocmask(SIG_SETMASK, [], [pid 8362] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8362] <... rseq resumed>) = 0 [pid 8361] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8362] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8361] <... futex resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8362] rt_sigprocmask(SIG_SETMASK, [], [pid 8361] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8362] memfd_create("syzkaller", 0) = 3 [pid 8362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8360] <... mount resumed>) = 0 [pid 8360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8360] chdir("./file0") = 0 [pid 8360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8360] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8359] <... futex resumed>) = 0 [pid 8360] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8359] exit_group(0 [pid 8360] <... futex resumed>) = ? [pid 8359] <... exit_group resumed>) = ? [pid 8360] +++ exited with 0 +++ [pid 8359] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8359, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [ 279.584836][ T8360] loop0: detected capacity change from 0 to 4096 [pid 5062] umount2("./323", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./323/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8362] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... ioctl resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./323/binderfs" [pid 5066] <... ioctl resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3 [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./323/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... close resumed>) = 0 [pid 5062] umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./323/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 5065] close(3./strace-static-x86_64: Process 8363 attached [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8363 [pid 8363] set_robust_list(0x5555569076a0, 24 [pid 5065] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8363] <... set_robust_list resumed>) = 0 [pid 8363] chdir("./327" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] getdents64(4, [pid 8363] <... chdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8363] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] close(4 [pid 8363] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 8364 attached [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8364 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8364] set_robust_list(0x5555569076a0, 24 [pid 8363] setpgid(0, 0 [pid 5062] rmdir("./323/file0" [pid 8364] <... set_robust_list resumed>) = 0 [pid 8363] <... setpgid resumed>) = 0 [pid 8364] chdir("./327" [pid 8363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] close(3 [pid 5062] <... rmdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8364] <... chdir resumed>) = 0 [pid 8363] <... openat resumed>) = 3 [pid 5062] getdents64(3, [pid 8364] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8363] write(3, "1000", 4 [pid 8364] <... prctl resumed>) = 0 [pid 8363] <... write resumed>) = 4 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8365 attached [pid 8364] setpgid(0, 0 [pid 8363] close(3 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8365 [pid 5062] close(3 [pid 8365] set_robust_list(0x5555569076a0, 24 [pid 8364] <... setpgid resumed>) = 0 [pid 8363] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8365] <... set_robust_list resumed>) = 0 [pid 8363] symlink("/dev/binderfs", "./binderfs" [pid 5062] rmdir("./323" [pid 8364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... rmdir resumed>) = 0 [pid 8365] chdir("./329" [pid 8364] <... openat resumed>) = 3 [pid 8363] <... symlink resumed>) = 0 [pid 5062] mkdir("./324", 0777 [pid 8365] <... chdir resumed>) = 0 [pid 8363] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8364] write(3, "1000", 4 [pid 8363] <... futex resumed>) = 0 [pid 8365] <... prctl resumed>) = 0 [pid 8364] <... write resumed>) = 4 [pid 8363] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... mkdir resumed>) = 0 [pid 8365] setpgid(0, 0 [pid 8364] close(3 [pid 8363] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8365] <... setpgid resumed>) = 0 [pid 8364] <... close resumed>) = 0 [pid 8363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8364] symlink("/dev/binderfs", "./binderfs" [pid 8363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... openat resumed>) = 3 [pid 8364] <... symlink resumed>) = 0 [pid 8363] <... mmap resumed>) = 0x7f6713892000 [pid 8365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8364] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8365] <... openat resumed>) = 3 [pid 8364] <... futex resumed>) = 0 [pid 8363] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8364] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8363] <... mprotect resumed>) = 0 [pid 8362] <... write resumed>) = 2097152 [pid 8365] write(3, "1000", 4 [pid 8364] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8363] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8364] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8363] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8362] munmap(0x7f670b400000, 138412032 [pid 8365] <... write resumed>) = 4 [pid 8365] close(3 [pid 8364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8365] <... close resumed>) = 0 [pid 8364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8364] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 8366 attached [pid 8363] <... clone3 resumed> => {parent_tid=[8366]}, 88) = 8366 [pid 8365] symlink("/dev/binderfs", "./binderfs" [pid 8366] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8364] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8363] rt_sigprocmask(SIG_SETMASK, [], [pid 8366] <... rseq resumed>) = 0 [pid 8365] <... symlink resumed>) = 0 [pid 8363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8366] set_robust_list(0x7f67138b29a0, 24 [pid 8364] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8363] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8366] <... set_robust_list resumed>) = 0 [pid 8364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8363] <... futex resumed>) = 0 [pid 8366] rt_sigprocmask(SIG_SETMASK, [], [pid 8365] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8363] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8367 attached [pid 8366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8365] <... futex resumed>) = 0 [pid 8367] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8364] <... clone3 resumed> => {parent_tid=[8367]}, 88) = 8367 [pid 8367] <... rseq resumed>) = 0 [pid 8364] rt_sigprocmask(SIG_SETMASK, [], [pid 8367] set_robust_list(0x7f67138b29a0, 24 [pid 8364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8367] <... set_robust_list resumed>) = 0 [pid 8364] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8367] rt_sigprocmask(SIG_SETMASK, [], [pid 8365] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8364] <... futex resumed>) = 0 [pid 8367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8365] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8364] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8366] memfd_create("syzkaller", 0 [pid 8365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8365] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8367] memfd_create("syzkaller", 0) = 3 [pid 8366] <... memfd_create resumed>) = 3 [pid 8365] <... mprotect resumed>) = 0 [pid 8367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8367] <... mmap resumed>) = 0x7f670b400000 [pid 8365] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8366] <... mmap resumed>) = 0x7f670b400000 [pid 8365] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8362] <... munmap resumed>) = 0 [pid 8365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8368]}, 88) = 8368 [pid 8365] rt_sigprocmask(SIG_SETMASK, [], [pid 8362] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8362] <... openat resumed>) = 4 [pid 8365] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8362] ioctl(4, LOOP_SET_FD, 3 [pid 8365] <... futex resumed>) = 0 [pid 8362] <... ioctl resumed>) = 0 [pid 8365] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8368 attached [pid 8368] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8362] close(3) = 0 [pid 8362] close(4) = 0 [pid 8362] mkdir("./file0", 0777) = 0 [pid 8362] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8368] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8368] memfd_create("syzkaller", 0) = 3 [pid 8368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] <... ioctl resumed>) = 0 [ 279.810638][ T8362] loop1: detected capacity change from 0 to 4096 [pid 5062] close(3 [pid 8366] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8369 ./strace-static-x86_64: Process 8369 attached [pid 8369] set_robust_list(0x5555569076a0, 24) = 0 [pid 8369] chdir("./324") = 0 [pid 8369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8369] setpgid(0, 0) = 0 [pid 8369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8369] write(3, "1000", 4) = 4 [pid 8369] close(3) = 0 [pid 8367] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8369] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8362] <... mount resumed>) = 0 [pid 8369] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8369] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8362] chdir("./file0" [pid 8369] <... mprotect resumed>) = 0 [pid 8362] <... chdir resumed>) = 0 [pid 8369] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8362] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8369] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8362] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8362] <... futex resumed>) = 1 [pid 8362] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8361] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8370 attached [pid 8369] <... clone3 resumed> => {parent_tid=[8370]}, 88) = 8370 [pid 8370] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8369] rt_sigprocmask(SIG_SETMASK, [], [pid 8361] exit_group(0 [pid 8368] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8361] <... exit_group resumed>) = ? [pid 8362] <... futex resumed>) = ? [pid 8370] <... rseq resumed>) = 0 [pid 8369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8362] +++ exited with 0 +++ [pid 8361] +++ exited with 0 +++ [pid 8370] set_robust_list(0x7f67138b29a0, 24 [pid 8369] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8361, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8370] <... set_robust_list resumed>) = 0 [pid 8369] <... futex resumed>) = 0 [pid 8370] rt_sigprocmask(SIG_SETMASK, [], [pid 8369] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8370] memfd_create("syzkaller", 0 [pid 5063] umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8370] <... memfd_create resumed>) = 3 [pid 5063] openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8366] <... write resumed>) = 2097152 [pid 5063] <... openat resumed>) = 3 [pid 8370] <... mmap resumed>) = 0x7f670b400000 [pid 8366] munmap(0x7f670b400000, 138412032 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8367] <... write resumed>) = 2097152 [pid 5063] getdents64(3, [pid 8366] <... munmap resumed>) = 0 [pid 8366] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8366] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./331/binderfs") = 0 [pid 5063] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8366] <... ioctl resumed>) = 0 [pid 8366] close(3) = 0 [pid 8366] close(4) = 0 [pid 8366] mkdir("./file0", 0777) = 0 [pid 8366] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8367] munmap(0x7f670b400000, 138412032) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./331/file0", [ 279.983252][ T8366] loop4: detected capacity change from 0 to 4096 [pid 8367] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8367] ioctl(4, LOOP_SET_FD, 3 [pid 5063] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8368] <... write resumed>) = 2097152 [pid 5063] getdents64(4, [pid 8368] munmap(0x7f670b400000, 138412032 [pid 8367] <... ioctl resumed>) = 0 [pid 8368] <... munmap resumed>) = 0 [pid 8367] close(3 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8368] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8367] <... close resumed>) = 0 [pid 5063] getdents64(4, [pid 8370] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8368] <... openat resumed>) = 4 [pid 8367] close(4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8367] <... close resumed>) = 0 [pid 5063] close(4 [pid 8368] ioctl(4, LOOP_SET_FD, 3 [pid 8367] mkdir("./file0", 0777 [pid 5063] <... close resumed>) = 0 [pid 8367] <... mkdir resumed>) = 0 [pid 8366] <... mount resumed>) = 0 [pid 5063] rmdir("./331/file0" [pid 8367] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] <... rmdir resumed>) = 0 [pid 8366] <... openat resumed>) = 3 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./331") = 0 [pid 5063] mkdir("./332", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8368] <... ioctl resumed>) = 0 [pid 8368] close(3) = 0 [pid 8368] close(4) = 0 [pid 8368] mkdir("./file0", 0777 [pid 8366] chdir("./file0") = 0 [pid 8368] <... mkdir resumed>) = 0 [pid 8368] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8366] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8370] <... write resumed>) = 2097152 [pid 8366] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8370] munmap(0x7f670b400000, 138412032 [pid 8366] <... futex resumed>) = 1 [pid 8363] <... futex resumed>) = 0 [pid 8370] <... munmap resumed>) = 0 [pid 8366] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8363] exit_group(0) = ? [ 280.033020][ T8367] loop3: detected capacity change from 0 to 4096 [ 280.061753][ T8368] loop2: detected capacity change from 0 to 4096 [pid 8366] <... futex resumed>) = ? [pid 8370] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8366] +++ exited with 0 +++ [pid 8363] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8363, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8370] <... openat resumed>) = 4 [pid 5066] umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", [pid 8370] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8370] <... ioctl resumed>) = 0 [pid 5066] getdents64(3, [pid 8370] close(3) = 0 [pid 8367] <... mount resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8370] close(4 [pid 5066] umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8370] <... close resumed>) = 0 [pid 8367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... ioctl resumed>) = 0 [pid 8367] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./327/binderfs", [pid 5063] close(3) = 0 [pid 8367] chdir("./file0" [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8367] <... chdir resumed>) = 0 [pid 8367] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8367] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8367] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8370] mkdir("./file0", 0777./strace-static-x86_64: Process 8371 attached ) = 0 [pid 8364] <... futex resumed>) = 0 [pid 8364] exit_group(0) = ? [pid 8371] set_robust_list(0x5555569076a0, 24 [pid 8367] <... futex resumed>) = ? [pid 5066] unlink("./327/binderfs" [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8371 [pid 8371] <... set_robust_list resumed>) = 0 [ 280.138745][ T8370] loop0: detected capacity change from 0 to 4096 [pid 8371] chdir("./332" [pid 8367] +++ exited with 0 +++ [pid 8364] +++ exited with 0 +++ [pid 5066] <... unlink resumed>) = 0 [pid 8371] <... chdir resumed>) = 0 [pid 5066] umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8364, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8370] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8371] setpgid(0, 0) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8371] <... openat resumed>) = 3 [pid 8368] <... mount resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./327/file0", [pid 5065] newfstatat(3, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8371] write(3, "1000", 4 [pid 5066] umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 8371] <... write resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8371] close(3) = 0 [pid 8368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8371] symlink("/dev/binderfs", "./binderfs" [pid 5065] umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8371] <... symlink resumed>) = 0 [pid 8368] <... openat resumed>) = 3 [pid 5066] <... openat resumed>) = 4 [pid 8368] chdir("./file0") = 0 [pid 8368] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8368] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8365] <... futex resumed>) = 0 [pid 8368] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8365] exit_group(0 [pid 8368] <... futex resumed>) = ? [pid 8365] <... exit_group resumed>) = ? [pid 5065] newfstatat(AT_FDCWD, "./327/binderfs", [pid 8371] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8368] +++ exited with 0 +++ [pid 8365] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8365, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5065] unlink("./327/binderfs") = 0 [pid 5065] umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8371] <... futex resumed>) = 0 [pid 8371] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 8371] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] getdents64(4, [pid 5064] umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] getdents64(4, [pid 5064] openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 8371] <... mmap resumed>) = 0x7f6713892000 [pid 8370] <... mount resumed>) = 0 [pid 5066] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(3, "", [pid 8371] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./327/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8371] <... mprotect resumed>) = 0 [pid 8370] <... openat resumed>) = 3 [pid 5066] rmdir("./327/file0" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8370] chdir("./file0") = 0 [pid 8370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8370] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... rmdir resumed>) = 0 [pid 8370] <... futex resumed>) = 1 [pid 8369] <... futex resumed>) = 0 [pid 5064] getdents64(3, [pid 8370] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8369] exit_group(0 [pid 8370] <... futex resumed>) = ? [pid 8369] <... exit_group resumed>) = ? [pid 8370] +++ exited with 0 +++ [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./329/binderfs", [pid 8371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] getdents64(3, [pid 5065] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8369] +++ exited with 0 +++ [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(4, "", [pid 5064] unlink("./329/binderfs"./strace-static-x86_64: Process 8372 attached [pid 5066] close(3 [pid 5064] <... unlink resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8369, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=2 /* 0.02 s */} --- [pid 8372] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8371] <... clone3 resumed> => {parent_tid=[8372]}, 88) = 8372 [pid 5066] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8372] <... rseq resumed>) = 0 [pid 8371] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] rmdir("./327" [pid 5065] getdents64(4, [pid 8372] set_robust_list(0x7f67138b29a0, 24 [pid 8371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8372] <... set_robust_list resumed>) = 0 [pid 8371] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] mkdir("./328", 0777 [pid 8372] rt_sigprocmask(SIG_SETMASK, [], [pid 8371] <... futex resumed>) = 0 [pid 5062] umount2("./324", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8371] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(AT_FDCWD, "./329/file0", [pid 8372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5064] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(3, "", [pid 5065] rmdir("./327/file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... rmdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 3 [pid 5062] getdents64(3, [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8372] memfd_create("syzkaller", 0 [pid 5065] getdents64(3, [pid 5064] newfstatat(4, "", [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8372] <... memfd_create resumed>) = 3 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] umount2("./324/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] close(3 [pid 5064] getdents64(4, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8372] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] newfstatat(AT_FDCWD, "./324/binderfs", [pid 5065] rmdir("./327" [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./324/binderfs" [pid 5065] <... rmdir resumed>) = 0 [pid 5064] getdents64(4, [pid 5062] <... unlink resumed>) = 0 [pid 5065] mkdir("./328", 0777 [pid 5062] umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] rmdir("./329/file0") = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8372] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] close(3) = 0 [pid 5062] umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] rmdir("./329" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... rmdir resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./324/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] mkdir("./330", 0777 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./324/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... mkdir resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] getdents64(4, [pid 5064] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./324/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./324") = 0 [pid 8372] <... write resumed>) = 2097152 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] mkdir("./325", 0777 [pid 8372] munmap(0x7f670b400000, 138412032 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8372] <... munmap resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8373 attached [pid 8372] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... ioctl resumed>) = 0 [pid 8373] set_robust_list(0x5555569076a0, 24) = 0 [pid 8373] chdir("./328" [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8373] <... chdir resumed>) = 0 [pid 8372] <... openat resumed>) = 4 [pid 8373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8373 [pid 5065] close(3 [pid 8372] ioctl(4, LOOP_SET_FD, 3 [pid 8373] <... prctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8373] setpgid(0, 0) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8374 [pid 8373] write(3, "1000", 4) = 4 [pid 8373] close(3) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8373] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 8374 attached ) = 0 [pid 8373] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8373] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8374] set_robust_list(0x5555569076a0, 24 [pid 8372] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 8374] <... set_robust_list resumed>) = 0 [pid 8374] chdir("./328") = 0 [pid 8372] close(3 [pid 8374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8373] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8372] <... close resumed>) = 0 [pid 8374] setpgid(0, 0 [pid 8373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8372] close(4 [pid 8373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8374] <... setpgid resumed>) = 0 [pid 8373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8372] <... close resumed>) = 0 [pid 5064] close(3 [pid 8374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8372] mkdir("./file0", 0777 [pid 5064] <... close resumed>) = 0 [pid 8373] <... mmap resumed>) = 0x7f6713892000 [pid 8373] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8372] <... mkdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8372] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8375 [pid 8373] <... clone3 resumed> => {parent_tid=[8376]}, 88) = 8376 [pid 8373] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8376 attached NULL, 8) = 0 [pid 8376] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8373] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8375 attached [pid 8376] <... rseq resumed>) = 0 [pid 8374] <... openat resumed>) = 3 [pid 8373] <... futex resumed>) = 0 [pid 8373] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8376] set_robust_list(0x7f67138b29a0, 24 [pid 8375] set_robust_list(0x5555569076a0, 24 [pid 8376] <... set_robust_list resumed>) = 0 [pid 8375] <... set_robust_list resumed>) = 0 [pid 8375] chdir("./330" [pid 8376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8375] <... chdir resumed>) = 0 [pid 8376] memfd_create("syzkaller", 0 [pid 8375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8375] setpgid(0, 0) = 0 [pid 8375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8376] <... memfd_create resumed>) = 3 [ 280.432004][ T8372] loop1: detected capacity change from 0 to 4096 [pid 8374] write(3, "1000", 4 [pid 8376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8375] <... openat resumed>) = 3 [pid 8374] <... write resumed>) = 4 [pid 8376] <... mmap resumed>) = 0x7f670b400000 [pid 8374] close(3 [pid 8375] write(3, "1000", 4) = 4 [pid 8375] close(3) = 0 [pid 8375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8374] <... close resumed>) = 0 [pid 8374] symlink("/dev/binderfs", "./binderfs" [pid 8375] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8375] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8374] <... symlink resumed>) = 0 [pid 8374] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8375] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8374] <... futex resumed>) = 0 [pid 8375] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8374] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8375] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8377]}, 88) = 8377 [pid 8374] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8375] rt_sigprocmask(SIG_SETMASK, [], [pid 8374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 8377 attached [pid 8375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8377] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8377] <... rseq resumed>) = 0 [pid 8377] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8377] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8375] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8377] <... futex resumed>) = 0 [pid 8375] <... futex resumed>) = 1 [pid 8374] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8377] memfd_create("syzkaller", 0 [pid 8372] <... mount resumed>) = 0 [pid 8374] <... mprotect resumed>) = 0 [pid 8372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8374] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8377] <... memfd_create resumed>) = 3 [pid 8375] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8374] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8372] <... openat resumed>) = 3 [pid 8377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8377] <... mmap resumed>) = 0x7f670b400000 [pid 8372] chdir("./file0"./strace-static-x86_64: Process 8378 attached ) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8378] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8374] <... clone3 resumed> => {parent_tid=[8378]}, 88) = 8378 [pid 8372] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8378] <... rseq resumed>) = 0 [pid 8376] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8374] rt_sigprocmask(SIG_SETMASK, [], [pid 8372] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] close(3 [pid 8378] set_robust_list(0x7f67138b29a0, 24 [pid 8374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8372] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8378] <... set_robust_list resumed>) = 0 [pid 8374] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... close resumed>) = 0 [pid 8378] rt_sigprocmask(SIG_SETMASK, [], [pid 8374] <... futex resumed>) = 0 [pid 8372] <... futex resumed>) = 1 [pid 8371] <... futex resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8374] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8372] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 8379 attached [pid 8378] memfd_create("syzkaller", 0 [pid 8371] exit_group(0 [pid 8379] set_robust_list(0x5555569076a0, 24 [pid 8372] <... futex resumed>) = ? [pid 8371] <... exit_group resumed>) = ? [pid 8379] <... set_robust_list resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8379 [pid 8379] chdir("./325") = 0 [pid 8379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8379] setpgid(0, 0 [pid 8378] <... memfd_create resumed>) = 3 [pid 8379] <... setpgid resumed>) = 0 [pid 8378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8372] +++ exited with 0 +++ [pid 8371] +++ exited with 0 +++ [pid 8379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8378] <... mmap resumed>) = 0x7f670b400000 [pid 8379] <... openat resumed>) = 3 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8371, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5063] umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", [pid 8379] write(3, "1000", 4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8379] <... write resumed>) = 4 [pid 5063] getdents64(3, [pid 8379] close(3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8379] <... close resumed>) = 0 [pid 5063] umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8379] symlink("/dev/binderfs", "./binderfs" [pid 5063] unlink("./332/binderfs" [pid 8379] <... symlink resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5063] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8377] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... umount2 resumed>) = 0 [pid 8379] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8379] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8376] <... write resumed>) = 2097152 [pid 8379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8376] munmap(0x7f670b400000, 138412032 [pid 8379] <... mmap resumed>) = 0x7f6713892000 [pid 5063] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./332/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8379] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8379] <... mprotect resumed>) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8379] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] getdents64(4, [pid 8379] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4./strace-static-x86_64: Process 8380 attached [pid 8380] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] <... close resumed>) = 0 [pid 8380] <... rseq resumed>) = 0 [pid 8380] set_robust_list(0x7f67138b29a0, 24 [pid 5063] rmdir("./332/file0" [pid 8379] <... clone3 resumed> => {parent_tid=[8380]}, 88) = 8380 [pid 8380] <... set_robust_list resumed>) = 0 [pid 8380] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... rmdir resumed>) = 0 [pid 8380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] getdents64(3, [pid 8380] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 8378] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] rmdir("./332" [pid 8379] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./333", 0777 [pid 8379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8379] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8376] <... munmap resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8380] <... futex resumed>) = 0 [pid 8379] <... futex resumed>) = 1 [pid 8376] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8380] memfd_create("syzkaller", 0 [pid 8376] <... openat resumed>) = 4 [pid 8379] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8380] <... memfd_create resumed>) = 3 [pid 8376] ioctl(4, LOOP_SET_FD, 3 [pid 8380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8377] <... write resumed>) = 2097152 [pid 8376] <... ioctl resumed>) = 0 [pid 8377] munmap(0x7f670b400000, 138412032 [pid 8376] close(3) = 0 [pid 8376] close(4) = 0 [pid 8376] mkdir("./file0", 0777) = 0 [pid 8376] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8377] <... munmap resumed>) = 0 [pid 8380] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8378] <... write resumed>) = 2097152 [pid 8377] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 280.653168][ T8376] loop4: detected capacity change from 0 to 4096 [pid 8378] munmap(0x7f670b400000, 138412032 [pid 8377] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... ioctl resumed>) = 0 [pid 8378] <... munmap resumed>) = 0 [pid 8376] <... mount resumed>) = 0 [pid 8376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] close(3 [pid 8376] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 8376] chdir("./file0" [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8376] <... chdir resumed>) = 0 [pid 8376] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8381 [pid 8376] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8376] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8376] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8373] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8381 attached [pid 8373] exit_group(0 [pid 8376] <... futex resumed>) = ? [pid 8373] <... exit_group resumed>) = ? [pid 8376] +++ exited with 0 +++ [pid 8373] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8373, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5066] umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 8381] set_robust_list(0x5555569076a0, 24 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8381] <... set_robust_list resumed>) = 0 [pid 8378] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8381] chdir("./333" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8381] <... chdir resumed>) = 0 [pid 8378] <... openat resumed>) = 4 [pid 8377] <... ioctl resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./328/binderfs", [pid 8381] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8377] close(3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8381] <... prctl resumed>) = 0 [pid 8377] <... close resumed>) = 0 [pid 5066] unlink("./328/binderfs" [pid 8381] setpgid(0, 0 [ 280.726842][ T8377] loop2: detected capacity change from 0 to 4096 [pid 8377] close(4 [pid 5066] <... unlink resumed>) = 0 [pid 8381] <... setpgid resumed>) = 0 [pid 8380] <... write resumed>) = 2097152 [pid 8378] ioctl(4, LOOP_SET_FD, 3 [pid 8381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8377] <... close resumed>) = 0 [pid 5066] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8377] mkdir("./file0", 0777) = 0 [pid 8381] <... openat resumed>) = 3 [pid 8381] write(3, "1000", 4) = 4 [pid 8381] close(3) = 0 [pid 8377] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8378] <... ioctl resumed>) = 0 [pid 8381] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8381] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8378] close(3 [pid 8381] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8378] <... close resumed>) = 0 [pid 8381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8378] close(4 [pid 8381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8378] <... close resumed>) = 0 [pid 8381] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8378] mkdir("./file0", 0777 [pid 8381] <... mprotect resumed>) = 0 [pid 8380] munmap(0x7f670b400000, 138412032 [pid 8381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8378] <... mkdir resumed>) = 0 [pid 8381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8382]}, 88) = 8382 [pid 8381] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8382 attached NULL, 8) = 0 [pid 8378] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8382] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8381] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8382] <... rseq resumed>) = 0 [pid 8381] <... futex resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8381] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8382] set_robust_list(0x7f67138b29a0, 24 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8382] <... set_robust_list resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./328/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", [pid 8382] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8382] memfd_create("syzkaller", 0 [pid 8380] <... munmap resumed>) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./328/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [ 280.768598][ T8378] loop3: detected capacity change from 0 to 4096 [pid 5066] rmdir("./328" [pid 8378] <... mount resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8382] <... memfd_create resumed>) = 3 [pid 8380] ioctl(4, LOOP_SET_FD, 3 [pid 8382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] mkdir("./329", 0777 [pid 8382] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... mkdir resumed>) = 0 [pid 8378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8378] chdir("./file0") = 0 [pid 5066] <... openat resumed>) = 3 [pid 8378] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8380] <... ioctl resumed>) = 0 [pid 8378] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8377] <... mount resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8380] close(3 [pid 8378] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8380] <... close resumed>) = 0 [pid 8378] <... futex resumed>) = 1 [pid 8374] <... futex resumed>) = 0 [pid 8380] close(4 [pid 8378] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8374] exit_group(0 [pid 8380] <... close resumed>) = 0 [pid 8378] <... futex resumed>) = ? [pid 8377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8374] <... exit_group resumed>) = ? [pid 8380] mkdir("./file0", 0777 [pid 8377] <... openat resumed>) = 3 [pid 8377] chdir("./file0" [pid 8380] <... mkdir resumed>) = 0 [pid 8377] <... chdir resumed>) = 0 [pid 8377] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8377] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8375] <... futex resumed>) = 0 [pid 8380] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8375] exit_group(0) = ? [pid 8378] +++ exited with 0 +++ [pid 8377] +++ exited with 0 +++ [pid 8375] +++ exited with 0 +++ [pid 8374] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8375, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 8382] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8374, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5065] umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW [ 280.829018][ T8380] loop0: detected capacity change from 0 to 4096 [pid 5064] umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5064] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(3, "", [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(3, [pid 5065] newfstatat(AT_FDCWD, "./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./328/binderfs") = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] unlink("./330/binderfs" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./328/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5065] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... ioctl resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./328/file0") = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8383 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./328" [pid 8380] <... mount resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8383 attached [pid 8380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] mkdir("./329", 0777) = 0 [pid 8383] set_robust_list(0x5555569076a0, 24 [pid 8380] <... openat resumed>) = 3 [pid 8380] chdir("./file0") = 0 [pid 8383] <... set_robust_list resumed>) = 0 [pid 8380] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8383] chdir("./329" [pid 8380] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... openat resumed>) = 3 [pid 8380] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8380] <... futex resumed>) = 1 [pid 5065] <... ioctl resumed>) = 0 [pid 8380] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8379] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8384 attached [pid 8383] <... chdir resumed>) = 0 [pid 8384] set_robust_list(0x5555569076a0, 24 [pid 8383] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8379] exit_group(0 [pid 8384] <... set_robust_list resumed>) = 0 [pid 8383] <... prctl resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8384 [pid 8383] setpgid(0, 0 [pid 8384] chdir("./329") = 0 [pid 8384] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8383] <... setpgid resumed>) = 0 [pid 8384] <... prctl resumed>) = 0 [pid 8383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8384] setpgid(0, 0 [pid 8383] <... openat resumed>) = 3 [pid 8384] <... setpgid resumed>) = 0 [pid 8383] write(3, "1000", 4 [pid 8384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8383] <... write resumed>) = 4 [pid 8380] <... futex resumed>) = ? [pid 8379] <... exit_group resumed>) = ? [pid 8384] <... openat resumed>) = 3 [pid 8380] +++ exited with 0 +++ [pid 8384] write(3, "1000", 4) = 4 [pid 8384] close(3) = 0 [pid 8384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8384] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8384] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8384] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8383] close(3 [pid 8384] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8383] <... close resumed>) = 0 [pid 8384] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8383] symlink("/dev/binderfs", "./binderfs" [pid 8384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8383] <... symlink resumed>) = 0 [pid 8382] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 8385 attached [pid 8383] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8379] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = 0 [pid 8385] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8384] <... clone3 resumed> => {parent_tid=[8385]}, 88) = 8385 [pid 8383] <... futex resumed>) = 0 [pid 8385] set_robust_list(0x7f67138b29a0, 24 [pid 8384] rt_sigprocmask(SIG_SETMASK, [], [pid 8385] <... set_robust_list resumed>) = 0 [pid 8384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8383] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8385] rt_sigprocmask(SIG_SETMASK, [], [pid 8384] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8383] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8384] <... futex resumed>) = 0 [pid 8383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8384] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8379, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 8385] memfd_create("syzkaller", 0 [pid 8383] <... mmap resumed>) = 0x7f6713892000 [pid 5064] newfstatat(AT_FDCWD, "./330/file0", [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... restart_syscall resumed>) = 0 [pid 8383] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8383] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8385] <... memfd_create resumed>) = 3 [pid 8385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8383] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8385] <... mmap resumed>) = 0x7f670b400000 [pid 8383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./325", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8382] munmap(0x7f670b400000, 138412032 [pid 5064] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8383] <... clone3 resumed> => {parent_tid=[8386]}, 88) = 8386 [pid 8383] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8386 attached NULL, 8) = 0 [pid 8386] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8383] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8386] <... rseq resumed>) = 0 [pid 8383] <... futex resumed>) = 0 [pid 8386] set_robust_list(0x7f67138b29a0, 24 [pid 8383] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8386] <... set_robust_list resumed>) = 0 [pid 8382] <... munmap resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 5062] openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, [pid 8386] memfd_create("syzkaller", 0 [pid 5064] getdents64(4, [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./325/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 5062] newfstatat(AT_FDCWD, "./325/binderfs", [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./325/binderfs" [pid 5064] <... close resumed>) = 0 [pid 8386] <... memfd_create resumed>) = 3 [pid 5064] rmdir("./330/file0" [pid 5062] <... unlink resumed>) = 0 [pid 8386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 8382] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5064] rmdir("./330" [pid 5062] umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8382] <... openat resumed>) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./325/file0", [pid 5064] mkdir("./331", 0777 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5062] umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8382] ioctl(4, LOOP_SET_FD, 3 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 3 [pid 5062] openat(AT_FDCWD, "./325/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8385] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8386] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8382] <... ioctl resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", [pid 8382] close(3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8382] <... close resumed>) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./325/file0" [pid 8382] close(4 [pid 5062] <... rmdir resumed>) = 0 [pid 8382] <... close resumed>) = 0 [pid 8382] mkdir("./file0", 0777 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8382] <... mkdir resumed>) = 0 [ 281.061923][ T8382] loop1: detected capacity change from 0 to 4096 [pid 5062] close(3) = 0 [pid 8382] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] rmdir("./325") = 0 [pid 5062] mkdir("./326", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8386] <... write resumed>) = 2097152 [pid 8386] munmap(0x7f670b400000, 138412032 [pid 8385] <... write resumed>) = 2097152 [pid 8385] munmap(0x7f670b400000, 138412032 [pid 8386] <... munmap resumed>) = 0 [pid 8386] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5064] <... ioctl resumed>) = 0 [pid 8386] ioctl(4, LOOP_SET_FD, 3 [pid 8385] <... munmap resumed>) = 0 [pid 5064] close(3 [pid 8385] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8385] ioctl(4, LOOP_SET_FD, 3 [pid 8382] <... mount resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8386] <... ioctl resumed>) = 0 [pid 8382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8386] close(3 [pid 8382] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8387 attached [pid 8386] <... close resumed>) = 0 [pid 8387] set_robust_list(0x5555569076a0, 24 [pid 8386] close(4 [pid 8382] chdir("./file0" [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8387 [pid 5062] <... ioctl resumed>) = 0 [pid 8387] <... set_robust_list resumed>) = 0 [pid 8382] <... chdir resumed>) = 0 [pid 8386] <... close resumed>) = 0 [pid 8387] chdir("./331" [pid 8386] mkdir("./file0", 0777 [pid 8385] <... ioctl resumed>) = 0 [pid 8382] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] close(3 [pid 8387] <... chdir resumed>) = 0 [pid 8387] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8386] <... mkdir resumed>) = 0 [pid 8385] close(3 [pid 8382] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] <... close resumed>) = 0 [pid 8387] <... prctl resumed>) = 0 [pid 8386] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8385] <... close resumed>) = 0 [pid 8382] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8387] setpgid(0, 0 [pid 8382] <... futex resumed>) = 1 [pid 8381] <... futex resumed>) = 0 [pid 8381] exit_group(0) = ? [pid 8387] <... setpgid resumed>) = 0 [pid 8385] close(4./strace-static-x86_64: Process 8388 attached [pid 8388] set_robust_list(0x5555569076a0, 24) = 0 [pid 8388] chdir("./326") = 0 [pid 8388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8388] setpgid(0, 0 [pid 8382] +++ exited with 0 +++ [pid 8381] +++ exited with 0 +++ [pid 8388] <... setpgid resumed>) = 0 [pid 8387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8385] <... close resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8381, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8387] <... openat resumed>) = 3 [pid 8385] mkdir("./file0", 0777 [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 8388] <... openat resumed>) = 3 [pid 8387] write(3, "1000", 4 [pid 5063] <... restart_syscall resumed>) = 0 [pid 8388] write(3, "1000", 4 [pid 8387] <... write resumed>) = 4 [pid 8385] <... mkdir resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8388 [pid 8388] <... write resumed>) = 4 [pid 8387] close(3 [pid 8385] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8388] close(3 [pid 8387] <... close resumed>) = 0 [pid 5063] umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8388] <... close resumed>) = 0 [pid 8387] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8388] symlink("/dev/binderfs", "./binderfs" [pid 5063] openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8388] <... symlink resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8388] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8387] <... symlink resumed>) = 0 [pid 5063] newfstatat(3, "", [ 281.163668][ T8386] loop4: detected capacity change from 0 to 4096 [ 281.183903][ T8385] loop3: detected capacity change from 0 to 4096 [pid 8387] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8387] <... futex resumed>) = 0 [pid 8388] <... futex resumed>) = 0 [pid 5063] getdents64(3, [pid 8387] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8388] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8387] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8388] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8388] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] newfstatat(AT_FDCWD, "./333/binderfs", [pid 8388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8387] <... mmap resumed>) = 0x7f6713892000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8388] <... mmap resumed>) = 0x7f6713892000 [pid 8387] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] unlink("./333/binderfs" [pid 8388] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8387] <... mprotect resumed>) = 0 [pid 8387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8388] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8388] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8389 attached [pid 8388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8390 attached [pid 8389] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8387] <... clone3 resumed> => {parent_tid=[8389]}, 88) = 8389 [pid 8390] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8389] <... rseq resumed>) = 0 [pid 8388] <... clone3 resumed> => {parent_tid=[8390]}, 88) = 8390 [pid 8387] rt_sigprocmask(SIG_SETMASK, [], [pid 8390] <... rseq resumed>) = 0 [pid 8389] set_robust_list(0x7f67138b29a0, 24 [pid 8388] rt_sigprocmask(SIG_SETMASK, [], [pid 8387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8385] <... mount resumed>) = 0 [pid 5063] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8390] set_robust_list(0x7f67138b29a0, 24 [pid 8389] <... set_robust_list resumed>) = 0 [pid 8388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8387] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8390] <... set_robust_list resumed>) = 0 [pid 8389] rt_sigprocmask(SIG_SETMASK, [], [pid 8388] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8387] <... futex resumed>) = 0 [pid 8385] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8390] rt_sigprocmask(SIG_SETMASK, [], [pid 8389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8388] <... futex resumed>) = 0 [pid 8387] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8385] chdir("./file0" [pid 5063] newfstatat(AT_FDCWD, "./333/file0", [pid 8390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8388] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8390] memfd_create("syzkaller", 0 [pid 8389] memfd_create("syzkaller", 0 [pid 8385] <... chdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8390] <... memfd_create resumed>) = 3 [pid 8389] <... memfd_create resumed>) = 3 [pid 8386] <... mount resumed>) = 0 [pid 8385] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8385] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8385] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8385] <... futex resumed>) = 1 [pid 8384] <... futex resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8385] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8384] exit_group(0 [pid 8389] <... mmap resumed>) = 0x7f670b400000 [pid 8386] <... openat resumed>) = 3 [pid 8385] <... futex resumed>) = ? [pid 8384] <... exit_group resumed>) = ? [pid 5063] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", [pid 8385] +++ exited with 0 +++ [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8386] chdir("./file0") = 0 [pid 8384] +++ exited with 0 +++ [pid 8386] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8384, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8386] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8386] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(4, [pid 8383] <... futex resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8386] <... futex resumed>) = 1 [pid 8383] exit_group(0 [pid 5065] umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] close(4 [pid 8383] <... exit_group resumed>) = ? [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 8386] +++ exited with 0 +++ [pid 5063] rmdir("./333/file0" [pid 5065] openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... rmdir resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5063] getdents64(3, [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] close(3 [pid 5065] umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./333" [pid 5065] newfstatat(AT_FDCWD, "./329/binderfs", [pid 5063] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8383] +++ exited with 0 +++ [pid 5065] unlink("./329/binderfs" [pid 5063] mkdir("./334", 0777 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8383, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5065] <... unlink resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5066] umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8390] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 5065] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(AT_FDCWD, "./329/file0", [pid 5066] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] newfstatat(AT_FDCWD, "./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5066] unlink("./329/binderfs" [pid 5065] newfstatat(4, "", [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./329/file0") = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./329" [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5066] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] mkdir("./330", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... mkdir resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./329/file0", [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5066] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8390] <... write resumed>) = 2097152 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8390] munmap(0x7f670b400000, 138412032 [pid 5066] openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8389] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8390] <... munmap resumed>) = 0 [pid 5066] getdents64(4, [pid 8390] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8390] <... openat resumed>) = 4 [pid 5066] close(4) = 0 [pid 5066] rmdir("./329/file0") = 0 [pid 8390] ioctl(4, LOOP_SET_FD, 3 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./329") = 0 [pid 8389] <... write resumed>) = 2097152 [pid 8390] <... ioctl resumed>) = 0 [pid 5066] mkdir("./330", 0777) = 0 [pid 8390] close(3 [pid 8389] munmap(0x7f670b400000, 138412032 [pid 5063] <... ioctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8390] <... close resumed>) = 0 [pid 8390] close(4 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8390] <... close resumed>) = 0 [pid 8390] mkdir("./file0", 0777) = 0 [pid 8390] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8389] <... munmap resumed>) = 0 [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8389] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 8391 attached ) = 4 [ 281.402409][ T8390] loop0: detected capacity change from 0 to 4096 [pid 8389] ioctl(4, LOOP_SET_FD, 3 [pid 8391] set_robust_list(0x5555569076a0, 24 [pid 8389] <... ioctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8391 [pid 8391] <... set_robust_list resumed>) = 0 [pid 5065] close(3) = 0 [pid 8391] chdir("./334" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8389] close(3) = 0 [pid 8389] close(4) = 0 [pid 8389] mkdir("./file0", 0777) = 0 [pid 8391] <... chdir resumed>) = 0 [pid 8389] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8392 [pid 8391] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 8392 attached ) = 0 [pid 8392] set_robust_list(0x5555569076a0, 24 [pid 8391] setpgid(0, 0 [pid 8392] <... set_robust_list resumed>) = 0 [pid 8392] chdir("./330" [pid 8391] <... setpgid resumed>) = 0 [pid 8391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8392] <... chdir resumed>) = 0 [pid 8392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8391] <... openat resumed>) = 3 [pid 8392] setpgid(0, 0 [pid 8391] write(3, "1000", 4 [pid 8392] <... setpgid resumed>) = 0 [pid 8391] <... write resumed>) = 4 [pid 8391] close(3) = 0 [pid 8392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8391] symlink("/dev/binderfs", "./binderfs" [pid 8392] <... openat resumed>) = 3 [pid 8391] <... symlink resumed>) = 0 [pid 8392] write(3, "1000", 4) = 4 [pid 8391] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8392] close(3 [pid 8391] <... futex resumed>) = 0 [pid 8392] <... close resumed>) = 0 [pid 8392] symlink("/dev/binderfs", "./binderfs" [pid 8391] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8392] <... symlink resumed>) = 0 [pid 8391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5066] <... ioctl resumed>) = 0 [ 281.459365][ T8389] loop2: detected capacity change from 0 to 4096 [pid 8392] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8391] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] close(3 [pid 8392] <... futex resumed>) = 0 [pid 8391] <... mprotect resumed>) = 0 [pid 8392] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... close resumed>) = 0 [pid 8392] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8391] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8391] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8392] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8392] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 8393 attached ./strace-static-x86_64: Process 8394 attached [pid 8392] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8391] <... clone3 resumed> => {parent_tid=[8394]}, 88) = 8394 [pid 8389] <... mount resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8393 [pid 8394] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8394] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8394] rt_sigprocmask(SIG_SETMASK, [], [pid 8393] set_robust_list(0x5555569076a0, 24 [pid 8394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8392] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8391] rt_sigprocmask(SIG_SETMASK, [], [pid 8389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8393] <... set_robust_list resumed>) = 0 [pid 8394] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8389] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8395 attached [pid 8393] chdir("./330" [pid 8391] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8389] chdir("./file0" [pid 8395] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8393] <... chdir resumed>) = 0 [pid 8391] <... futex resumed>) = 1 [pid 8395] <... rseq resumed>) = 0 [pid 8391] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8395] set_robust_list(0x7f67138b29a0, 24 [pid 8394] <... futex resumed>) = 0 [pid 8389] <... chdir resumed>) = 0 [pid 8395] <... set_robust_list resumed>) = 0 [pid 8393] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8392] <... clone3 resumed> => {parent_tid=[8395]}, 88) = 8395 [pid 8390] <... mount resumed>) = 0 [pid 8389] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8395] rt_sigprocmask(SIG_SETMASK, [], [pid 8389] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8389] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8389] <... futex resumed>) = 1 [pid 8395] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8393] <... prctl resumed>) = 0 [pid 8394] memfd_create("syzkaller", 0 [pid 8392] rt_sigprocmask(SIG_SETMASK, [], [pid 8390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8389] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8387] <... futex resumed>) = 0 [pid 8393] setpgid(0, 0 [pid 8394] <... memfd_create resumed>) = 3 [pid 8392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8390] <... openat resumed>) = 3 [pid 8387] exit_group(0 [pid 8393] <... setpgid resumed>) = 0 [pid 8394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8390] chdir("./file0" [pid 8389] <... futex resumed>) = ? [pid 8387] <... exit_group resumed>) = ? [pid 8393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8394] <... mmap resumed>) = 0x7f670b400000 [pid 8392] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8390] <... chdir resumed>) = 0 [pid 8389] +++ exited with 0 +++ [pid 8392] <... futex resumed>) = 1 [pid 8395] <... futex resumed>) = 0 [pid 8390] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8395] memfd_create("syzkaller", 0 [pid 8390] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8393] <... openat resumed>) = 3 [pid 8395] <... memfd_create resumed>) = 3 [pid 8392] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8390] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8387] +++ exited with 0 +++ [pid 8393] write(3, "1000", 4 [pid 8390] <... futex resumed>) = 1 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8387, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 8395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8393] <... write resumed>) = 4 [pid 8390] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8388] <... futex resumed>) = 0 [pid 8395] <... mmap resumed>) = 0x7f670b400000 [pid 8393] close(3 [pid 8388] exit_group(0 [pid 8393] <... close resumed>) = 0 [pid 8393] symlink("/dev/binderfs", "./binderfs" [pid 8390] <... futex resumed>) = ? [pid 8388] <... exit_group resumed>) = ? [pid 5064] umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8393] <... symlink resumed>) = 0 [pid 8390] +++ exited with 0 +++ [pid 8388] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8388, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5064] newfstatat(3, "", [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... restart_syscall resumed>) = 0 [pid 5064] getdents64(3, [pid 8393] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8393] <... futex resumed>) = 0 [pid 5064] umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8393] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8393] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] newfstatat(AT_FDCWD, "./331/binderfs", [pid 5062] openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8394] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] unlink("./331/binderfs" [pid 5062] newfstatat(3, "", [pid 8393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5062] getdents64(3, [pid 8393] <... mmap resumed>) = 0x7f6713892000 [pid 5064] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8393] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8393] <... mprotect resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(AT_FDCWD, "./326/binderfs", [pid 8395] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8393] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(AT_FDCWD, "./331/file0", [pid 5062] unlink("./326/binderfs" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... unlink resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8393] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] newfstatat(4, "", [pid 5062] <... umount2 resumed>) = 0 [pid 8393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8394] <... write resumed>) = 2097152 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8396 attached [pid 5064] getdents64(4, [pid 8396] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8393] <... clone3 resumed> => {parent_tid=[8396]}, 88) = 8396 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8396] <... rseq resumed>) = 0 [pid 8393] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] getdents64(4, [pid 8396] set_robust_list(0x7f67138b29a0, 24 [pid 8393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8396] <... set_robust_list resumed>) = 0 [pid 8393] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] close(4 [pid 8396] rt_sigprocmask(SIG_SETMASK, [], [pid 8393] <... futex resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8393] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8394] munmap(0x7f670b400000, 138412032 [pid 8396] memfd_create("syzkaller", 0 [pid 8395] <... write resumed>) = 2097152 [pid 8394] <... munmap resumed>) = 0 [pid 5064] rmdir("./331/file0" [pid 5062] umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8396] <... memfd_create resumed>) = 3 [pid 8396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8396] <... mmap resumed>) = 0x7f670b400000 [pid 8395] munmap(0x7f670b400000, 138412032 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8395] <... munmap resumed>) = 0 [pid 8394] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] close(3 [pid 5062] newfstatat(AT_FDCWD, "./326/file0", [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./331" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8394] <... openat resumed>) = 4 [pid 5062] openat(AT_FDCWD, "./326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8394] ioctl(4, LOOP_SET_FD, 3 [pid 5064] mkdir("./332", 0777 [pid 5062] newfstatat(4, "", [pid 8394] <... ioctl resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 8395] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] getdents64(4, [pid 8395] <... openat resumed>) = 4 [pid 5064] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8395] ioctl(4, LOOP_SET_FD, 3 [pid 5062] getdents64(4, [pid 8396] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8394] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8394] <... close resumed>) = 0 [pid 8394] close(4) = 0 [pid 8394] mkdir("./file0", 0777) = 0 [pid 5062] close(4 [pid 8394] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./326/file0" [pid 8395] <... ioctl resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8395] close(3 [pid 5062] getdents64(3, [pid 8395] <... close resumed>) = 0 [pid 8395] close(4 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 8395] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./326" [pid 8395] mkdir("./file0", 0777 [pid 5062] <... rmdir resumed>) = 0 [pid 8395] <... mkdir resumed>) = 0 [pid 5062] mkdir("./327", 0777 [pid 8395] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5062] <... mkdir resumed>) = 0 [pid 8394] <... mount resumed>) = 0 [pid 8394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8394] <... openat resumed>) = 3 [ 281.709415][ T8394] loop1: detected capacity change from 0 to 4096 [ 281.721421][ T8395] loop3: detected capacity change from 0 to 4096 [pid 8394] chdir("./file0" [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8394] <... chdir resumed>) = 0 [pid 8394] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8394] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8394] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8391] <... futex resumed>) = 0 [pid 8391] exit_group(0) = ? [pid 8394] <... futex resumed>) = ? [pid 8394] +++ exited with 0 +++ [pid 8391] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8391, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5063] umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 8396] <... write resumed>) = 2097152 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8396] munmap(0x7f670b400000, 138412032 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8396] <... munmap resumed>) = 0 [pid 5064] close(3 [pid 5063] newfstatat(AT_FDCWD, "./334/binderfs", [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8397 attached [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8397] set_robust_list(0x5555569076a0, 24 [pid 5063] unlink("./334/binderfs" [pid 8396] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8395] <... mount resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8397 [pid 5063] <... unlink resumed>) = 0 [pid 8397] <... set_robust_list resumed>) = 0 [pid 8396] <... openat resumed>) = 4 [pid 8396] ioctl(4, LOOP_SET_FD, 3 [pid 8397] chdir("./332" [pid 8396] <... ioctl resumed>) = 0 [pid 8395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8395] chdir("./file0") = 0 [pid 5063] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8395] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... ioctl resumed>) = 0 [pid 8395] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8395] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8395] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8397] <... chdir resumed>) = 0 [pid 8392] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8396] close(3) = 0 [pid 8396] close(4 [pid 8392] exit_group(0 [pid 5063] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8397] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8392] <... exit_group resumed>) = ? [pid 8397] <... prctl resumed>) = 0 [pid 8395] <... futex resumed>) = ? [pid 8397] setpgid(0, 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] close(3 [pid 8397] <... setpgid resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./334/file0", [pid 8396] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8396] mkdir("./file0", 0777) = 0 [pid 8397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8395] +++ exited with 0 +++ [pid 8392] +++ exited with 0 +++ [pid 5063] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... close resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8392, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8396] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8398 attached [pid 5065] umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8398] set_robust_list(0x5555569076a0, 24) = 0 [pid 8398] chdir("./327") = 0 [pid 8398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8398] setpgid(0, 0) = 0 [ 281.840170][ T8396] loop4: detected capacity change from 0 to 4096 [pid 5065] openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8397] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5063] newfstatat(4, "", [pid 8398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8397] write(3, "1000", 4 [pid 5065] newfstatat(3, "", [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8398 [pid 8398] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8397] <... write resumed>) = 4 [pid 5065] getdents64(3, [pid 5063] getdents64(4, [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8398] write(3, "1000", 4 [pid 5063] getdents64(4, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8398] <... write resumed>) = 4 [pid 8397] close(3 [pid 5065] newfstatat(AT_FDCWD, "./330/binderfs", [pid 5063] close(4 [pid 8398] close(3 [pid 8397] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... close resumed>) = 0 [pid 8398] <... close resumed>) = 0 [pid 8397] symlink("/dev/binderfs", "./binderfs" [pid 5065] unlink("./330/binderfs" [pid 5063] rmdir("./334/file0" [pid 8398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5065] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8398] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(3, [pid 8398] <... futex resumed>) = 0 [pid 8398] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8396] <... mount resumed>) = 0 [pid 8398] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8397] <... symlink resumed>) = 0 [pid 8396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... umount2 resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8397] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] close(3 [pid 8397] <... futex resumed>) = 0 [pid 8397] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8398] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8396] <... openat resumed>) = 3 [pid 8398] <... mprotect resumed>) = 0 [pid 8396] chdir("./file0" [pid 8397] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... close resumed>) = 0 [pid 5065] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8398] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8396] <... chdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] rmdir("./334" [pid 8398] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8396] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] newfstatat(AT_FDCWD, "./330/file0", [pid 8398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8396] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8399 attached [pid 8397] <... mmap resumed>) = 0x7f6713892000 [pid 8396] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8399] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8397] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8396] <... futex resumed>) = 1 [pid 8393] <... futex resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8399] <... rseq resumed>) = 0 [pid 8398] <... clone3 resumed> => {parent_tid=[8399]}, 88) = 8399 [pid 8397] <... mprotect resumed>) = 0 [pid 8396] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8393] exit_group(0 [pid 5065] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] mkdir("./335", 0777 [pid 8399] set_robust_list(0x7f67138b29a0, 24 [pid 8398] rt_sigprocmask(SIG_SETMASK, [], [pid 8396] <... futex resumed>) = ? [pid 8393] <... exit_group resumed>) = ? [pid 8399] <... set_robust_list resumed>) = 0 [pid 8398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8396] +++ exited with 0 +++ [pid 8393] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... mkdir resumed>) = 0 [pid 8399] rt_sigprocmask(SIG_SETMASK, [], [pid 8398] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8398] <... futex resumed>) = 0 [pid 8397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8393, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5066] umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5063] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8400 attached [pid 8399] memfd_create("syzkaller", 0 [pid 8398] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(4, "", [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8400] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8397] <... clone3 resumed> => {parent_tid=[8400]}, 88) = 8400 [pid 5066] openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8400] <... rseq resumed>) = 0 [pid 8397] rt_sigprocmask(SIG_SETMASK, [], [pid 8399] <... memfd_create resumed>) = 3 [pid 8397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8400] set_robust_list(0x7f67138b29a0, 24 [pid 5066] <... openat resumed>) = 3 [pid 8400] <... set_robust_list resumed>) = 0 [pid 8399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8397] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(3, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8400] rt_sigprocmask(SIG_SETMASK, [], [pid 8399] <... mmap resumed>) = 0x7f670b400000 [pid 8400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8397] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 8400] memfd_create("syzkaller", 0 [pid 8397] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] getdents64(3, [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8400] <... memfd_create resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, [pid 5066] umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(4 [pid 8400] <... mmap resumed>) = 0x7f670b400000 [pid 5066] newfstatat(AT_FDCWD, "./330/binderfs", [pid 5065] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] rmdir("./330/file0" [pid 5066] unlink("./330/binderfs") = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5066] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8399] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./330") = 0 [pid 5065] mkdir("./331", 0777) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8400] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./330/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5066] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] close(3 [pid 8399] <... write resumed>) = 2097152 [pid 5066] <... openat resumed>) = 4 [pid 5063] <... close resumed>) = 0 [pid 8399] munmap(0x7f670b400000, 138412032 [pid 5066] newfstatat(4, "", [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8401 attached [pid 5066] close(4 [pid 8401] set_robust_list(0x5555569076a0, 24 [pid 5066] <... close resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8401 [pid 5066] rmdir("./330/file0" [pid 8401] <... set_robust_list resumed>) = 0 [pid 8401] chdir("./335" [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 8399] <... munmap resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8399] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] close(3 [pid 8401] <... chdir resumed>) = 0 [pid 8399] <... openat resumed>) = 4 [pid 5066] <... close resumed>) = 0 [pid 8399] ioctl(4, LOOP_SET_FD, 3 [pid 5066] rmdir("./330" [pid 8401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8401] setpgid(0, 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8401] <... setpgid resumed>) = 0 [pid 8401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] mkdir("./331", 0777 [pid 8401] write(3, "1000", 4) = 4 [pid 8399] <... ioctl resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 8401] close(3) = 0 [pid 8401] symlink("/dev/binderfs", "./binderfs" [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8401] <... symlink resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 8399] close(3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8399] <... close resumed>) = 0 [pid 8399] close(4) = 0 [pid 8399] mkdir("./file0", 0777 [pid 8401] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8400] <... write resumed>) = 2097152 [pid 8399] <... mkdir resumed>) = 0 [pid 8400] munmap(0x7f670b400000, 138412032 [pid 8401] <... futex resumed>) = 0 [pid 8401] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8399] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8401] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8401] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... ioctl resumed>) = 0 [pid 8401] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] close(3 [pid 8401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8402 attached => {parent_tid=[8402]}, 88) = 8402 [pid 5065] <... close resumed>) = 0 [pid 8402] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8401] rt_sigprocmask(SIG_SETMASK, [], [pid 8400] <... munmap resumed>) = 0 [pid 8399] <... mount resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8402] <... rseq resumed>) = 0 [pid 8401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8402] set_robust_list(0x7f67138b29a0, 24 [pid 8401] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8402] <... set_robust_list resumed>) = 0 [pid 8401] <... futex resumed>) = 0 [pid 8399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [ 282.066312][ T8399] loop0: detected capacity change from 0 to 4096 [pid 8402] rt_sigprocmask(SIG_SETMASK, [], [pid 8401] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8399] <... openat resumed>) = 3 [pid 8402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8400] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8399] chdir("./file0"./strace-static-x86_64: Process 8403 attached [pid 8402] memfd_create("syzkaller", 0 [pid 8400] <... openat resumed>) = 4 [pid 8399] <... chdir resumed>) = 0 [pid 8403] set_robust_list(0x5555569076a0, 24 [pid 8402] <... memfd_create resumed>) = 3 [pid 8402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8403] <... set_robust_list resumed>) = 0 [pid 8403] chdir("./331" [pid 8402] <... mmap resumed>) = 0x7f670b400000 [pid 8400] ioctl(4, LOOP_SET_FD, 3 [pid 8399] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8403 [pid 8403] <... chdir resumed>) = 0 [pid 8399] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8403] setpgid(0, 0) = 0 [pid 8399] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8399] <... futex resumed>) = 1 [pid 8399] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8398] <... futex resumed>) = 0 [pid 8403] write(3, "1000", 4) = 4 [pid 8403] close(3 [pid 8398] exit_group(0 [pid 8403] <... close resumed>) = 0 [pid 8398] <... exit_group resumed>) = ? [pid 8403] symlink("/dev/binderfs", "./binderfs" [pid 8399] <... futex resumed>) = ? [pid 8403] <... symlink resumed>) = 0 [pid 8399] +++ exited with 0 +++ [pid 8398] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8398, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8403] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8400] <... ioctl resumed>) = 0 [pid 8400] close(3 [pid 5062] umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8403] <... futex resumed>) = 0 [ 282.143494][ T8400] loop2: detected capacity change from 0 to 4096 [pid 8403] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8402] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8400] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8403] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8400] close(4 [pid 5062] openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8400] <... close resumed>) = 0 [pid 8403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8400] mkdir("./file0", 0777 [pid 5062] newfstatat(3, "", [pid 8403] <... mmap resumed>) = 0x7f6713892000 [pid 8400] <... mkdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8403] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8400] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] getdents64(3, [pid 8403] <... mprotect resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8403] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8403] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] newfstatat(AT_FDCWD, "./327/binderfs", [pid 8403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./327/binderfs" [pid 8403] <... clone3 resumed> => {parent_tid=[8404]}, 88) = 8404 [pid 5062] <... unlink resumed>) = 0 [pid 8403] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8404 attached NULL, 8) = 0 [pid 8404] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8403] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8404] set_robust_list(0x7f67138b29a0, 24 [pid 8403] <... futex resumed>) = 0 [pid 8404] <... set_robust_list resumed>) = 0 [pid 8403] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8404] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8404] memfd_create("syzkaller", 0 [pid 5062] umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./327/file0", [pid 8404] <... memfd_create resumed>) = 3 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8404] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5062] close(4 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... close resumed>) = 0 ./strace-static-x86_64: Process 8405 attached [pid 8405] set_robust_list(0x5555569076a0, 24 [pid 5062] rmdir("./327/file0") = 0 [pid 8405] <... set_robust_list resumed>) = 0 [pid 5062] getdents64(3, [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8405 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8405] chdir("./331" [pid 5062] close(3) = 0 [pid 5062] rmdir("./327" [pid 8405] <... chdir resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] mkdir("./328", 0777 [pid 8405] setpgid(0, 0) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8405] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8405] write(3, "1000", 4) = 4 [pid 8405] close(3) = 0 [pid 8405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8405] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8405] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8405] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8402] <... write resumed>) = 2097152 [pid 8400] <... mount resumed>) = 0 [pid 8402] munmap(0x7f670b400000, 138412032 [pid 8400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8405] <... clone3 resumed> => {parent_tid=[8406]}, 88) = 8406 [pid 8400] <... openat resumed>) = 3 [pid 8400] chdir("./file0" [pid 8405] rt_sigprocmask(SIG_SETMASK, [], [pid 8400] <... chdir resumed>) = 0 [pid 8400] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 8406 attached ) = -1 EBUSY (Device or resource busy) [pid 8406] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8400] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8406] <... rseq resumed>) = 0 [pid 8400] <... futex resumed>) = 1 [pid 8397] <... futex resumed>) = 0 [pid 8406] set_robust_list(0x7f67138b29a0, 24 [pid 8397] exit_group(0 [pid 8406] <... set_robust_list resumed>) = 0 [pid 8406] rt_sigprocmask(SIG_SETMASK, [], [pid 8405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8404] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8402] <... munmap resumed>) = 0 [pid 8397] <... exit_group resumed>) = ? [pid 8406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8402] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8400] +++ exited with 0 +++ [pid 8397] +++ exited with 0 +++ [pid 8402] <... openat resumed>) = 4 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8397, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 8402] ioctl(4, LOOP_SET_FD, 3 [pid 8406] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8405] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8402] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 8405] <... futex resumed>) = 1 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8405] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8406] <... futex resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./332/binderfs") = 0 [pid 5064] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8406] memfd_create("syzkaller", 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8406] <... memfd_create resumed>) = 3 [pid 8406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8402] close(3 [pid 5064] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... ioctl resumed>) = 0 [pid 8406] <... mmap resumed>) = 0x7f670b400000 [pid 8402] <... close resumed>) = 0 [pid 8402] close(4) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8402] mkdir("./file0", 0777 [pid 5064] newfstatat(AT_FDCWD, "./332/file0", [pid 5062] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8402] <... mkdir resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5062] <... close resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 8402] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./332/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./332") = 0 ./strace-static-x86_64: Process 8407 attached [pid 5064] mkdir("./333", 0777 [pid 8407] set_robust_list(0x5555569076a0, 24) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8407 [pid 8407] chdir("./328" [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 282.321102][ T8402] loop1: detected capacity change from 0 to 4096 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8407] <... chdir resumed>) = 0 [pid 8407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8407] setpgid(0, 0) = 0 [pid 8404] <... write resumed>) = 2097152 [pid 8407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8406] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8407] <... openat resumed>) = 3 [pid 8404] munmap(0x7f670b400000, 138412032 [pid 8407] write(3, "1000", 4 [pid 8402] <... mount resumed>) = 0 [pid 8407] <... write resumed>) = 4 [pid 8407] close(3) = 0 [pid 8407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8402] chdir("./file0" [pid 8407] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8402] <... chdir resumed>) = 0 [pid 8407] <... futex resumed>) = 0 [pid 8402] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8407] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8402] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8402] <... futex resumed>) = 1 [pid 8401] <... futex resumed>) = 0 [pid 8407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8402] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8401] exit_group(0 [pid 8407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8402] <... futex resumed>) = ? [pid 8401] <... exit_group resumed>) = ? [pid 8407] <... mmap resumed>) = 0x7f6713892000 [pid 8402] +++ exited with 0 +++ [pid 8401] +++ exited with 0 +++ [pid 8407] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8404] <... munmap resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8401, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 8407] <... mprotect resumed>) = 0 [pid 8407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8404] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8404] <... openat resumed>) = 4 [pid 8404] ioctl(4, LOOP_SET_FD, 3 [pid 8407] <... clone3 resumed> => {parent_tid=[8408]}, 88) = 8408 ./strace-static-x86_64: Process 8408 attached [pid 8407] rt_sigprocmask(SIG_SETMASK, [], [pid 8408] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8408] <... rseq resumed>) = 0 [pid 8407] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8408] set_robust_list(0x7f67138b29a0, 24 [pid 8407] <... futex resumed>) = 0 [pid 8408] <... set_robust_list resumed>) = 0 [pid 8407] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8408] memfd_create("syzkaller", 0 [pid 8406] <... write resumed>) = 2097152 [pid 8404] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8408] <... memfd_create resumed>) = 3 [pid 8406] munmap(0x7f670b400000, 138412032 [pid 8404] close(3 [pid 5064] close(3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8404] <... close resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8408] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8406] <... munmap resumed>) = 0 [pid 8404] close(4) = 0 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8404] mkdir("./file0", 0777) = 0 [pid 5063] umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8409 attached [pid 8408] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8406] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8404] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8409 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8409] set_robust_list(0x5555569076a0, 24 [pid 5063] newfstatat(AT_FDCWD, "./335/binderfs", [pid 8409] <... set_robust_list resumed>) = 0 [ 282.438326][ T8404] loop3: detected capacity change from 0 to 4096 [pid 8409] chdir("./333" [pid 8406] <... openat resumed>) = 4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8409] <... chdir resumed>) = 0 [pid 8406] ioctl(4, LOOP_SET_FD, 3 [pid 5063] unlink("./335/binderfs" [pid 8409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8409] setpgid(0, 0 [pid 5063] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8409] <... setpgid resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8409] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8409] write(3, "1000", 4 [pid 5063] newfstatat(AT_FDCWD, "./335/file0", [pid 8409] <... write resumed>) = 4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8409] close(3 [pid 8406] <... ioctl resumed>) = 0 [pid 8409] <... close resumed>) = 0 [pid 5063] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8409] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8409] <... symlink resumed>) = 0 [pid 8406] close(3 [pid 5063] openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8406] <... close resumed>) = 0 [pid 8406] close(4 [pid 5063] <... openat resumed>) = 4 [pid 8409] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8406] <... close resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 8406] mkdir("./file0", 0777 [pid 8409] <... futex resumed>) = 0 [pid 8406] <... mkdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8409] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] getdents64(4, [pid 8409] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8408] <... write resumed>) = 2097152 [pid 8409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8408] munmap(0x7f670b400000, 138412032 [pid 8406] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8404] <... mount resumed>) = 0 [pid 5063] getdents64(4, [pid 8409] <... mmap resumed>) = 0x7f6713892000 [pid 8404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [ 282.499162][ T8406] loop4: detected capacity change from 0 to 4096 [pid 8409] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8404] <... openat resumed>) = 3 [pid 5063] close(4 [pid 8409] <... mprotect resumed>) = 0 [pid 8404] chdir("./file0" [pid 8409] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8408] <... munmap resumed>) = 0 [pid 8404] <... chdir resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./335/file0" [pid 8404] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8408] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8409] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8404] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8408] <... openat resumed>) = 4 [pid 8404] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8410 attached [pid 8408] ioctl(4, LOOP_SET_FD, 3 [pid 8404] <... futex resumed>) = 1 [pid 8403] <... futex resumed>) = 0 [pid 8403] exit_group(0) = ? [pid 8406] <... mount resumed>) = 0 [pid 8410] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8409] <... clone3 resumed> => {parent_tid=[8410]}, 88) = 8410 [pid 8408] <... ioctl resumed>) = 0 [pid 5063] getdents64(3, [pid 8410] <... rseq resumed>) = 0 [pid 8409] rt_sigprocmask(SIG_SETMASK, [], [pid 8408] close(3 [pid 8406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8404] +++ exited with 0 +++ [pid 8403] +++ exited with 0 +++ [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8410] set_robust_list(0x7f67138b29a0, 24 [pid 8409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8408] <... close resumed>) = 0 [pid 8410] <... set_robust_list resumed>) = 0 [pid 8409] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8408] close(4 [pid 8406] <... openat resumed>) = 3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8403, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5063] close(3 [pid 8410] rt_sigprocmask(SIG_SETMASK, [], [pid 8409] <... futex resumed>) = 0 [pid 8406] chdir("./file0" [pid 5065] umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8409] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8408] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 8410] memfd_create("syzkaller", 0 [pid 8406] <... chdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] rmdir("./335" [pid 8406] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 8410] <... memfd_create resumed>) = 3 [pid 8406] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] getdents64(3, [pid 8410] <... mmap resumed>) = 0x7f670b400000 [pid 8406] <... futex resumed>) = 1 [pid 8405] <... futex resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... rmdir resumed>) = 0 [pid 8406] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8408] mkdir("./file0", 0777 [pid 8405] exit_group(0 [pid 5065] umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] mkdir("./336", 0777 [pid 8408] <... mkdir resumed>) = 0 [pid 8406] <... futex resumed>) = ? [pid 8405] <... exit_group resumed>) = ? [pid 8406] +++ exited with 0 +++ [pid 8405] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... mkdir resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8405, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=4 /* 0.04 s */} --- [pid 5065] newfstatat(AT_FDCWD, "./331/binderfs", [pid 8408] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./331/binderfs") = 0 [ 282.571917][ T8408] loop0: detected capacity change from 0 to 4096 [pid 5065] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./331/file0", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8410] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(3, "", [pid 5065] openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5066] getdents64(3, [pid 5065] newfstatat(4, "", [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] newfstatat(AT_FDCWD, "./331/binderfs", [pid 5065] getdents64(4, [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] unlink("./331/binderfs" [pid 5065] close(4 [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5066] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./331/file0") = 0 [pid 8408] <... mount resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./331" [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 8408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8408] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./331/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8408] chdir("./file0" [pid 5066] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] mkdir("./332", 0777 [pid 8408] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... mkdir resumed>) = 0 [pid 8408] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8408] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... openat resumed>) = 4 [pid 8408] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8407] <... futex resumed>) = 0 [pid 8407] exit_group(0) = ? [pid 8408] <... futex resumed>) = ? [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8408] +++ exited with 0 +++ [pid 8407] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", [pid 5065] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./331/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./331") = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8407, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] mkdir("./332", 0777) = 0 [pid 8410] <... write resumed>) = 2097152 [pid 5063] <... ioctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 8410] munmap(0x7f670b400000, 138412032 [pid 5063] close(3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8411 attached [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8411 [pid 8411] set_robust_list(0x5555569076a0, 24 [pid 8410] <... munmap resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 8411] <... set_robust_list resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8411] chdir("./336" [pid 8410] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] getdents64(3, [pid 8411] <... chdir resumed>) = 0 [pid 8410] <... openat resumed>) = 4 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8411] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8410] ioctl(4, LOOP_SET_FD, 3 [pid 5062] umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./328/binderfs") = 0 [pid 5062] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8411] <... prctl resumed>) = 0 [pid 8411] setpgid(0, 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8411] <... setpgid resumed>) = 0 [pid 5062] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] newfstatat(AT_FDCWD, "./328/file0", [pid 8411] write(3, "1000", 4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8411] <... write resumed>) = 4 [pid 5062] umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8411] close(3 [pid 8410] <... ioctl resumed>) = 0 [pid 8411] <... close resumed>) = 0 [pid 8410] close(3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8411] symlink("/dev/binderfs", "./binderfs" [pid 8410] <... close resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8411] <... symlink resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8410] close(4 [pid 5062] newfstatat(4, "", [pid 8410] <... close resumed>) = 0 [pid 8410] mkdir("./file0", 0777 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5062] close(4 [pid 8411] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./328/file0" [pid 8411] <... futex resumed>) = 0 [pid 8410] <... mkdir resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./328") = 0 [pid 5062] mkdir("./329", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8411] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8410] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] close(3 [pid 5062] <... openat resumed>) = 3 [pid 8411] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5065] <... close resumed>) = 0 [pid 8411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8411] <... mmap resumed>) = 0x7f6713892000 [pid 8411] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8412 ./strace-static-x86_64: Process 8412 attached [pid 8411] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8412] set_robust_list(0x5555569076a0, 24 [pid 8411] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8412] <... set_robust_list resumed>) = 0 [pid 8411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8412] chdir("./332"./strace-static-x86_64: Process 8413 attached ) = 0 [pid 8413] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8412] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8411] <... clone3 resumed> => {parent_tid=[8413]}, 88) = 8413 [pid 8413] <... rseq resumed>) = 0 [pid 8412] <... prctl resumed>) = 0 [ 282.736573][ T8410] loop2: detected capacity change from 0 to 4096 [pid 8411] rt_sigprocmask(SIG_SETMASK, [], [pid 8413] set_robust_list(0x7f67138b29a0, 24 [pid 8412] setpgid(0, 0 [pid 8413] <... set_robust_list resumed>) = 0 [pid 8412] <... setpgid resumed>) = 0 [pid 8411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 8413] rt_sigprocmask(SIG_SETMASK, [], [pid 8411] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8411] <... futex resumed>) = 0 [pid 5066] close(3 [pid 8411] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... close resumed>) = 0 [pid 8413] memfd_create("syzkaller", 0 [pid 8412] <... openat resumed>) = 3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8412] write(3, "1000", 4./strace-static-x86_64: Process 8414 attached [pid 8413] <... memfd_create resumed>) = 3 [pid 8412] <... write resumed>) = 4 [pid 8412] close(3 [pid 8414] set_robust_list(0x5555569076a0, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8414 [pid 8413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8414] <... set_robust_list resumed>) = 0 [pid 8412] <... close resumed>) = 0 [pid 8413] <... mmap resumed>) = 0x7f670b400000 [pid 8410] <... mount resumed>) = 0 [pid 8412] symlink("/dev/binderfs", "./binderfs" [pid 8414] chdir("./332" [pid 8412] <... symlink resumed>) = 0 [pid 8412] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8414] <... chdir resumed>) = 0 [pid 8412] <... futex resumed>) = 0 [pid 8410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8414] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... ioctl resumed>) = 0 [pid 8412] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8410] <... openat resumed>) = 3 [pid 8412] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8410] chdir("./file0" [pid 8412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8410] <... chdir resumed>) = 0 [pid 8414] <... prctl resumed>) = 0 [pid 8412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8410] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8414] setpgid(0, 0 [pid 8412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8410] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8414] <... setpgid resumed>) = 0 [pid 8410] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8412] <... mmap resumed>) = 0x7f6713892000 [pid 8410] <... futex resumed>) = 1 [pid 8414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8410] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8409] <... futex resumed>) = 0 [pid 8412] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8409] exit_group(0 [pid 8412] <... mprotect resumed>) = 0 [pid 8410] <... futex resumed>) = ? [pid 8409] <... exit_group resumed>) = ? [pid 8414] <... openat resumed>) = 3 [pid 8410] +++ exited with 0 +++ [pid 5062] close(3 [pid 8414] write(3, "1000", 4 [pid 8413] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8412] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8409] +++ exited with 0 +++ [pid 8414] <... write resumed>) = 4 [pid 8412] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8409, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5062] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8414] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8415 attached [pid 8414] <... close resumed>) = 0 [pid 8412] <... clone3 resumed> => {parent_tid=[8415]}, 88) = 8415 [pid 5064] openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8416 attached [pid 8415] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8414] symlink("/dev/binderfs", "./binderfs" [pid 8412] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... openat resumed>) = 3 [pid 8416] set_robust_list(0x5555569076a0, 24 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 8416] <... set_robust_list resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8416] chdir("./329" [pid 8415] <... rseq resumed>) = 0 [pid 8414] <... symlink resumed>) = 0 [pid 8412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8416] <... chdir resumed>) = 0 [pid 8415] set_robust_list(0x7f67138b29a0, 24 [pid 8412] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8416 [pid 8416] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8415] <... set_robust_list resumed>) = 0 [pid 8414] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8412] <... futex resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./333/binderfs", [pid 8416] <... prctl resumed>) = 0 [pid 8415] rt_sigprocmask(SIG_SETMASK, [], [pid 8414] <... futex resumed>) = 0 [pid 8412] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8416] setpgid(0, 0 [pid 8415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8414] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] unlink("./333/binderfs" [pid 8416] <... setpgid resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8414] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8416] <... openat resumed>) = 3 [pid 8414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8415] memfd_create("syzkaller", 0 [pid 8416] write(3, "1000", 4 [pid 8415] <... memfd_create resumed>) = 3 [pid 8414] <... mmap resumed>) = 0x7f6713892000 [pid 5064] <... umount2 resumed>) = 0 [pid 8416] <... write resumed>) = 4 [pid 8416] close(3) = 0 [pid 8416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8414] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8416] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8415] <... mmap resumed>) = 0x7f670b400000 [pid 8414] <... mprotect resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8416] <... futex resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./333/file0", [pid 8416] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8416] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8414] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8414] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... openat resumed>) = 4 [pid 8414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8416] <... mmap resumed>) = 0x7f6713892000 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 8416] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8416] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./333/file0"./strace-static-x86_64: Process 8417 attached [pid 8416] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8413] <... write resumed>) = 2097152 [pid 5064] <... rmdir resumed>) = 0 [pid 8417] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8414] <... clone3 resumed> => {parent_tid=[8417]}, 88) = 8417 [pid 8416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 8417] <... rseq resumed>) = 0 [pid 8414] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... close resumed>) = 0 [pid 8416] <... clone3 resumed> => {parent_tid=[8418]}, 88) = 8418 [pid 5064] rmdir("./333"./strace-static-x86_64: Process 8418 attached [pid 8416] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... rmdir resumed>) = 0 [pid 8418] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8418] <... rseq resumed>) = 0 [pid 8416] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] mkdir("./334", 0777 [pid 8418] set_robust_list(0x7f67138b29a0, 24 [pid 8417] set_robust_list(0x7f67138b29a0, 24 [pid 8416] <... futex resumed>) = 0 [pid 8414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8413] munmap(0x7f670b400000, 138412032 [pid 5064] <... mkdir resumed>) = 0 [pid 8418] <... set_robust_list resumed>) = 0 [pid 8417] <... set_robust_list resumed>) = 0 [pid 8416] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8414] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8418] rt_sigprocmask(SIG_SETMASK, [], [pid 8414] <... futex resumed>) = 0 [pid 8418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8417] rt_sigprocmask(SIG_SETMASK, [], [pid 8418] memfd_create("syzkaller", 0 [pid 8417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8414] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 8417] memfd_create("syzkaller", 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8418] <... memfd_create resumed>) = 3 [pid 8418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8417] <... memfd_create resumed>) = 3 [pid 8415] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8413] <... munmap resumed>) = 0 [pid 8417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8413] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8418] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8413] close(3) = 0 [pid 8413] close(4) = 0 [pid 8413] mkdir("./file0", 0777) = 0 [pid 8413] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [ 282.989269][ T8413] loop1: detected capacity change from 0 to 4096 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8415] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 8419 attached [pid 8417] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8419] set_robust_list(0x5555569076a0, 24) = 0 [pid 8415] munmap(0x7f670b400000, 138412032 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8419 [pid 8419] chdir("./334") = 0 [pid 8419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8415] <... munmap resumed>) = 0 [pid 8419] setpgid(0, 0 [pid 8418] <... write resumed>) = 2097152 [pid 8415] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8413] <... mount resumed>) = 0 [pid 8419] <... setpgid resumed>) = 0 [pid 8413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8415] <... openat resumed>) = 4 [pid 8415] ioctl(4, LOOP_SET_FD, 3 [pid 8418] munmap(0x7f670b400000, 138412032 [pid 8413] <... openat resumed>) = 3 [pid 8413] chdir("./file0" [pid 8419] <... openat resumed>) = 3 [pid 8413] <... chdir resumed>) = 0 [pid 8413] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8419] write(3, "1000", 4 [pid 8418] <... munmap resumed>) = 0 [pid 8417] <... write resumed>) = 2097152 [pid 8415] <... ioctl resumed>) = 0 [pid 8413] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8419] <... write resumed>) = 4 [pid 8419] close(3 [pid 8418] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8419] <... close resumed>) = 0 [pid 8418] <... openat resumed>) = 4 [pid 8419] symlink("/dev/binderfs", "./binderfs" [pid 8418] ioctl(4, LOOP_SET_FD, 3 [pid 8419] <... symlink resumed>) = 0 [pid 8417] munmap(0x7f670b400000, 138412032 [pid 8415] close(3 [pid 8413] <... futex resumed>) = 1 [pid 8415] <... close resumed>) = 0 [pid 8413] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8415] close(4) = 0 [pid 8411] <... futex resumed>) = 0 [pid 8419] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8415] mkdir("./file0", 0777 [pid 8411] exit_group(0 [pid 8419] <... futex resumed>) = 0 [pid 8419] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8411] <... exit_group resumed>) = ? [pid 8419] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8413] <... futex resumed>) = ? [pid 8419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8415] <... mkdir resumed>) = 0 [pid 8419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8419] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8419] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8413] +++ exited with 0 +++ [pid 8411] +++ exited with 0 +++ [pid 8419] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8417] <... munmap resumed>) = 0 [pid 8415] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8411, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=3 /* 0.03 s */} --- [pid 8419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8417] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 ./strace-static-x86_64: Process 8420 attached [pid 8419] <... clone3 resumed> => {parent_tid=[8420]}, 88) = 8420 [pid 5063] umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8420] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8419] rt_sigprocmask(SIG_SETMASK, [], [pid 8417] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8420] <... rseq resumed>) = 0 [pid 8419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8420] set_robust_list(0x7f67138b29a0, 24 [pid 8419] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... openat resumed>) = 3 [pid 8420] <... set_robust_list resumed>) = 0 [pid 8419] <... futex resumed>) = 0 [pid 5063] newfstatat(3, "", [pid 8420] rt_sigprocmask(SIG_SETMASK, [], [pid 8419] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8418] <... ioctl resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8418] close(3 [pid 5063] getdents64(3, [pid 8420] memfd_create("syzkaller", 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8418] <... close resumed>) = 0 [pid 8417] <... ioctl resumed>) = 0 [pid 5063] umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8418] close(4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8418] <... close resumed>) = 0 [pid 5063] unlink("./336/binderfs" [pid 8420] <... memfd_create resumed>) = 3 [pid 8418] mkdir("./file0", 0777 [pid 8417] close(3 [pid 5063] <... unlink resumed>) = 0 [pid 8420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8418] <... mkdir resumed>) = 0 [pid 8417] <... close resumed>) = 0 [pid 8420] <... mmap resumed>) = 0x7f670b400000 [pid 5063] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8417] close(4 [pid 8418] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5063] <... umount2 resumed>) = 0 [pid 8417] <... close resumed>) = 0 [pid 8417] mkdir("./file0", 0777 [pid 5063] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8417] <... mkdir resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 283.092043][ T8415] loop3: detected capacity change from 0 to 4096 [ 283.107162][ T8418] loop0: detected capacity change from 0 to 4096 [ 283.128909][ T8417] loop4: detected capacity change from 0 to 4096 [pid 5063] openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8417] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./336/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 8415] <... mount resumed>) = 0 [pid 5063] rmdir("./336" [pid 8415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] <... rmdir resumed>) = 0 [pid 8415] <... openat resumed>) = 3 [pid 8415] chdir("./file0" [pid 5063] mkdir("./337", 0777 [pid 8415] <... chdir resumed>) = 0 [pid 8415] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5063] <... mkdir resumed>) = 0 [pid 8415] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8420] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8415] <... futex resumed>) = 1 [pid 8412] <... futex resumed>) = 0 [pid 8417] <... mount resumed>) = 0 [pid 8415] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8412] exit_group(0 [pid 8417] <... openat resumed>) = 3 [pid 8415] <... futex resumed>) = ? [pid 8412] <... exit_group resumed>) = ? [pid 8417] chdir("./file0" [pid 8415] +++ exited with 0 +++ [pid 8417] <... chdir resumed>) = 0 [pid 8417] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8417] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8414] <... futex resumed>) = 0 [pid 8417] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8414] exit_group(0) = ? [pid 8417] <... futex resumed>) = ? [pid 8418] <... mount resumed>) = 0 [pid 8417] +++ exited with 0 +++ [pid 8414] +++ exited with 0 +++ [pid 8412] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8412, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8414, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} --- [pid 5066] umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 8418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(3, "", [pid 8418] <... openat resumed>) = 3 [pid 5066] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8418] chdir("./file0" [pid 5066] newfstatat(3, "", [pid 5065] getdents64(3, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8418] <... chdir resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./332/binderfs", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8418] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(AT_FDCWD, "./332/binderfs", [pid 8418] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] unlink("./332/binderfs" [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8418] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... unlink resumed>) = 0 [pid 5065] unlink("./332/binderfs" [pid 8418] <... futex resumed>) = 1 [pid 8416] <... futex resumed>) = 0 [pid 5066] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... unlink resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5065] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8418] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8416] exit_group(0) = ? [pid 8418] <... futex resumed>) = ? [pid 8418] +++ exited with 0 +++ [pid 8416] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8416, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5062] umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./332/file0", [pid 5062] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5066] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(3, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./332/file0", [pid 5062] getdents64(3, [pid 5066] openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] <... openat resumed>) = 4 [pid 5065] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(4, "", [pid 5065] openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] newfstatat(AT_FDCWD, "./329/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8420] <... write resumed>) = 2097152 [pid 5062] unlink("./329/binderfs" [pid 5065] newfstatat(4, "", [pid 5062] <... unlink resumed>) = 0 [pid 5066] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5066] getdents64(4, [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8420] munmap(0x7f670b400000, 138412032 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(4, [pid 5063] close(3 [pid 5066] close(4 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5063] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] rmdir("./332/file0" [pid 8420] <... munmap resumed>) = 0 [pid 5066] rmdir("./332/file0" [pid 5065] <... rmdir resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... umount2 resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5062] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(3, [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8421 attached [pid 5065] close(3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./329/file0", [pid 5066] close(3 [pid 5065] rmdir("./332" [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8421 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8421] set_robust_list(0x5555569076a0, 24 [pid 5066] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8421] <... set_robust_list resumed>) = 0 [pid 5066] rmdir("./332" [pid 5065] mkdir("./333", 0777 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./333", 0777 [pid 5065] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8421] chdir("./337" [pid 8420] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8421] <... chdir resumed>) = 0 [pid 8420] <... openat resumed>) = 4 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... openat resumed>) = 4 [pid 8421] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8420] ioctl(4, LOOP_SET_FD, 3 [pid 5062] newfstatat(4, "", [pid 8421] <... prctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... openat resumed>) = 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8421] setpgid(0, 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] getdents64(4, [pid 8421] <... setpgid resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5062] getdents64(4, [pid 8421] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 8421] write(3, "1000", 4 [pid 5062] rmdir("./329/file0") = 0 [pid 8421] <... write resumed>) = 4 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8421] close(3 [pid 5062] close(3 [pid 8421] <... close resumed>) = 0 [pid 8420] <... ioctl resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8421] symlink("/dev/binderfs", "./binderfs" [pid 8420] close(3 [pid 5062] rmdir("./329" [pid 8421] <... symlink resumed>) = 0 [pid 8420] <... close resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8420] close(4 [pid 8421] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8420] <... close resumed>) = 0 [pid 8420] mkdir("./file0", 0777 [pid 5062] mkdir("./330", 0777) = 0 [pid 8421] <... futex resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8421] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8420] <... mkdir resumed>) = 0 [pid 8421] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8420] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8421] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 283.344053][ T8420] loop2: detected capacity change from 0 to 4096 [pid 8421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8422]}, 88) = 8422 [pid 8421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8421] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8420] <... mount resumed>) = 0 [pid 8420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8421] <... futex resumed>) = 0 [pid 8420] <... openat resumed>) = 3 [pid 8420] chdir("./file0" [pid 8421] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8420] <... chdir resumed>) = 0 [pid 8420] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 8422 attached ) = -1 EBUSY (Device or resource busy) [pid 5066] <... ioctl resumed>) = 0 [pid 8422] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8420] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8422] <... rseq resumed>) = 0 [pid 8420] <... futex resumed>) = 1 [pid 8419] <... futex resumed>) = 0 [pid 8422] set_robust_list(0x7f67138b29a0, 24 [pid 8420] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8422] <... set_robust_list resumed>) = 0 [pid 8419] exit_group(0) = ? [pid 8420] <... futex resumed>) = ? [pid 8422] rt_sigprocmask(SIG_SETMASK, [], [pid 8420] +++ exited with 0 +++ [pid 8422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8422] memfd_create("syzkaller", 0 [pid 5066] close(3 [pid 8422] <... memfd_create resumed>) = 3 [pid 8419] +++ exited with 0 +++ [pid 5065] <... ioctl resumed>) = 0 [pid 8422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8419, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5066] <... close resumed>) = 0 [pid 5065] close(3 [pid 5062] <... ioctl resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... close resumed>) = 0 [pid 5064] umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] close(3 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8423 ./strace-static-x86_64: Process 8423 attached [pid 5064] openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... close resumed>) = 0 [pid 8423] set_robust_list(0x5555569076a0, 24 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8423] <... set_robust_list resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8423] chdir("./333") = 0 [pid 8423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8423] setpgid(0, 0) = 0 [pid 5064] newfstatat(3, "", ./strace-static-x86_64: Process 8424 attached [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8424 [pid 8424] set_robust_list(0x5555569076a0, 24 [pid 8423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8425 [pid 8424] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 8425 attached [pid 8424] chdir("./333" [pid 8423] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 8425] set_robust_list(0x5555569076a0, 24 [pid 8424] <... chdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8425] <... set_robust_list resumed>) = 0 [pid 8424] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8423] write(3, "1000", 4 [pid 5064] umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8424] <... prctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8424] setpgid(0, 0 [pid 5064] newfstatat(AT_FDCWD, "./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./334/binderfs" [pid 8424] <... setpgid resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8425] chdir("./330" [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8425] <... chdir resumed>) = 0 [pid 8423] <... write resumed>) = 4 [pid 8425] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8423] close(3 [pid 8425] <... prctl resumed>) = 0 [pid 8423] <... close resumed>) = 0 [pid 8425] setpgid(0, 0 [pid 8424] <... openat resumed>) = 3 [pid 8423] symlink("/dev/binderfs", "./binderfs" [pid 8425] <... setpgid resumed>) = 0 [pid 8424] write(3, "1000", 4 [pid 8423] <... symlink resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8424] <... write resumed>) = 4 [pid 8422] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] newfstatat(AT_FDCWD, "./334/file0", [pid 8425] <... openat resumed>) = 3 [pid 8424] close(3 [pid 8423] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8425] write(3, "1000", 4 [pid 8424] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8423] <... futex resumed>) = 0 [pid 8425] <... write resumed>) = 4 [pid 8423] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8425] close(3 [pid 8424] symlink("/dev/binderfs", "./binderfs" [pid 8423] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8424] <... symlink resumed>) = 0 [pid 8423] <... mmap resumed>) = 0x7f6713892000 [pid 5064] <... openat resumed>) = 4 [pid 8424] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] newfstatat(4, "", [pid 8425] <... close resumed>) = 0 [pid 8423] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8425] symlink("/dev/binderfs", "./binderfs" [pid 8424] <... futex resumed>) = 0 [pid 8423] <... mprotect resumed>) = 0 [pid 5064] getdents64(4, [pid 8424] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8423] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8424] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8423] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] getdents64(4, [pid 8425] <... symlink resumed>) = 0 [pid 8423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8425] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8424] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] close(4 [pid 8425] <... futex resumed>) = 0 [pid 8424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8423] <... clone3 resumed> => {parent_tid=[8426]}, 88) = 8426 ./strace-static-x86_64: Process 8426 attached [pid 8425] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8423] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... close resumed>) = 0 [pid 8426] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8425] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8424] <... mmap resumed>) = 0x7f6713892000 [pid 5064] rmdir("./334/file0" [pid 8426] <... rseq resumed>) = 0 [pid 8424] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8426] set_robust_list(0x7f67138b29a0, 24 [pid 8425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8422] <... write resumed>) = 2097152 [pid 5064] <... rmdir resumed>) = 0 [pid 8426] <... set_robust_list resumed>) = 0 [pid 8425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8424] <... mprotect resumed>) = 0 [pid 8423] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8422] munmap(0x7f670b400000, 138412032 [pid 5064] getdents64(3, [pid 8426] rt_sigprocmask(SIG_SETMASK, [], [pid 8425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8424] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8423] <... futex resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8425] <... mmap resumed>) = 0x7f6713892000 [pid 8423] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] close(3 [pid 8426] memfd_create("syzkaller", 0 [pid 8425] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8424] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8426] <... memfd_create resumed>) = 3 [pid 8424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... close resumed>) = 0 ./strace-static-x86_64: Process 8427 attached [pid 8426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8425] <... mprotect resumed>) = 0 [pid 5064] rmdir("./334" [pid 8427] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8426] <... mmap resumed>) = 0x7f670b400000 [pid 8425] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... rmdir resumed>) = 0 [pid 8427] <... rseq resumed>) = 0 [pid 8425] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8424] <... clone3 resumed> => {parent_tid=[8427]}, 88) = 8427 [pid 8427] set_robust_list(0x7f67138b29a0, 24 [pid 8425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8422] <... munmap resumed>) = 0 [pid 8427] <... set_robust_list resumed>) = 0 [pid 8424] rt_sigprocmask(SIG_SETMASK, [], [pid 8422] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] mkdir("./335", 0777 [pid 8427] rt_sigprocmask(SIG_SETMASK, [], [pid 8425] <... clone3 resumed> => {parent_tid=[8428]}, 88) = 8428 [pid 8424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8422] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8428 attached [pid 8427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8425] rt_sigprocmask(SIG_SETMASK, [], [pid 8424] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8428] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8427] memfd_create("syzkaller", 0 [pid 8425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8424] <... futex resumed>) = 0 [pid 8422] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... mkdir resumed>) = 0 [pid 8428] <... rseq resumed>) = 0 [pid 8424] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8428] set_robust_list(0x7f67138b29a0, 24 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8428] <... set_robust_list resumed>) = 0 [pid 8425] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8427] <... memfd_create resumed>) = 3 [pid 8425] <... futex resumed>) = 0 [pid 8427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8425] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8428] rt_sigprocmask(SIG_SETMASK, [], [pid 8427] <... mmap resumed>) = 0x7f670b400000 [pid 8428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8428] memfd_create("syzkaller", 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8422] <... ioctl resumed>) = 0 [pid 8428] <... memfd_create resumed>) = 3 [pid 8426] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8422] close(3) = 0 [pid 8422] close(4) = 0 [pid 8422] mkdir("./file0", 0777) = 0 [pid 8422] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [ 283.585972][ T8422] loop1: detected capacity change from 0 to 4096 [pid 8427] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8428] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8422] <... mount resumed>) = 0 [pid 8422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8422] chdir("./file0") = 0 [pid 8422] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8422] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8421] <... futex resumed>) = 0 [pid 8426] <... write resumed>) = 2097152 [pid 5064] <... ioctl resumed>) = 0 [pid 8421] exit_group(0 [pid 8426] munmap(0x7f670b400000, 138412032 [pid 5064] close(3 [pid 8421] <... exit_group resumed>) = ? [pid 8426] <... munmap resumed>) = 0 [pid 8422] +++ exited with 0 +++ [pid 8421] +++ exited with 0 +++ [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8421, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5063] umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8429 attached [pid 8426] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8429 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8429] set_robust_list(0x5555569076a0, 24 [pid 8428] <... write resumed>) = 2097152 [pid 8427] <... write resumed>) = 2097152 [pid 8426] <... openat resumed>) = 4 [pid 5063] newfstatat(AT_FDCWD, "./337/binderfs", [pid 8429] <... set_robust_list resumed>) = 0 [pid 8428] munmap(0x7f670b400000, 138412032 [pid 8426] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8429] chdir("./335" [pid 5063] unlink("./337/binderfs") = 0 [pid 5063] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8427] munmap(0x7f670b400000, 138412032 [pid 8429] <... chdir resumed>) = 0 [pid 8427] <... munmap resumed>) = 0 [pid 8429] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8428] <... munmap resumed>) = 0 [pid 8426] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8429] <... prctl resumed>) = 0 [pid 8428] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8426] close(3 [pid 8429] setpgid(0, 0 [pid 8428] <... openat resumed>) = 4 [pid 8429] <... setpgid resumed>) = 0 [pid 8428] ioctl(4, LOOP_SET_FD, 3 [pid 8427] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8426] <... close resumed>) = 0 [pid 5063] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8427] <... openat resumed>) = 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8427] ioctl(4, LOOP_SET_FD, 3 [pid 5063] newfstatat(AT_FDCWD, "./337/file0", [pid 8429] <... openat resumed>) = 3 [pid 8428] <... ioctl resumed>) = 0 [pid 8426] close(4 [pid 8429] write(3, "1000", 4 [pid 8428] close(3 [pid 8426] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8429] <... write resumed>) = 4 [pid 8428] <... close resumed>) = 0 [pid 8426] mkdir("./file0", 0777 [pid 8429] close(3 [pid 8428] close(4 [pid 8429] <... close resumed>) = 0 [pid 5063] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", [pid 8429] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8426] <... mkdir resumed>) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8429] <... symlink resumed>) = 0 [pid 5063] getdents64(4, [pid 8428] <... close resumed>) = 0 [pid 8426] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8428] mkdir("./file0", 0777 [pid 8427] <... ioctl resumed>) = 0 [pid 5063] close(4 [pid 8427] close(3 [pid 5063] <... close resumed>) = 0 [pid 8427] <... close resumed>) = 0 [pid 5063] rmdir("./337/file0" [pid 8427] close(4 [pid 5063] <... rmdir resumed>) = 0 [pid 8428] <... mkdir resumed>) = 0 [pid 8427] <... close resumed>) = 0 [pid 5063] getdents64(3, [pid 8428] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8427] mkdir("./file0", 0777 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./337" [pid 8427] <... mkdir resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8427] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] mkdir("./338", 0777 [pid 8429] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8429] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] <... mkdir resumed>) = 0 [pid 8429] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8429] <... mmap resumed>) = 0x7f6713892000 [ 283.739922][ T8426] loop4: detected capacity change from 0 to 4096 [ 283.760207][ T8428] loop0: detected capacity change from 0 to 4096 [ 283.761746][ T8427] loop3: detected capacity change from 0 to 4096 [pid 8429] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8427] <... mount resumed>) = 0 [pid 8429] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8429] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8427] chdir("./file0"./strace-static-x86_64: Process 8430 attached ) = 0 [pid 8430] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8427] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8430] <... rseq resumed>) = 0 [pid 8427] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8430] set_robust_list(0x7f67138b29a0, 24 [pid 8429] <... clone3 resumed> => {parent_tid=[8430]}, 88) = 8430 [pid 8427] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] <... set_robust_list resumed>) = 0 [pid 8429] rt_sigprocmask(SIG_SETMASK, [], [pid 8428] <... mount resumed>) = 0 [pid 8430] rt_sigprocmask(SIG_SETMASK, [], [pid 8429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8430] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8429] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8427] <... futex resumed>) = 1 [pid 8426] <... mount resumed>) = 0 [pid 8424] <... futex resumed>) = 0 [pid 8430] <... futex resumed>) = 0 [pid 8429] <... futex resumed>) = 1 [pid 8428] <... openat resumed>) = 3 [pid 8427] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8424] exit_group(0 [pid 8430] memfd_create("syzkaller", 0 [pid 8429] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8428] chdir("./file0" [pid 8427] <... futex resumed>) = ? [pid 8426] <... openat resumed>) = 3 [pid 8424] <... exit_group resumed>) = ? [pid 8427] +++ exited with 0 +++ [pid 8428] <... chdir resumed>) = 0 [pid 8426] chdir("./file0" [pid 8428] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8426] <... chdir resumed>) = 0 [pid 8424] +++ exited with 0 +++ [pid 8426] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8428] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8426] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8426] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8424, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8426] <... futex resumed>) = 1 [pid 8428] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8426] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8428] <... futex resumed>) = 1 [pid 8425] <... futex resumed>) = 0 [pid 8423] <... futex resumed>) = 0 [pid 5065] umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8430] <... memfd_create resumed>) = 3 [pid 8428] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8425] exit_group(0 [pid 8423] exit_group(0 [pid 8425] <... exit_group resumed>) = ? [pid 8423] <... exit_group resumed>) = ? [pid 8430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8428] <... futex resumed>) = ? [pid 8426] <... futex resumed>) = ? [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8430] <... mmap resumed>) = 0x7f670b400000 [pid 8428] +++ exited with 0 +++ [pid 8426] +++ exited with 0 +++ [pid 8425] +++ exited with 0 +++ [pid 8423] +++ exited with 0 +++ [pid 5065] openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... ioctl resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8423, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5066] umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8425, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, [pid 5066] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... openat resumed>) = 3 [pid 5062] umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(3, "", [pid 5065] newfstatat(3, "", [pid 5063] close(3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... close resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./330/binderfs", [pid 5066] getdents64(3, [pid 5065] getdents64(3, [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] unlink("./330/binderfs"./strace-static-x86_64: Process 8431 attached [pid 5066] umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8431] set_robust_list(0x5555569076a0, 24) = 0 [pid 8431] chdir("./338" [pid 5062] <... umount2 resumed>) = 0 [pid 8431] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8431 [pid 8431] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] newfstatat(AT_FDCWD, "./333/binderfs", [pid 5065] newfstatat(AT_FDCWD, "./333/binderfs", [pid 8431] <... prctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./333/binderfs" [pid 5065] unlink("./333/binderfs" [pid 8431] setpgid(0, 0 [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 8431] <... setpgid resumed>) = 0 [pid 5066] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./330/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8431] <... openat resumed>) = 3 [pid 8430] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5062] umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8431] write(3, "1000", 4) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8431] close(3) = 0 [pid 5062] openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8431] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... openat resumed>) = 4 [pid 5066] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(4, "", [pid 8431] <... symlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8431] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(AT_FDCWD, "./333/file0", [pid 5062] getdents64(4, [pid 8431] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8431] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8431] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] getdents64(4, [pid 8431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5062] close(4 [pid 8431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] newfstatat(4, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... close resumed>) = 0 [pid 8431] <... mmap resumed>) = 0x7f6713892000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] rmdir("./330/file0" [pid 8431] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] getdents64(4, [pid 5065] newfstatat(AT_FDCWD, "./333/file0", [pid 5062] <... rmdir resumed>) = 0 [pid 8431] <... mprotect resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] getdents64(3, [pid 8431] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] getdents64(4, [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8431] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] close(3./strace-static-x86_64: Process 8432 attached [pid 5066] <... close resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... close resumed>) = 0 [pid 8432] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8431] <... clone3 resumed> => {parent_tid=[8432]}, 88) = 8432 [pid 5066] rmdir("./333/file0" [pid 5065] <... openat resumed>) = 4 [pid 8432] <... rseq resumed>) = 0 [pid 8431] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... rmdir resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 5062] rmdir("./330" [pid 8432] set_robust_list(0x7f67138b29a0, 24 [pid 8431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8432] <... set_robust_list resumed>) = 0 [pid 8431] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8432] rt_sigprocmask(SIG_SETMASK, [], [pid 8431] <... futex resumed>) = 0 [pid 8432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8431] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(4, [pid 5066] close(3 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8432] memfd_create("syzkaller", 0 [pid 5066] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 5062] mkdir("./331", 0777 [pid 8432] <... memfd_create resumed>) = 3 [pid 5066] rmdir("./333" [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8432] <... mmap resumed>) = 0x7f670b400000 [pid 5065] close(4 [pid 5062] <... mkdir resumed>) = 0 [pid 5066] mkdir("./334", 0777 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./333/file0" [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] getdents64(3, [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] rmdir("./333" [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... rmdir resumed>) = 0 [pid 8430] <... write resumed>) = 2097152 [pid 8430] munmap(0x7f670b400000, 138412032 [pid 5065] mkdir("./334", 0777 [pid 8430] <... munmap resumed>) = 0 [pid 8430] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... mkdir resumed>) = 0 [pid 8430] <... openat resumed>) = 4 [pid 8430] ioctl(4, LOOP_SET_FD, 3 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8432] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8430] <... ioctl resumed>) = 0 [pid 8430] close(3 [pid 5065] <... openat resumed>) = 3 [pid 8430] <... close resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8430] close(4) = 0 [pid 8432] <... write resumed>) = 2097152 [pid 8432] munmap(0x7f670b400000, 138412032) = 0 [pid 8430] mkdir("./file0", 0777 [pid 8432] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8430] <... mkdir resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8430] mount("/dev/loop2", "./file0", "ntfs3", 0, ""./strace-static-x86_64: Process 8433 attached [pid 8432] <... openat resumed>) = 4 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8433 [ 284.007082][ T8430] loop2: detected capacity change from 0 to 4096 [pid 8433] set_robust_list(0x5555569076a0, 24 [pid 8432] ioctl(4, LOOP_SET_FD, 3 [pid 8433] <... set_robust_list resumed>) = 0 [pid 8433] chdir("./334" [pid 8432] <... ioctl resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8433] <... chdir resumed>) = 0 [pid 8432] close(3 [pid 8433] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8432] <... close resumed>) = 0 [pid 5062] close(3 [pid 8433] <... prctl resumed>) = 0 [pid 8433] setpgid(0, 0 [pid 8432] close(4 [pid 5062] <... close resumed>) = 0 [pid 8433] <... setpgid resumed>) = 0 [pid 8432] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8434 attached [pid 8433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8432] mkdir("./file0", 0777 [pid 8434] set_robust_list(0x5555569076a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8434 [pid 8434] <... set_robust_list resumed>) = 0 [pid 8433] <... openat resumed>) = 3 [pid 8432] <... mkdir resumed>) = 0 [pid 8434] chdir("./331" [pid 8433] write(3, "1000", 4 [pid 8432] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8434] <... chdir resumed>) = 0 [pid 8433] <... write resumed>) = 4 [pid 8434] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8433] close(3) = 0 [pid 8434] <... prctl resumed>) = 0 [pid 8434] setpgid(0, 0) = 0 [pid 8433] symlink("/dev/binderfs", "./binderfs") = 0 [ 284.065386][ T8432] loop1: detected capacity change from 0 to 4096 [pid 8434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8433] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8434] <... openat resumed>) = 3 [pid 8433] <... futex resumed>) = 0 [pid 8434] write(3, "1000", 4 [pid 8433] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8434] <... write resumed>) = 4 [pid 8434] close(3) = 0 [pid 8433] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8434] symlink("/dev/binderfs", "./binderfs" [pid 8433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8432] <... mount resumed>) = 0 [pid 8433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8434] <... symlink resumed>) = 0 [pid 8433] <... mmap resumed>) = 0x7f6713892000 [pid 8432] <... openat resumed>) = 3 [pid 5065] <... ioctl resumed>) = 0 [pid 8433] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8432] chdir("./file0" [pid 8434] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8433] <... mprotect resumed>) = 0 [pid 8434] <... futex resumed>) = 0 [pid 8432] <... chdir resumed>) = 0 [pid 8434] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8433] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8432] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8430] <... mount resumed>) = 0 [pid 5065] close(3 [pid 8434] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8433] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8432] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 8434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8432] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] <... openat resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8435 attached [pid 8434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8430] chdir("./file0"./strace-static-x86_64: Process 8436 attached [pid 8435] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8433] <... clone3 resumed> => {parent_tid=[8435]}, 88) = 8435 [pid 8430] <... chdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8436 [pid 8433] rt_sigprocmask(SIG_SETMASK, [], [pid 8430] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8434] <... mmap resumed>) = 0x7f6713892000 [pid 8433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8434] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8433] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8434] <... mprotect resumed>) = 0 [pid 8433] <... futex resumed>) = 0 [pid 8436] set_robust_list(0x5555569076a0, 24 [pid 8434] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8433] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8430] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8430] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8435] <... rseq resumed>) = 0 [pid 8430] <... futex resumed>) = 1 [pid 8436] <... set_robust_list resumed>) = 0 [pid 8435] set_robust_list(0x7f67138b29a0, 24 [pid 8430] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8436] chdir("./334" [pid 8435] <... set_robust_list resumed>) = 0 [pid 8434] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8432] <... futex resumed>) = 1 [pid 8431] <... futex resumed>) = 0 [pid 8429] <... futex resumed>) = 0 [pid 8436] <... chdir resumed>) = 0 [pid 8432] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8429] exit_group(0 [pid 8431] exit_group(0 [pid 8429] <... exit_group resumed>) = ? [pid 8432] <... futex resumed>) = ? [pid 8431] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 8437 attached [pid 8432] +++ exited with 0 +++ [pid 8431] +++ exited with 0 +++ [pid 8437] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8434] <... clone3 resumed> => {parent_tid=[8437]}, 88) = 8437 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8431, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 8437] <... rseq resumed>) = 0 [pid 8434] rt_sigprocmask(SIG_SETMASK, [], [pid 8437] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8436] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8435] rt_sigprocmask(SIG_SETMASK, [], [pid 8430] <... futex resumed>) = ? [pid 8437] rt_sigprocmask(SIG_SETMASK, [], [pid 8436] <... prctl resumed>) = 0 [pid 8435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8430] +++ exited with 0 +++ [pid 8429] +++ exited with 0 +++ [pid 8437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8436] setpgid(0, 0 [pid 8435] memfd_create("syzkaller", 0 [pid 8434] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8429, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5063] umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8436] <... setpgid resumed>) = 0 [pid 8434] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8437] memfd_create("syzkaller", 0 [pid 8436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8435] <... memfd_create resumed>) = 3 [pid 8435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8436] <... openat resumed>) = 3 [pid 8436] write(3, "1000", 4 [pid 5063] openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8437] <... memfd_create resumed>) = 3 [pid 8434] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8437] <... mmap resumed>) = 0x7f670b400000 [pid 8436] <... write resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] newfstatat(3, "", [pid 5064] <... openat resumed>) = 3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(3, "", [pid 5063] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] getdents64(3, [pid 5063] umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(AT_FDCWD, "./338/binderfs", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(AT_FDCWD, "./335/binderfs", [pid 5063] unlink("./338/binderfs" [pid 8436] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8436] <... close resumed>) = 0 [pid 5064] unlink("./335/binderfs" [pid 5063] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8436] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... unlink resumed>) = 0 [pid 8436] <... symlink resumed>) = 0 [pid 8436] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8436] <... futex resumed>) = 0 [pid 8436] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8436] <... mmap resumed>) = 0x7f6713892000 [pid 8436] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8436] <... mprotect resumed>) = 0 [pid 8437] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8436] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8435] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = 0 [pid 8436] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] newfstatat(AT_FDCWD, "./335/file0", ./strace-static-x86_64: Process 8438 attached [pid 8436] <... clone3 resumed> => {parent_tid=[8438]}, 88) = 8438 [pid 8436] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8438] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8438] <... rseq resumed>) = 0 [pid 8436] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8438] set_robust_list(0x7f67138b29a0, 24 [pid 8436] <... futex resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./338/file0", [pid 8438] <... set_robust_list resumed>) = 0 [pid 8436] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8438] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... openat resumed>) = 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] newfstatat(4, "", [pid 5063] openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8438] memfd_create("syzkaller", 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5063] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] newfstatat(4, "", [pid 5064] getdents64(4, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8438] <... memfd_create resumed>) = 3 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] getdents64(4, [pid 5064] close(4) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] rmdir("./335/file0" [pid 5063] close(4 [pid 8438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8438] <... mmap resumed>) = 0x7f670b400000 [pid 5063] rmdir("./338/file0" [pid 5064] getdents64(3, [pid 5063] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] getdents64(3, [pid 5064] close(3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] close(3) = 0 [pid 5064] rmdir("./335" [pid 5063] rmdir("./338" [pid 8437] <... write resumed>) = 2097152 [pid 8435] <... write resumed>) = 2097152 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8437] munmap(0x7f670b400000, 138412032 [pid 5063] mkdir("./339", 0777 [pid 5064] mkdir("./336", 0777) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8435] munmap(0x7f670b400000, 138412032 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... openat resumed>) = 3 [pid 8437] <... munmap resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8435] <... munmap resumed>) = 0 [pid 8438] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8435] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8437] ioctl(4, LOOP_SET_FD, 3 [pid 8435] <... openat resumed>) = 4 [pid 8435] ioctl(4, LOOP_SET_FD, 3 [pid 8437] <... ioctl resumed>) = 0 [pid 8438] <... write resumed>) = 2097152 [pid 8437] close(3 [pid 8435] <... ioctl resumed>) = 0 [pid 8438] munmap(0x7f670b400000, 138412032 [pid 8437] <... close resumed>) = 0 [pid 8435] close(3 [pid 8437] close(4 [pid 8435] <... close resumed>) = 0 [pid 8438] <... munmap resumed>) = 0 [pid 8437] <... close resumed>) = 0 [pid 8435] close(4 [pid 8438] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8437] mkdir("./file0", 0777 [pid 8435] <... close resumed>) = 0 [pid 8438] <... openat resumed>) = 4 [pid 8435] mkdir("./file0", 0777 [pid 8438] ioctl(4, LOOP_SET_FD, 3 [pid 8437] <... mkdir resumed>) = 0 [pid 8438] <... ioctl resumed>) = 0 [pid 8437] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8435] <... mkdir resumed>) = 0 [pid 8438] close(3) = 0 [pid 8438] close(4) = 0 [pid 8438] mkdir("./file0", 0777) = 0 [pid 8438] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] <... ioctl resumed>) = 0 [pid 8435] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5064] <... ioctl resumed>) = 0 [ 284.332304][ T8437] loop0: detected capacity change from 0 to 4096 [ 284.339531][ T8435] loop4: detected capacity change from 0 to 4096 [ 284.367353][ T8438] loop3: detected capacity change from 0 to 4096 [pid 5064] close(3) = 0 [pid 5063] close(3 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... close resumed>) = 0 ./strace-static-x86_64: Process 8439 attached [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8439] set_robust_list(0x5555569076a0, 24 [pid 8438] <... mount resumed>) = 0 ./strace-static-x86_64: Process 8440 attached [pid 8439] <... set_robust_list resumed>) = 0 [pid 8438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8439 [pid 8440] set_robust_list(0x5555569076a0, 24 [pid 8439] chdir("./336" [pid 8438] <... openat resumed>) = 3 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8440 [pid 8440] <... set_robust_list resumed>) = 0 [pid 8439] <... chdir resumed>) = 0 [pid 8438] chdir("./file0" [pid 8440] chdir("./339" [pid 8438] <... chdir resumed>) = 0 [pid 8438] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8439] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8440] <... chdir resumed>) = 0 [pid 8440] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8439] <... prctl resumed>) = 0 [pid 8438] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8440] <... prctl resumed>) = 0 [pid 8439] setpgid(0, 0 [pid 8438] <... futex resumed>) = 1 [pid 8440] setpgid(0, 0 [pid 8439] <... setpgid resumed>) = 0 [pid 8438] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8437] <... mount resumed>) = 0 [pid 8436] <... futex resumed>) = 0 [pid 8440] <... setpgid resumed>) = 0 [pid 8439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8436] exit_group(0 [pid 8440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8439] <... openat resumed>) = 3 [pid 8438] <... futex resumed>) = ? [pid 8436] <... exit_group resumed>) = ? [pid 8440] <... openat resumed>) = 3 [pid 8439] write(3, "1000", 4 [pid 8438] +++ exited with 0 +++ [pid 8437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8436] +++ exited with 0 +++ [pid 8440] write(3, "1000", 4 [pid 8439] <... write resumed>) = 4 [pid 8437] <... openat resumed>) = 3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8436, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} --- [pid 8440] <... write resumed>) = 4 [pid 8439] close(3 [pid 8437] chdir("./file0") = 0 [pid 8437] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8435] <... mount resumed>) = 0 [pid 5065] umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8439] <... close resumed>) = 0 [pid 8437] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8439] symlink("/dev/binderfs", "./binderfs" [pid 8437] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8437] <... futex resumed>) = 1 [pid 8439] <... symlink resumed>) = 0 [pid 8434] <... futex resumed>) = 0 [pid 8437] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8434] exit_group(0) = ? [pid 5065] <... openat resumed>) = 3 [pid 8437] <... futex resumed>) = ? [pid 8437] +++ exited with 0 +++ [pid 8435] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8435] chdir("./file0") = 0 [pid 8435] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8434] +++ exited with 0 +++ [pid 8440] close(3 [pid 8439] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8440] <... close resumed>) = 0 [pid 8439] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8435] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8434, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 8439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8440] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8435] <... futex resumed>) = 1 [pid 8433] <... futex resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8440] <... futex resumed>) = 0 [pid 8439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8433] exit_group(0) = ? [pid 8440] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8439] <... mmap resumed>) = 0x7f6713892000 [pid 5065] newfstatat(AT_FDCWD, "./334/binderfs", [pid 5062] <... restart_syscall resumed>) = 0 [pid 8440] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8439] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8439] <... mprotect resumed>) = 0 [pid 8435] +++ exited with 0 +++ [pid 8433] +++ exited with 0 +++ [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8440] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8433, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5065] unlink("./334/binderfs" [pid 8440] <... mprotect resumed>) = 0 [pid 8439] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... unlink resumed>) = 0 [pid 5062] umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8440] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8439] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8440] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8442 attached ./strace-static-x86_64: Process 8441 attached [pid 8439] <... clone3 resumed> => {parent_tid=[8441]}, 88) = 8441 [pid 5066] <... openat resumed>) = 3 [pid 5062] openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8439] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] newfstatat(3, "", [pid 5062] <... openat resumed>) = 3 [pid 8442] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8441] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8440] <... clone3 resumed> => {parent_tid=[8442]}, 88) = 8442 [pid 8439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(3, "", [pid 8442] <... rseq resumed>) = 0 [pid 8441] <... rseq resumed>) = 0 [pid 8440] rt_sigprocmask(SIG_SETMASK, [], [pid 8439] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8442] set_robust_list(0x7f67138b29a0, 24 [pid 8441] set_robust_list(0x7f67138b29a0, 24 [pid 8440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8439] <... futex resumed>) = 0 [pid 8442] <... set_robust_list resumed>) = 0 [pid 8441] <... set_robust_list resumed>) = 0 [pid 8440] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8442] rt_sigprocmask(SIG_SETMASK, [], [pid 8441] rt_sigprocmask(SIG_SETMASK, [], [pid 8440] <... futex resumed>) = 0 [pid 8439] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8440] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] newfstatat(AT_FDCWD, "./334/file0", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] getdents64(3, [pid 8441] memfd_create("syzkaller", 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8442] memfd_create("syzkaller", 0 [pid 8441] <... memfd_create resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./334/binderfs", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8442] <... memfd_create resumed>) = 3 [pid 8441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8441] <... mmap resumed>) = 0x7f670b400000 [pid 5066] unlink("./334/binderfs" [pid 8442] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... unlink resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5062] newfstatat(AT_FDCWD, "./331/binderfs", [pid 5065] newfstatat(4, "", [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] unlink("./331/binderfs" [pid 5065] getdents64(4, [pid 5062] <... unlink resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 5062] <... umount2 resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./334/file0") = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5062] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./334" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./331/file0", [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] mkdir("./335", 0777 [pid 5062] umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] newfstatat(4, "", [pid 5065] <... openat resumed>) = 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 8442] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... umount2 resumed>) = 0 [pid 8441] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] rmdir("./331/file0" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./334/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5062] getdents64(3, [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 5066] close(4) = 0 [pid 5062] <... close resumed>) = 0 [pid 5066] rmdir("./334/file0" [pid 5062] rmdir("./331") = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5062] mkdir("./332", 0777 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5062] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./334") = 0 [pid 5066] mkdir("./335", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... ioctl resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8441] <... write resumed>) = 2097152 [pid 8442] <... write resumed>) = 2097152 [pid 8441] munmap(0x7f670b400000, 138412032 [pid 8442] munmap(0x7f670b400000, 138412032 [pid 8441] <... munmap resumed>) = 0 [pid 5065] close(3 [pid 8441] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8442] <... munmap resumed>) = 0 [pid 8442] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8441] <... openat resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 8442] <... openat resumed>) = 4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8442] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8443 ./strace-static-x86_64: Process 8443 attached [pid 8443] set_robust_list(0x5555569076a0, 24) = 0 [pid 8443] chdir("./335") = 0 [pid 8443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8443] setpgid(0, 0) = 0 [pid 8443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8443] write(3, "1000", 4) = 4 [pid 8443] close(3 [pid 8442] <... ioctl resumed>) = 0 [pid 8443] <... close resumed>) = 0 [pid 8443] symlink("/dev/binderfs", "./binderfs" [pid 8442] close(3 [pid 8443] <... symlink resumed>) = 0 [pid 8442] <... close resumed>) = 0 [pid 8441] ioctl(4, LOOP_SET_FD, 3 [pid 8442] close(4) = 0 [pid 8442] mkdir("./file0", 0777 [pid 8443] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8442] <... mkdir resumed>) = 0 [pid 8442] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8443] <... futex resumed>) = 0 [pid 8443] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8441] <... ioctl resumed>) = 0 [pid 8443] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8443] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 8444 attached [pid 8444] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8443] <... clone3 resumed> => {parent_tid=[8444]}, 88) = 8444 [pid 8444] <... rseq resumed>) = 0 [pid 8444] set_robust_list(0x7f67138b29a0, 24 [pid 8443] rt_sigprocmask(SIG_SETMASK, [], [pid 8444] <... set_robust_list resumed>) = 0 [pid 8443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8444] rt_sigprocmask(SIG_SETMASK, [], [pid 8443] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8441] close(3 [pid 8444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8443] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8444] memfd_create("syzkaller", 0 [pid 8441] <... close resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8441] close(4 [pid 8444] <... memfd_create resumed>) = 3 [pid 8441] <... close resumed>) = 0 [pid 8444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8441] mkdir("./file0", 0777 [pid 5066] close(3 [pid 8444] <... mmap resumed>) = 0x7f670b400000 [pid 8441] <... mkdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 8441] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8445 attached [pid 8445] set_robust_list(0x5555569076a0, 24) = 0 [pid 8445] chdir("./335" [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8445 [pid 5062] close(3 [pid 8445] <... chdir resumed>) = 0 [pid 8442] <... mount resumed>) = 0 [pid 5062] <... close resumed>) = 0 [ 284.698910][ T8442] loop1: detected capacity change from 0 to 4096 [ 284.728219][ T8441] loop2: detected capacity change from 0 to 4096 [pid 8445] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8445] <... prctl resumed>) = 0 [pid 8442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8445] setpgid(0, 0 [pid 8442] <... openat resumed>) = 3 [pid 8445] <... setpgid resumed>) = 0 [pid 8442] chdir("./file0" [pid 8445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8442] <... chdir resumed>) = 0 [pid 8445] <... openat resumed>) = 3 [pid 8442] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8446 attached [pid 8445] write(3, "1000", 4 [pid 8442] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8445] <... write resumed>) = 4 [pid 8442] <... futex resumed>) = 1 [pid 8445] close(3 [pid 8442] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8440] <... futex resumed>) = 0 [pid 8445] <... close resumed>) = 0 [pid 8440] exit_group(0 [pid 8446] set_robust_list(0x5555569076a0, 24 [pid 8445] symlink("/dev/binderfs", "./binderfs" [pid 8440] <... exit_group resumed>) = ? [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8446 [pid 8446] <... set_robust_list resumed>) = 0 [pid 8445] <... symlink resumed>) = 0 [pid 8442] <... futex resumed>) = ? [pid 8442] +++ exited with 0 +++ [pid 8445] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8445] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8445] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8446] chdir("./332" [pid 8445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8447]}, 88) = 8447 [pid 8445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8446] <... chdir resumed>) = 0 [pid 8445] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8440] +++ exited with 0 +++ [pid 8446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 8447 attached [pid 8446] setpgid(0, 0 [pid 8445] <... futex resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8440, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8446] <... setpgid resumed>) = 0 [pid 8447] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8445] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8447] <... rseq resumed>) = 0 [pid 8446] <... openat resumed>) = 3 [pid 8447] set_robust_list(0x7f67138b29a0, 24 [pid 8446] write(3, "1000", 4 [pid 8447] <... set_robust_list resumed>) = 0 [pid 8446] <... write resumed>) = 4 [pid 8447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8447] memfd_create("syzkaller", 0 [pid 8446] close(3) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8447] <... memfd_create resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 8447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 8447] <... mmap resumed>) = 0x7f670b400000 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8446] symlink("/dev/binderfs", "./binderfs" [pid 8441] <... mount resumed>) = 0 [pid 5063] umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./339/binderfs", [pid 8446] <... symlink resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] unlink("./339/binderfs" [pid 8441] <... openat resumed>) = 3 [pid 5063] <... unlink resumed>) = 0 [pid 8441] chdir("./file0" [pid 8446] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8441] <... chdir resumed>) = 0 [pid 8446] <... futex resumed>) = 0 [pid 8446] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8444] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8441] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8446] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8441] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8441] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8446] <... mmap resumed>) = 0x7f6713892000 [pid 8441] <... futex resumed>) = 1 [pid 8439] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8446] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8439] exit_group(0 [pid 8446] <... mprotect resumed>) = 0 [pid 8439] <... exit_group resumed>) = ? [pid 8446] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8441] +++ exited with 0 +++ [pid 8439] +++ exited with 0 +++ [pid 8446] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8439, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5063] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... restart_syscall resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./339/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8448 attached [pid 5063] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8448] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5064] umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8448] <... rseq resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8448] set_robust_list(0x7f67138b29a0, 24 [pid 5064] <... openat resumed>) = 3 [pid 8448] <... set_robust_list resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 8448] rt_sigprocmask(SIG_SETMASK, [], [pid 8446] <... clone3 resumed> => {parent_tid=[8448]}, 88) = 8448 [pid 5063] newfstatat(4, "", [pid 8448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8446] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8448] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] newfstatat(3, "", [pid 5063] getdents64(4, [pid 8446] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4 [pid 8446] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] rmdir("./339/file0" [pid 5064] getdents64(3, [pid 5063] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] getdents64(3, [pid 5064] umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] close(3) = 0 [pid 5063] rmdir("./339") = 0 [pid 5064] newfstatat(AT_FDCWD, "./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./336/binderfs" [pid 5063] mkdir("./340", 0777 [pid 5064] <... unlink resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5064] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8448] <... futex resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8448] memfd_create("syzkaller", 0) = 3 [pid 5064] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8448] <... mmap resumed>) = 0x7f670b400000 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./336/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./336") = 0 [pid 8447] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8444] <... write resumed>) = 2097152 [pid 5064] mkdir("./337", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8444] munmap(0x7f670b400000, 138412032) = 0 [pid 8444] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8448] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8444] <... openat resumed>) = 4 [pid 5063] <... ioctl resumed>) = 0 [pid 8444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8447] <... write resumed>) = 2097152 [pid 8447] munmap(0x7f670b400000, 138412032 [pid 8444] close(3) = 0 [pid 8444] close(4) = 0 [pid 5063] close(3 [pid 8444] mkdir("./file0", 0777 [pid 8447] <... munmap resumed>) = 0 [pid 8444] <... mkdir resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8449 attached [pid 8447] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8444] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8449 [pid 8447] <... openat resumed>) = 4 [ 284.968225][ T8444] loop3: detected capacity change from 0 to 4096 [pid 8447] ioctl(4, LOOP_SET_FD, 3 [pid 8449] set_robust_list(0x5555569076a0, 24 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 8449] <... set_robust_list resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8449] chdir("./340") = 0 [pid 8449] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8450 ./strace-static-x86_64: Process 8450 attached [pid 8447] <... ioctl resumed>) = 0 [pid 8450] set_robust_list(0x5555569076a0, 24 [pid 8447] close(3 [pid 8450] <... set_robust_list resumed>) = 0 [pid 8447] <... close resumed>) = 0 [pid 8450] chdir("./337" [pid 8447] close(4 [pid 8450] <... chdir resumed>) = 0 [pid 8447] <... close resumed>) = 0 [pid 8450] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8447] mkdir("./file0", 0777 [pid 8450] <... prctl resumed>) = 0 [pid 8449] <... prctl resumed>) = 0 [pid 8449] setpgid(0, 0 [pid 8450] setpgid(0, 0 [pid 8449] <... setpgid resumed>) = 0 [pid 8447] <... mkdir resumed>) = 0 [pid 8450] <... setpgid resumed>) = 0 [pid 8450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8450] <... openat resumed>) = 3 [pid 8447] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8450] write(3, "1000", 4 [pid 8449] <... openat resumed>) = 3 [pid 8448] <... write resumed>) = 2097152 [pid 8449] write(3, "1000", 4 [pid 8450] <... write resumed>) = 4 [pid 8449] <... write resumed>) = 4 [pid 8448] munmap(0x7f670b400000, 138412032 [pid 8450] close(3 [pid 8449] close(3 [pid 8450] <... close resumed>) = 0 [pid 8449] <... close resumed>) = 0 [pid 8450] symlink("/dev/binderfs", "./binderfs" [pid 8449] symlink("/dev/binderfs", "./binderfs" [pid 8450] <... symlink resumed>) = 0 [pid 8450] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8450] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8450] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [ 285.010639][ T8447] loop4: detected capacity change from 0 to 4096 [pid 8450] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8449] <... symlink resumed>) = 0 [pid 8450] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8449] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8451 attached [pid 8450] <... clone3 resumed> => {parent_tid=[8451]}, 88) = 8451 [pid 8449] <... futex resumed>) = 0 [pid 8448] <... munmap resumed>) = 0 [pid 8449] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8451] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8450] rt_sigprocmask(SIG_SETMASK, [], [pid 8449] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8451] <... rseq resumed>) = 0 [pid 8450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8449] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8451] set_robust_list(0x7f67138b29a0, 24 [pid 8450] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8448] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8451] <... set_robust_list resumed>) = 0 [pid 8450] <... futex resumed>) = 0 [pid 8449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8448] <... openat resumed>) = 4 [pid 8447] <... mount resumed>) = 0 [pid 8444] <... mount resumed>) = 0 [pid 8451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8450] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8448] ioctl(4, LOOP_SET_FD, 3 [pid 8444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8451] memfd_create("syzkaller", 0 [pid 8449] <... mmap resumed>) = 0x7f6713892000 [pid 8444] <... openat resumed>) = 3 [pid 8447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8451] <... memfd_create resumed>) = 3 [pid 8447] <... openat resumed>) = 3 [pid 8451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8447] chdir("./file0" [pid 8451] <... mmap resumed>) = 0x7f670b400000 [pid 8447] <... chdir resumed>) = 0 [pid 8447] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8447] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8445] <... futex resumed>) = 0 [pid 8449] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8447] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8445] exit_group(0 [pid 8444] chdir("./file0" [pid 8449] <... mprotect resumed>) = 0 [pid 8448] <... ioctl resumed>) = 0 [pid 8447] <... futex resumed>) = ? [pid 8445] <... exit_group resumed>) = ? [pid 8444] <... chdir resumed>) = 0 [pid 8449] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8448] close(3 [pid 8447] +++ exited with 0 +++ [pid 8444] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8449] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8448] <... close resumed>) = 0 [pid 8444] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8448] close(4 [pid 8444] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8448] <... close resumed>) = 0 [pid 8444] <... futex resumed>) = 1 [pid 8443] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8452 attached [pid 8444] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8452] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8449] <... clone3 resumed> => {parent_tid=[8452]}, 88) = 8452 [pid 8448] mkdir("./file0", 0777 [pid 8452] <... rseq resumed>) = 0 [pid 8449] rt_sigprocmask(SIG_SETMASK, [], [pid 8448] <... mkdir resumed>) = 0 [pid 8445] +++ exited with 0 +++ [pid 8443] exit_group(0 [pid 8452] set_robust_list(0x7f67138b29a0, 24 [pid 8449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8448] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8444] <... futex resumed>) = ? [pid 8443] <... exit_group resumed>) = ? [pid 8449] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8444] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8445, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 8449] <... futex resumed>) = 0 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 8449] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... restart_syscall resumed>) = 0 [pid 8452] <... set_robust_list resumed>) = 0 [pid 8452] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8452] memfd_create("syzkaller", 0 [pid 5066] openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8452] <... memfd_create resumed>) = 3 [pid 8443] +++ exited with 0 +++ [pid 5066] getdents64(3, [pid 8452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8443, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8452] <... mmap resumed>) = 0x7f670b400000 [pid 5066] umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./335/binderfs") = 0 [ 285.109401][ T8448] loop0: detected capacity change from 0 to 4096 [pid 5066] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(3, "", [pid 5066] newfstatat(AT_FDCWD, "./335/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(3, [pid 5066] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8451] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(AT_FDCWD, "./335/binderfs", [pid 5066] getdents64(4, [pid 8448] <... mount resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./335/file0" [pid 8448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... rmdir resumed>) = 0 [pid 5065] unlink("./335/binderfs" [pid 8448] <... openat resumed>) = 3 [pid 5065] <... unlink resumed>) = 0 [pid 8448] chdir("./file0" [pid 5065] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8448] <... chdir resumed>) = 0 [pid 5066] getdents64(3, [pid 8448] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8448] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] close(3 [pid 8448] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... close resumed>) = 0 [pid 8448] <... futex resumed>) = 1 [pid 8446] <... futex resumed>) = 0 [pid 5066] rmdir("./335" [pid 8448] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8446] exit_group(0 [pid 8448] <... futex resumed>) = ? [pid 8446] <... exit_group resumed>) = ? [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5066] mkdir("./336", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8452] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8448] +++ exited with 0 +++ [pid 8446] +++ exited with 0 +++ [pid 5065] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8446, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5065] newfstatat(AT_FDCWD, "./335/file0", [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... restart_syscall resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 8451] <... write resumed>) = 2097152 [pid 5065] rmdir("./335/file0" [pid 5062] openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8451] munmap(0x7f670b400000, 138412032 [pid 5065] <... rmdir resumed>) = 0 [pid 8451] <... munmap resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8452] <... write resumed>) = 2097152 [pid 8451] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] getdents64(3, [pid 8452] munmap(0x7f670b400000, 138412032 [pid 8451] <... openat resumed>) = 4 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] newfstatat(3, "", [pid 5065] close(3 [pid 8451] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./335" [pid 8452] <... munmap resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8452] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] getdents64(3, [pid 8452] <... openat resumed>) = 4 [pid 5065] mkdir("./336", 0777 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8451] <... ioctl resumed>) = 0 [pid 8452] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8451] close(3 [pid 5066] close(3 [pid 8451] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 8451] close(4) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8453 attached [pid 8452] <... ioctl resumed>) = 0 [pid 8451] mkdir("./file0", 0777 [pid 5062] newfstatat(AT_FDCWD, "./332/binderfs", [pid 8453] set_robust_list(0x5555569076a0, 24 [pid 8452] close(3 [pid 8451] <... mkdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8453 [pid 8453] <... set_robust_list resumed>) = 0 [pid 8452] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8453] chdir("./336" [pid 8452] close(4 [pid 5062] unlink("./332/binderfs" [pid 8453] <... chdir resumed>) = 0 [pid 8452] <... close resumed>) = 0 [pid 8451] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8453] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8452] mkdir("./file0", 0777 [pid 5062] <... unlink resumed>) = 0 [pid 8453] <... prctl resumed>) = 0 [pid 5062] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8453] setpgid(0, 0 [pid 8452] <... mkdir resumed>) = 0 [pid 8453] <... setpgid resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8452] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8453] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./332/file0", [pid 8453] write(3, "1000", 4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8453] <... write resumed>) = 4 [pid 8453] close(3 [pid 5062] umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8453] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8453] symlink("/dev/binderfs", "./binderfs" [pid 5062] openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8453] <... symlink resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8453] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8453] <... futex resumed>) = 0 [ 285.282881][ T8451] loop2: detected capacity change from 0 to 4096 [ 285.304226][ T8452] loop1: detected capacity change from 0 to 4096 [pid 5062] getdents64(4, [pid 8453] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8453] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] getdents64(4, [pid 8453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] close(4 [pid 8453] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... ioctl resumed>) = 0 [pid 8453] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... close resumed>) = 0 [pid 8453] <... mprotect resumed>) = 0 [pid 5062] rmdir("./332/file0" [pid 8453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] getdents64(3, ./strace-static-x86_64: Process 8454 attached [pid 8453] <... clone3 resumed> => {parent_tid=[8454]}, 88) = 8454 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8454] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8453] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] close(3 [pid 8454] <... rseq resumed>) = 0 [pid 8453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8451] <... mount resumed>) = 0 [pid 8454] set_robust_list(0x7f67138b29a0, 24 [pid 8453] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] close(3 [pid 5062] <... close resumed>) = 0 [pid 8454] <... set_robust_list resumed>) = 0 [pid 8453] <... futex resumed>) = 0 [pid 8451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] rmdir("./332" [pid 8454] rt_sigprocmask(SIG_SETMASK, [], [pid 8453] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... close resumed>) = 0 [pid 8454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8452] <... mount resumed>) = 0 [pid 8451] <... openat resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... rmdir resumed>) = 0 [pid 8454] memfd_create("syzkaller", 0 [pid 8452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8451] chdir("./file0" [pid 5062] mkdir("./333", 0777 [pid 8454] <... memfd_create resumed>) = 3 [pid 8451] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 8455 attached [pid 8454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8452] <... openat resumed>) = 3 [pid 8451] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... mkdir resumed>) = 0 [pid 8455] set_robust_list(0x5555569076a0, 24 [pid 8454] <... mmap resumed>) = 0x7f670b400000 [pid 8451] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8455] <... set_robust_list resumed>) = 0 [pid 8452] chdir("./file0" [pid 8451] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8455] chdir("./336" [pid 8452] <... chdir resumed>) = 0 [pid 8451] <... futex resumed>) = 1 [pid 8450] <... futex resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8455 [pid 8455] <... chdir resumed>) = 0 [pid 8452] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8451] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8450] exit_group(0 [pid 5062] <... openat resumed>) = 3 [pid 8455] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8452] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8451] <... futex resumed>) = ? [pid 8450] <... exit_group resumed>) = ? [pid 8455] <... prctl resumed>) = 0 [pid 8452] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8451] +++ exited with 0 +++ [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8455] setpgid(0, 0) = 0 [pid 8455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8452] <... futex resumed>) = 1 [pid 8449] <... futex resumed>) = 0 [pid 8452] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8449] exit_group(0 [pid 8455] <... openat resumed>) = 3 [pid 8452] <... futex resumed>) = ? [pid 8449] <... exit_group resumed>) = ? [pid 8452] +++ exited with 0 +++ [pid 8455] write(3, "1000", 4) = 4 [pid 8455] close(3) = 0 [pid 8450] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8450, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8449] +++ exited with 0 +++ [pid 8455] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8449, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5064] umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 8455] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... restart_syscall resumed>) = 0 [pid 8455] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8455] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... openat resumed>) = 3 [pid 5063] umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8455] <... mmap resumed>) = 0x7f6713892000 [pid 5063] openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(3, "", [pid 8455] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 5063] newfstatat(3, "", [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8455] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(3, [pid 8455] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8455] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] newfstatat(AT_FDCWD, "./337/binderfs", [pid 5063] umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8456 attached [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./340/binderfs", [pid 8456] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8455] <... clone3 resumed> => {parent_tid=[8456]}, 88) = 8456 [pid 5064] unlink("./337/binderfs" [pid 8456] <... rseq resumed>) = 0 [pid 8455] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8456] set_robust_list(0x7f67138b29a0, 24 [pid 8455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5063] unlink("./340/binderfs" [pid 8456] <... set_robust_list resumed>) = 0 [pid 8455] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8456] rt_sigprocmask(SIG_SETMASK, [], [pid 8455] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8456] memfd_create("syzkaller", 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8456] <... memfd_create resumed>) = 3 [pid 8456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8454] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... ioctl resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./340/file0", [pid 5064] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(AT_FDCWD, "./337/file0", [pid 5062] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8457 [pid 5063] getdents64(4, [pid 5064] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5064] openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] rmdir("./340/file0"./strace-static-x86_64: Process 8457 attached [pid 8457] set_robust_list(0x5555569076a0, 24 [pid 5063] <... rmdir resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5063] getdents64(3, [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] close(3 [pid 5064] getdents64(4, [pid 8457] <... set_robust_list resumed>) = 0 [pid 8457] chdir("./333") = 0 [pid 8457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... close resumed>) = 0 [pid 8457] setpgid(0, 0 [pid 5064] close(4 [pid 5063] rmdir("./340" [pid 8457] <... setpgid resumed>) = 0 [pid 8457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8457] <... openat resumed>) = 3 [pid 8456] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] rmdir("./337/file0" [pid 5063] mkdir("./341", 0777 [pid 8457] write(3, "1000", 4) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 8457] close(3 [pid 8454] <... write resumed>) = 2097152 [pid 5064] getdents64(3, [pid 5063] <... mkdir resumed>) = 0 [pid 8457] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8457] symlink("/dev/binderfs", "./binderfs" [pid 5064] close(3 [pid 5063] <... openat resumed>) = 3 [pid 8457] <... symlink resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8457] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] rmdir("./337" [pid 8457] <... futex resumed>) = 0 [pid 8457] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8454] munmap(0x7f670b400000, 138412032 [pid 5064] <... rmdir resumed>) = 0 [pid 8457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8454] <... munmap resumed>) = 0 [pid 8457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] mkdir("./338", 0777 [pid 8457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5064] <... mkdir resumed>) = 0 [pid 8457] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8457] <... mprotect resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8458]}, 88) = 8458 [pid 8457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8457] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8457] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8458 attached [pid 8458] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8458] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8458] memfd_create("syzkaller", 0 [pid 8454] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8458] <... memfd_create resumed>) = 3 [pid 8456] <... write resumed>) = 2097152 [pid 8456] munmap(0x7f670b400000, 138412032 [pid 8458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8454] ioctl(4, LOOP_SET_FD, 3 [pid 8458] <... mmap resumed>) = 0x7f670b400000 [pid 8456] <... munmap resumed>) = 0 [pid 8454] <... ioctl resumed>) = 0 [pid 8454] close(3) = 0 [pid 8454] close(4) = 0 [pid 8454] mkdir("./file0", 0777) = 0 [pid 8454] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8456] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 285.576121][ T8454] loop4: detected capacity change from 0 to 4096 [pid 8456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8456] close(3 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] close(3 [pid 8456] <... close resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8456] close(4) = 0 [pid 8454] <... mount resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8456] mkdir("./file0", 0777 [pid 8458] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8454] chdir("./file0"./strace-static-x86_64: Process 8459 attached [pid 8456] <... mkdir resumed>) = 0 [pid 8454] <... chdir resumed>) = 0 [pid 8454] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8459] set_robust_list(0x5555569076a0, 24 [pid 8456] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8454] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8459] <... set_robust_list resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8459 [pid 8459] chdir("./341") = 0 [ 285.621792][ T8456] loop3: detected capacity change from 0 to 4096 [pid 8454] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8459] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8454] <... futex resumed>) = 1 [pid 8453] <... futex resumed>) = 0 [pid 8454] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8459] <... prctl resumed>) = 0 [pid 5064] close(3 [pid 8453] exit_group(0) = ? [pid 8459] setpgid(0, 0 [pid 8454] <... futex resumed>) = ? [pid 5064] <... close resumed>) = 0 [pid 8459] <... setpgid resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8459] write(3, "1000", 4) = 4 [pid 8459] close(3 [pid 8454] +++ exited with 0 +++ [pid 8453] +++ exited with 0 +++ [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8460 ./strace-static-x86_64: Process 8460 attached [pid 8459] <... close resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8453, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 8460] set_robust_list(0x5555569076a0, 24 [pid 8459] symlink("/dev/binderfs", "./binderfs" [pid 5066] umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8459] <... symlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 8460] <... set_robust_list resumed>) = 0 [pid 8459] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8460] chdir("./338" [pid 8459] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8456] <... mount resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8460] <... chdir resumed>) = 0 [pid 8459] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8460] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8460] <... prctl resumed>) = 0 [pid 8459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8456] <... openat resumed>) = 3 [pid 5066] umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8460] setpgid(0, 0 [pid 8459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8456] chdir("./file0" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8460] <... setpgid resumed>) = 0 [pid 8456] <... chdir resumed>) = 0 [pid 8460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8459] <... mmap resumed>) = 0x7f6713892000 [pid 8456] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] newfstatat(AT_FDCWD, "./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8456] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] unlink("./336/binderfs" [pid 8456] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8460] <... openat resumed>) = 3 [pid 8459] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8456] <... futex resumed>) = 1 [pid 5066] <... unlink resumed>) = 0 [pid 8456] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8459] <... mprotect resumed>) = 0 [pid 8455] <... futex resumed>) = 0 [pid 5066] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8460] write(3, "1000", 4 [pid 8459] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8455] exit_group(0 [pid 5066] <... umount2 resumed>) = 0 [pid 8460] <... write resumed>) = 4 [pid 8460] close(3 [pid 8459] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8460] <... close resumed>) = 0 [pid 8459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8458] <... write resumed>) = 2097152 [pid 8456] <... futex resumed>) = ? [pid 8455] <... exit_group resumed>) = ? [pid 5066] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8460] symlink("/dev/binderfs", "./binderfs" [pid 8456] +++ exited with 0 +++ [pid 8460] <... symlink resumed>) = 0 [pid 8458] munmap(0x7f670b400000, 138412032 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8461 attached [pid 8460] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8459] <... clone3 resumed> => {parent_tid=[8461]}, 88) = 8461 [pid 8458] <... munmap resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./336/file0", [pid 8460] <... futex resumed>) = 0 [pid 8459] rt_sigprocmask(SIG_SETMASK, [], [pid 8461] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8455] +++ exited with 0 +++ [pid 8461] <... rseq resumed>) = 0 [pid 8460] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8455, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 8461] set_robust_list(0x7f67138b29a0, 24 [pid 8459] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 8461] <... set_robust_list resumed>) = 0 [pid 8460] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8459] <... futex resumed>) = 0 [pid 5065] <... restart_syscall resumed>) = 0 [pid 8461] rt_sigprocmask(SIG_SETMASK, [], [pid 8460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8459] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8460] <... mmap resumed>) = 0x7f6713892000 [pid 5066] openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8460] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8461] memfd_create("syzkaller", 0 [pid 5066] <... openat resumed>) = 4 [pid 8461] <... memfd_create resumed>) = 3 [pid 8460] <... mprotect resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5065] umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8458] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8461] <... mmap resumed>) = 0x7f670b400000 [pid 8460] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8458] <... openat resumed>) = 4 [pid 5066] getdents64(4, [pid 5065] openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8460] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... openat resumed>) = 3 [pid 8460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8458] ioctl(4, LOOP_SET_FD, 3 [pid 5066] getdents64(4, [pid 5065] newfstatat(3, "", ./strace-static-x86_64: Process 8462 attached [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8460] <... clone3 resumed> => {parent_tid=[8462]}, 88) = 8462 [pid 5066] close(4 [pid 8460] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... close resumed>) = 0 [pid 8460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] rmdir("./336/file0" [pid 8460] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... rmdir resumed>) = 0 [pid 8460] <... futex resumed>) = 0 [pid 5066] getdents64(3, [pid 8462] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8460] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8462] <... rseq resumed>) = 0 [pid 5066] close(3 [pid 8462] set_robust_list(0x7f67138b29a0, 24 [pid 5066] <... close resumed>) = 0 [pid 5065] getdents64(3, [pid 8462] <... set_robust_list resumed>) = 0 [pid 5066] rmdir("./336" [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8462] rt_sigprocmask(SIG_SETMASK, [], [pid 8458] <... ioctl resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8458] close(3 [pid 5066] mkdir("./337", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8462] memfd_create("syzkaller", 0 [pid 8458] <... close resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./336/binderfs", [pid 8462] <... memfd_create resumed>) = 3 [pid 8458] close(4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8458] <... close resumed>) = 0 [pid 5065] unlink("./336/binderfs" [pid 8458] mkdir("./file0", 0777 [pid 5065] <... unlink resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8462] <... mmap resumed>) = 0x7f670b400000 [pid 8458] <... mkdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = 0 [pid 8458] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 285.769850][ T8458] loop0: detected capacity change from 0 to 4096 [pid 5065] openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./336/file0") = 0 [pid 8461] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8458] <... mount resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./336" [pid 8462] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 8458] <... openat resumed>) = 3 [pid 5065] mkdir("./337", 0777 [pid 8458] chdir("./file0") = 0 [pid 8458] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... mkdir resumed>) = 0 [pid 8458] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8458] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8457] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8457] exit_group(0) = ? [pid 5065] <... openat resumed>) = 3 [pid 8458] +++ exited with 0 +++ [pid 8457] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8457, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5062] umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8461] <... write resumed>) = 2097152 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8461] munmap(0x7f670b400000, 138412032 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] close(3 [pid 5062] newfstatat(AT_FDCWD, "./333/binderfs", [pid 5066] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] unlink("./333/binderfs") = 0 [pid 8461] <... munmap resumed>) = 0 [pid 5062] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8461] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8463 [pid 8461] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 8463 attached [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8463] set_robust_list(0x5555569076a0, 24 [pid 8461] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8463] <... set_robust_list resumed>) = 0 [pid 8463] chdir("./337") = 0 [pid 8463] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] newfstatat(AT_FDCWD, "./333/file0", [pid 8463] <... prctl resumed>) = 0 [pid 8462] <... write resumed>) = 2097152 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8463] setpgid(0, 0 [pid 8462] munmap(0x7f670b400000, 138412032 [pid 5062] umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8463] <... setpgid resumed>) = 0 [pid 8462] <... munmap resumed>) = 0 [pid 8461] close(3 [pid 8463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8461] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8461] close(4 [pid 5065] <... ioctl resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8463] <... openat resumed>) = 3 [pid 8462] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8461] <... close resumed>) = 0 [pid 5062] newfstatat(4, "", [pid 8463] write(3, "1000", 4 [pid 8462] <... openat resumed>) = 4 [pid 8461] mkdir("./file0", 0777 [pid 5065] close(3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8463] <... write resumed>) = 4 [ 285.913012][ T8461] loop1: detected capacity change from 0 to 4096 [pid 8462] ioctl(4, LOOP_SET_FD, 3 [pid 8461] <... mkdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5062] getdents64(4, [pid 8463] close(3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8463] <... close resumed>) = 0 [pid 5062] close(4 [pid 8463] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... close resumed>) = 0 [pid 8463] <... symlink resumed>) = 0 [pid 5062] rmdir("./333/file0" [pid 8463] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8463] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8463] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8463] <... mmap resumed>) = 0x7f6713892000 [pid 8461] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] getdents64(3, ./strace-static-x86_64: Process 8464 attached [pid 8463] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8464 [pid 8463] <... mprotect resumed>) = 0 [pid 8464] set_robust_list(0x5555569076a0, 24 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8464] <... set_robust_list resumed>) = 0 [pid 8463] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] close(3 [pid 8464] chdir("./337" [pid 8463] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] <... close resumed>) = 0 [pid 8464] <... chdir resumed>) = 0 [pid 8463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] rmdir("./333" [pid 8464] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 8465 attached ) = 0 [pid 8462] <... ioctl resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8465] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8464] setpgid(0, 0 [pid 5062] mkdir("./334", 0777 [pid 8465] <... rseq resumed>) = 0 [pid 8464] <... setpgid resumed>) = 0 [pid 8465] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8463] <... clone3 resumed> => {parent_tid=[8465]}, 88) = 8465 [pid 8462] close(3 [pid 5062] <... mkdir resumed>) = 0 [pid 8465] rt_sigprocmask(SIG_SETMASK, [], [pid 8462] <... close resumed>) = 0 [pid 8465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8463] rt_sigprocmask(SIG_SETMASK, [], [pid 8462] close(4 [pid 8465] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8464] <... openat resumed>) = 3 [pid 8463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8464] write(3, "1000", 4 [pid 8463] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8462] <... close resumed>) = 0 [pid 8465] <... futex resumed>) = 0 [pid 8464] <... write resumed>) = 4 [pid 8463] <... futex resumed>) = 1 [pid 8462] mkdir("./file0", 0777 [pid 5062] <... openat resumed>) = 3 [pid 8465] memfd_create("syzkaller", 0 [pid 8464] close(3 [pid 8463] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8462] <... mkdir resumed>) = 0 [pid 8461] <... mount resumed>) = 0 [pid 8462] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8464] <... close resumed>) = 0 [pid 8464] symlink("/dev/binderfs", "./binderfs" [pid 8461] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8464] <... symlink resumed>) = 0 [pid 8461] <... openat resumed>) = 3 [ 285.956156][ T8462] loop2: detected capacity change from 0 to 4096 [pid 8461] chdir("./file0") = 0 [pid 8461] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8464] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8461] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8465] <... memfd_create resumed>) = 3 [pid 8461] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8464] <... futex resumed>) = 0 [pid 8461] <... futex resumed>) = 1 [pid 8459] <... futex resumed>) = 0 [pid 8461] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8459] exit_group(0 [pid 8464] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8461] <... futex resumed>) = ? [pid 8459] <... exit_group resumed>) = ? [pid 8461] +++ exited with 0 +++ [pid 8465] <... mmap resumed>) = 0x7f670b400000 [pid 8464] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8464] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8459] +++ exited with 0 +++ [pid 8464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8459, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 8464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8464] <... mmap resumed>) = 0x7f6713892000 [pid 5063] openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8464] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... openat resumed>) = 3 [pid 8464] <... mprotect resumed>) = 0 [pid 8464] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8464] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] getdents64(3, ./strace-static-x86_64: Process 8466 attached [pid 8466] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8466] <... rseq resumed>) = 0 [pid 8464] <... clone3 resumed> => {parent_tid=[8466]}, 88) = 8466 [pid 8466] set_robust_list(0x7f67138b29a0, 24 [pid 8464] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8466] <... set_robust_list resumed>) = 0 [pid 8466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8466] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8464] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] newfstatat(AT_FDCWD, "./341/binderfs", [pid 8466] <... futex resumed>) = 0 [pid 8464] <... futex resumed>) = 1 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8466] memfd_create("syzkaller", 0 [pid 8464] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] unlink("./341/binderfs") = 0 [pid 5063] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8466] <... memfd_create resumed>) = 3 [pid 8466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] <... ioctl resumed>) = 0 [pid 8465] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8462] <... mount resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5062] close(3 [pid 8466] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8462] <... openat resumed>) = 3 [pid 8462] chdir("./file0") = 0 [pid 8462] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8462] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8467 attached ) = 1 [pid 8460] <... futex resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./341/file0", [pid 8467] set_robust_list(0x5555569076a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8467 [pid 8467] <... set_robust_list resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8462] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8467] chdir("./334" [pid 5063] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8460] exit_group(0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", [pid 8462] <... futex resumed>) = ? [pid 8460] <... exit_group resumed>) = ? [pid 8467] <... chdir resumed>) = 0 [pid 8462] +++ exited with 0 +++ [pid 8467] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8460] +++ exited with 0 +++ [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8467] <... prctl resumed>) = 0 [pid 5063] getdents64(4, [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8460, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8467] setpgid(0, 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8467] <... setpgid resumed>) = 0 [pid 8465] <... write resumed>) = 2097152 [pid 5063] getdents64(4, [pid 5064] umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5063] close(4 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... close resumed>) = 0 [pid 8467] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 5063] rmdir("./341/file0" [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./338/binderfs" [pid 8467] write(3, "1000", 4 [pid 5064] <... unlink resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5064] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8465] munmap(0x7f670b400000, 138412032 [pid 8467] <... write resumed>) = 4 [pid 5064] <... umount2 resumed>) = 0 [pid 5063] getdents64(3, [pid 8467] close(3 [pid 8466] <... write resumed>) = 2097152 [pid 8465] <... munmap resumed>) = 0 [pid 5064] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8467] <... close resumed>) = 0 [pid 8466] munmap(0x7f670b400000, 138412032 [pid 8465] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8467] symlink("/dev/binderfs", "./binderfs" [pid 8465] <... openat resumed>) = 4 [pid 5064] newfstatat(AT_FDCWD, "./338/file0", [pid 5063] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8465] ioctl(4, LOOP_SET_FD, 3 [pid 5064] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 8467] <... symlink resumed>) = 0 [pid 8466] <... munmap resumed>) = 0 [pid 8467] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8466] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] rmdir("./341" [pid 8467] <... futex resumed>) = 0 [pid 8466] <... openat resumed>) = 4 [pid 8465] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8467] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8466] ioctl(4, LOOP_SET_FD, 3 [pid 8465] close(3 [pid 5064] openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... rmdir resumed>) = 0 [pid 8467] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8465] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 8467] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8466] <... ioctl resumed>) = 0 [pid 8465] close(4 [pid 5064] newfstatat(4, "", [pid 5063] mkdir("./342", 0777 [pid 8467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8466] close(3 [pid 8465] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8466] <... close resumed>) = 0 [pid 8466] close(4 [pid 5064] getdents64(4, [pid 8467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8466] <... close resumed>) = 0 [pid 8465] mkdir("./file0", 0777 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8467] <... mmap resumed>) = 0x7f6713892000 [pid 8466] mkdir("./file0", 0777 [pid 8467] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8466] <... mkdir resumed>) = 0 [pid 8465] <... mkdir resumed>) = 0 [pid 5064] getdents64(4, [pid 5063] <... mkdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8467] <... mprotect resumed>) = 0 [pid 5064] close(4 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./338/file0" [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8467] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8465] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5064] <... rmdir resumed>) = 0 [pid 8467] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8466] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8467] <... clone3 resumed> => {parent_tid=[8468]}, 88) = 8468 [pid 5064] close(3 [pid 8467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] <... close resumed>) = 0 [pid 8467] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 286.181171][ T8465] loop4: detected capacity change from 0 to 4096 [ 286.190335][ T8466] loop3: detected capacity change from 0 to 4096 [pid 8467] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8468 attached [pid 5064] rmdir("./338" [pid 8468] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8468] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8468] memfd_create("syzkaller", 0 [pid 8466] <... mount resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./339", 0777 [pid 8468] <... memfd_create resumed>) = 3 [pid 8468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8468] <... mmap resumed>) = 0x7f670b400000 [pid 8466] <... openat resumed>) = 3 [pid 5064] <... mkdir resumed>) = 0 [pid 8466] chdir("./file0" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8466] <... chdir resumed>) = 0 [pid 8466] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8466] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8466] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8464] <... futex resumed>) = 0 [pid 8466] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8464] exit_group(0 [pid 8466] <... futex resumed>) = ? [pid 8464] <... exit_group resumed>) = ? [pid 8466] +++ exited with 0 +++ [pid 8464] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8464, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5065] umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 8465] <... mount resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8465] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8468] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... ioctl resumed>) = 0 [pid 8465] chdir("./file0" [pid 5063] close(3 [pid 5065] newfstatat(AT_FDCWD, "./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./337/binderfs") = 0 [pid 5065] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 8465] <... chdir resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8465] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8469 attached [pid 8469] set_robust_list(0x5555569076a0, 24) = 0 [pid 8469] chdir("./342") = 0 [pid 8469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8469] setpgid(0, 0) = 0 [pid 8469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8469] write(3, "1000", 4) = 4 [pid 5064] <... ioctl resumed>) = 0 [pid 8465] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8465] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8469] close(3 [pid 8463] <... futex resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8469 [pid 8469] <... close resumed>) = 0 [pid 8463] exit_group(0 [pid 5065] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8465] <... futex resumed>) = ? [pid 8463] <... exit_group resumed>) = ? [pid 8465] +++ exited with 0 +++ [pid 8469] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8469] <... symlink resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./337/file0", [pid 8469] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8469] <... futex resumed>) = 0 [pid 8463] +++ exited with 0 +++ [pid 5065] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3 [pid 8469] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8463, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 8469] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5065] openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... restart_syscall resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 8469] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8470 attached [pid 8469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] newfstatat(4, "", [pid 8470] set_robust_list(0x5555569076a0, 24 [pid 8469] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8470] <... set_robust_list resumed>) = 0 [pid 8469] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] getdents64(4, [pid 8470] chdir("./339" [pid 8469] <... mprotect resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8470] <... chdir resumed>) = 0 [pid 8469] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] getdents64(4, [pid 8470] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8469] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8470] <... prctl resumed>) = 0 [pid 8469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] close(4 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8470 [pid 8470] setpgid(0, 0) = 0 [pid 8469] <... clone3 resumed> => {parent_tid=[8471]}, 88) = 8471 [pid 5066] umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 8470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8469] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rmdir("./337/file0"./strace-static-x86_64: Process 8471 attached [pid 8470] <... openat resumed>) = 3 [pid 8469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8468] <... write resumed>) = 2097152 [pid 5066] openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 8471] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8470] write(3, "1000", 4 [pid 8469] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] getdents64(3, [pid 5066] <... openat resumed>) = 3 [pid 8471] <... rseq resumed>) = 0 [pid 8470] <... write resumed>) = 4 [pid 8469] <... futex resumed>) = 0 [pid 8468] munmap(0x7f670b400000, 138412032 [pid 5066] newfstatat(3, "", [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8471] set_robust_list(0x7f67138b29a0, 24 [pid 8470] close(3 [pid 8469] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] close(3 [pid 8471] <... set_robust_list resumed>) = 0 [pid 8470] <... close resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] <... close resumed>) = 0 [pid 8471] rt_sigprocmask(SIG_SETMASK, [], [pid 8470] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] rmdir("./337" [pid 8471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8470] <... symlink resumed>) = 0 [pid 5066] umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... rmdir resumed>) = 0 [pid 8470] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] mkdir("./338", 0777 [pid 8471] memfd_create("syzkaller", 0 [pid 8470] <... futex resumed>) = 0 [pid 8468] <... munmap resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./337/binderfs", [pid 8470] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8468] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 8468] <... openat resumed>) = 4 [pid 5066] unlink("./337/binderfs" [pid 8470] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8471] <... memfd_create resumed>) = 3 [pid 8468] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... unlink resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8471] <... mmap resumed>) = 0x7f670b400000 [pid 8470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... openat resumed>) = 3 [pid 8470] <... mmap resumed>) = 0x7f6713892000 [pid 8470] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8470] <... mprotect resumed>) = 0 [pid 8470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8472]}, 88) = 8472 ./strace-static-x86_64: Process 8472 attached [pid 8470] rt_sigprocmask(SIG_SETMASK, [], [pid 8472] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8472] <... rseq resumed>) = 0 [pid 8470] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8468] <... ioctl resumed>) = 0 [pid 5066] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8468] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8468] <... close resumed>) = 0 [pid 8472] set_robust_list(0x7f67138b29a0, 24 [pid 8470] <... futex resumed>) = 0 [pid 8468] close(4 [pid 5066] newfstatat(AT_FDCWD, "./337/file0", [pid 8472] <... set_robust_list resumed>) = 0 [pid 8470] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8472] rt_sigprocmask(SIG_SETMASK, [], [pid 8468] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8468] mkdir("./file0", 0777 [pid 5066] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8472] memfd_create("syzkaller", 0 [pid 5066] <... openat resumed>) = 4 [pid 8468] <... mkdir resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8468] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./337/file0" [pid 8472] <... memfd_create resumed>) = 3 [pid 8472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8471] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8472] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [ 286.393509][ T8468] loop0: detected capacity change from 0 to 4096 [pid 5066] rmdir("./337") = 0 [pid 5066] mkdir("./338", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... ioctl resumed>) = 0 [pid 8472] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8468] <... mount resumed>) = 0 [pid 5065] close(3 [pid 8468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 8471] <... write resumed>) = 2097152 [pid 8468] <... openat resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8468] chdir("./file0") = 0 [pid 8468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8468] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8467] <... futex resumed>) = 0 [pid 8468] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8467] exit_group(0./strace-static-x86_64: Process 8473 attached [pid 8468] <... futex resumed>) = ? [pid 8467] <... exit_group resumed>) = ? [pid 8471] munmap(0x7f670b400000, 138412032 [pid 8473] set_robust_list(0x5555569076a0, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8473 [pid 8473] <... set_robust_list resumed>) = 0 [pid 8473] chdir("./338" [pid 8471] <... munmap resumed>) = 0 [pid 8473] <... chdir resumed>) = 0 [pid 8473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8473] setpgid(0, 0 [pid 8468] +++ exited with 0 +++ [pid 8467] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8467, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8471] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... restart_syscall resumed>) = 0 [pid 5062] umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8471] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8471] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... openat resumed>) = 3 [pid 8473] <... setpgid resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 8473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8472] <... write resumed>) = 2097152 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8473] <... openat resumed>) = 3 [pid 8472] munmap(0x7f670b400000, 138412032 [pid 5062] getdents64(3, [pid 8473] write(3, "1000", 4) = 4 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8473] close(3) = 0 [pid 8473] symlink("/dev/binderfs", "./binderfs" [pid 5062] umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./334/binderfs") = 0 [pid 5062] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5062] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8473] <... symlink resumed>) = 0 [pid 8472] <... munmap resumed>) = 0 [pid 8471] <... ioctl resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./334/file0", [pid 8472] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8473] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8472] <... openat resumed>) = 4 [pid 8471] close(3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8472] ioctl(4, LOOP_SET_FD, 3 [pid 8473] <... futex resumed>) = 0 [pid 8471] <... close resumed>) = 0 [pid 5062] umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8473] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8471] close(4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8473] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8471] <... close resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8471] mkdir("./file0", 0777 [pid 8473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8471] <... mkdir resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] newfstatat(4, "", [pid 8473] <... mmap resumed>) = 0x7f6713892000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8473] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8471] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] getdents64(4, [pid 8473] <... mprotect resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8473] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] getdents64(4, [pid 8473] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] close(3 [pid 5062] close(4./strace-static-x86_64: Process 8474 attached [pid 5066] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8474] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] rmdir("./334/file0" [pid 8474] <... rseq resumed>) = 0 [pid 8473] <... clone3 resumed> => {parent_tid=[8474]}, 88) = 8474 [pid 5062] <... rmdir resumed>) = 0 [pid 8472] <... ioctl resumed>) = 0 [pid 8472] close(3 [pid 8474] set_robust_list(0x7f67138b29a0, 24 [pid 8473] rt_sigprocmask(SIG_SETMASK, [], [pid 8472] <... close resumed>) = 0 [pid 8474] <... set_robust_list resumed>) = 0 [pid 8473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8474] rt_sigprocmask(SIG_SETMASK, [], [pid 8473] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] getdents64(3, [pid 8474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8473] <... futex resumed>) = 0 [pid 8472] close(4 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8475 attached [pid 8474] memfd_create("syzkaller", 0 [pid 8473] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8472] <... close resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8475 [pid 5062] close(3 [pid 8475] set_robust_list(0x5555569076a0, 24 [pid 8472] mkdir("./file0", 0777 [pid 8475] <... set_robust_list resumed>) = 0 [pid 8472] <... mkdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8475] chdir("./338" [pid 8472] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] rmdir("./334" [pid 8475] <... chdir resumed>) = 0 [pid 8475] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8474] <... memfd_create resumed>) = 3 [pid 8474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8474] <... mmap resumed>) = 0x7f670b400000 [pid 8475] <... prctl resumed>) = 0 [pid 5062] mkdir("./335", 0777 [pid 8475] setpgid(0, 0) = 0 [pid 8475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... mkdir resumed>) = 0 [pid 8475] <... openat resumed>) = 3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8475] write(3, "1000", 4) = 4 [pid 5062] <... openat resumed>) = 3 [ 286.544026][ T8471] loop1: detected capacity change from 0 to 4096 [ 286.573695][ T8472] loop2: detected capacity change from 0 to 4096 [pid 8475] close(3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8475] <... close resumed>) = 0 [pid 8475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8475] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8475] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8475] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8476 attached [pid 8476] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8475] <... clone3 resumed> => {parent_tid=[8476]}, 88) = 8476 [pid 8476] <... rseq resumed>) = 0 [pid 8475] rt_sigprocmask(SIG_SETMASK, [], [pid 8476] set_robust_list(0x7f67138b29a0, 24 [pid 8475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8476] <... set_robust_list resumed>) = 0 [pid 8475] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8476] rt_sigprocmask(SIG_SETMASK, [], [pid 8475] <... futex resumed>) = 0 [pid 8476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8475] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8476] memfd_create("syzkaller", 0 [pid 8471] <... mount resumed>) = 0 [pid 8476] <... memfd_create resumed>) = 3 [pid 8476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8474] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8472] <... mount resumed>) = 0 [pid 8476] <... mmap resumed>) = 0x7f670b400000 [pid 8472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8471] chdir("./file0") = 0 [pid 8471] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8472] <... openat resumed>) = 3 [pid 8471] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8472] chdir("./file0" [pid 8471] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8472] <... chdir resumed>) = 0 [pid 8471] <... futex resumed>) = 1 [pid 8472] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8471] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8472] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8469] <... futex resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8469] exit_group(0 [pid 8472] <... futex resumed>) = 1 [pid 8471] <... futex resumed>) = ? [pid 8469] <... exit_group resumed>) = ? [pid 8472] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8471] +++ exited with 0 +++ [pid 8469] +++ exited with 0 +++ [pid 8470] <... futex resumed>) = 0 [pid 5062] close(3 [pid 8470] exit_group(0 [pid 5062] <... close resumed>) = 0 [pid 8470] <... exit_group resumed>) = ? [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8472] <... futex resumed>) = ? [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8469, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- ./strace-static-x86_64: Process 8477 attached [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8477 [pid 8477] set_robust_list(0x5555569076a0, 24) = 0 [pid 8477] chdir("./335" [pid 8472] +++ exited with 0 +++ [pid 8470] +++ exited with 0 +++ [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 8477] <... chdir resumed>) = 0 [pid 8477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8477] setpgid(0, 0) = 0 [pid 5063] <... restart_syscall resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8470, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 8477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8477] write(3, "1000", 4) = 4 [pid 8477] close(3) = 0 [pid 8477] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... restart_syscall resumed>) = 0 [pid 5063] umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8477] <... symlink resumed>) = 0 [pid 8476] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8474] <... write resumed>) = 2097152 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8477] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8477] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8477] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8478]}, 88) = 8478 [pid 8477] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... openat resumed>) = 3 [pid 8477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8477] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] newfstatat(3, "", ./strace-static-x86_64: Process 8478 attached [pid 8477] <... futex resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8478] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8477] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] newfstatat(3, "", [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8478] <... rseq resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 8478] set_robust_list(0x7f67138b29a0, 24 [pid 5064] getdents64(3, [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8478] <... set_robust_list resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8478] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./342/binderfs", [pid 8474] munmap(0x7f670b400000, 138412032 [pid 5064] newfstatat(AT_FDCWD, "./339/binderfs", [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8478] memfd_create("syzkaller", 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./342/binderfs" [pid 8478] <... memfd_create resumed>) = 3 [pid 5064] unlink("./339/binderfs" [pid 5063] <... unlink resumed>) = 0 [pid 8478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... unlink resumed>) = 0 [pid 5063] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8478] <... mmap resumed>) = 0x7f670b400000 [pid 8474] <... munmap resumed>) = 0 [pid 8474] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8474] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... umount2 resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(AT_FDCWD, "./342/file0", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(AT_FDCWD, "./339/file0", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8476] <... write resumed>) = 2097152 [pid 5064] <... openat resumed>) = 4 [pid 5063] getdents64(4, [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 5064] getdents64(4, [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4 [pid 5064] close(4 [pid 5063] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] rmdir("./342/file0" [pid 8476] munmap(0x7f670b400000, 138412032 [pid 5064] rmdir("./339/file0" [pid 5063] <... rmdir resumed>) = 0 [pid 8476] <... munmap resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 5064] getdents64(3, [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8478] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8476] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8474] <... ioctl resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 8476] <... openat resumed>) = 4 [pid 8474] close(3 [pid 5064] close(3 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./342" [pid 8476] ioctl(4, LOOP_SET_FD, 3 [pid 8474] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8474] close(4 [pid 5064] rmdir("./339" [pid 8474] <... close resumed>) = 0 [pid 8474] mkdir("./file0", 0777 [pid 5064] <... rmdir resumed>) = 0 [pid 8474] <... mkdir resumed>) = 0 [pid 8474] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8476] <... ioctl resumed>) = 0 [pid 5064] mkdir("./340", 0777 [pid 5063] mkdir("./343", 0777 [pid 5064] <... mkdir resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8476] close(3 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8476] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8476] close(4) = 0 [pid 8476] mkdir("./file0", 0777) = 0 [ 286.796432][ T8474] loop3: detected capacity change from 0 to 4096 [ 286.823655][ T8476] loop4: detected capacity change from 0 to 4096 [pid 8476] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8478] <... write resumed>) = 2097152 [pid 8474] <... mount resumed>) = 0 [pid 8474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8474] chdir("./file0") = 0 [pid 8474] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8474] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8473] <... futex resumed>) = 0 [pid 8474] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8473] exit_group(0 [pid 8478] munmap(0x7f670b400000, 138412032 [pid 8474] <... futex resumed>) = ? [pid 8473] <... exit_group resumed>) = ? [pid 8474] +++ exited with 0 +++ [pid 8476] <... mount resumed>) = 0 [pid 8478] <... munmap resumed>) = 0 [pid 8476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8473] +++ exited with 0 +++ [pid 8476] chdir("./file0" [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8473, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8476] <... chdir resumed>) = 0 [pid 5065] umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./338/binderfs") = 0 [pid 5065] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8476] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8478] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8476] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8478] <... openat resumed>) = 4 [pid 8476] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8478] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... ioctl resumed>) = 0 [pid 8478] <... ioctl resumed>) = 0 [pid 8476] <... futex resumed>) = 1 [pid 8475] <... futex resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 8476] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8478] close(3 [pid 8475] exit_group(0 [pid 5065] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 5063] close(3 [pid 8478] <... close resumed>) = 0 [pid 8476] <... futex resumed>) = ? [pid 8475] <... exit_group resumed>) = ? [pid 8478] close(4 [pid 8476] +++ exited with 0 +++ [pid 5065] newfstatat(AT_FDCWD, "./338/file0", [pid 5064] <... close resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8478] <... close resumed>) = 0 [pid 8475] +++ exited with 0 +++ [pid 8478] mkdir("./file0", 0777 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8475, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5065] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8480 attached ./strace-static-x86_64: Process 8479 attached [pid 8478] <... mkdir resumed>) = 0 [pid 8480] set_robust_list(0x5555569076a0, 24 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8480 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8479 [pid 8480] <... set_robust_list resumed>) = 0 [pid 8478] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 4 [pid 8480] chdir("./340" [pid 5066] openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(4, "", [pid 8479] set_robust_list(0x5555569076a0, 24 [pid 5066] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8480] <... chdir resumed>) = 0 [pid 8479] <... set_robust_list resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 5065] getdents64(4, [pid 8480] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8479] chdir("./343" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 286.949399][ T8478] loop0: detected capacity change from 0 to 4096 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(3, [pid 8480] <... prctl resumed>) = 0 [pid 8479] <... chdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, [pid 5066] umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8479] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8480] setpgid(0, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(4 [pid 8480] <... setpgid resumed>) = 0 [pid 8479] <... prctl resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./338/binderfs", [pid 5065] <... close resumed>) = 0 [pid 8479] setpgid(0, 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] rmdir("./338/file0" [pid 8480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8479] <... setpgid resumed>) = 0 [pid 5066] unlink("./338/binderfs" [pid 5065] <... rmdir resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 8480] <... openat resumed>) = 3 [pid 8479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8480] write(3, "1000", 4 [pid 8479] <... openat resumed>) = 3 [pid 8480] <... write resumed>) = 4 [pid 8479] write(3, "1000", 4 [pid 5065] close(3 [pid 8480] close(3 [pid 8479] <... write resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 8480] <... close resumed>) = 0 [pid 8479] close(3 [pid 5066] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./338" [pid 8480] symlink("/dev/binderfs", "./binderfs" [pid 8479] <... close resumed>) = 0 [pid 8480] <... symlink resumed>) = 0 [pid 8479] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... rmdir resumed>) = 0 [pid 8479] <... symlink resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./338/file0", [pid 5065] mkdir("./339", 0777 [pid 8480] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8480] <... futex resumed>) = 0 [pid 8479] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8480] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8479] <... futex resumed>) = 0 [pid 8480] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8479] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8479] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8480] <... mmap resumed>) = 0x7f6713892000 [pid 8479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8480] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8479] <... mmap resumed>) = 0x7f6713892000 [pid 5066] <... openat resumed>) = 4 [pid 8480] <... mprotect resumed>) = 0 [pid 8479] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8480] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8479] <... mprotect resumed>) = 0 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5065] <... mkdir resumed>) = 0 [pid 8480] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8479] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8479] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 8481 attached [pid 8479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8481] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8480] <... clone3 resumed> => {parent_tid=[8481]}, 88) = 8481 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8481] <... rseq resumed>) = 0 [pid 8480] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... openat resumed>) = 3 [pid 8481] set_robust_list(0x7f67138b29a0, 24 [pid 8480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8479] <... clone3 resumed> => {parent_tid=[8482]}, 88) = 8482 ./strace-static-x86_64: Process 8482 attached [pid 8481] <... set_robust_list resumed>) = 0 [pid 8480] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8479] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] getdents64(4, [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8482] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8481] rt_sigprocmask(SIG_SETMASK, [], [pid 8480] <... futex resumed>) = 0 [pid 8479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8482] <... rseq resumed>) = 0 [pid 8481] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8480] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8479] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8482] set_robust_list(0x7f67138b29a0, 24 [pid 8481] memfd_create("syzkaller", 0 [pid 8479] <... futex resumed>) = 0 [pid 5066] close(4 [pid 8479] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8482] <... set_robust_list resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 8482] rt_sigprocmask(SIG_SETMASK, [], [pid 8481] <... memfd_create resumed>) = 3 [pid 5066] rmdir("./338/file0" [pid 8482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8478] <... mount resumed>) = 0 [pid 8482] memfd_create("syzkaller", 0 [pid 8478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... rmdir resumed>) = 0 [pid 8481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8478] <... openat resumed>) = 3 [pid 8478] chdir("./file0" [pid 5066] getdents64(3, [pid 8478] <... chdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8478] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] close(3) = 0 [pid 8478] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] rmdir("./338" [pid 8478] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8482] <... memfd_create resumed>) = 3 [pid 8478] <... futex resumed>) = 1 [pid 8477] <... futex resumed>) = 0 [pid 8482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8478] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8482] <... mmap resumed>) = 0x7f670b400000 [pid 8477] exit_group(0 [pid 5066] <... rmdir resumed>) = 0 [pid 8478] <... futex resumed>) = ? [pid 8477] <... exit_group resumed>) = ? [pid 8478] +++ exited with 0 +++ [pid 8477] +++ exited with 0 +++ [pid 5066] mkdir("./339", 0777) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8477, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5062] openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, [pid 8481] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./335/binderfs" [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 5062] <... unlink resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5062] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8483 [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8483 attached ) = -1 EINVAL (Invalid argument) [pid 8483] set_robust_list(0x5555569076a0, 24 [pid 5062] newfstatat(AT_FDCWD, "./335/file0", [pid 8483] <... set_robust_list resumed>) = 0 [pid 8482] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8483] chdir("./339" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8481] <... write resumed>) = 2097152 [pid 5062] openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8483] <... chdir resumed>) = 0 [pid 8483] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... openat resumed>) = 4 [pid 8483] <... prctl resumed>) = 0 [pid 5062] newfstatat(4, "", [pid 8483] setpgid(0, 0) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8483] <... openat resumed>) = 3 [pid 5062] getdents64(4, [pid 8483] write(3, "1000", 4 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8483] <... write resumed>) = 4 [pid 8481] munmap(0x7f670b400000, 138412032 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] close(4 [pid 8483] close(3) = 0 [pid 5062] <... close resumed>) = 0 [pid 8483] symlink("/dev/binderfs", "./binderfs" [pid 5062] rmdir("./335/file0" [pid 8483] <... symlink resumed>) = 0 [pid 5066] close(3 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8484 ./strace-static-x86_64: Process 8484 attached [pid 8484] set_robust_list(0x5555569076a0, 24) = 0 [pid 8484] chdir("./339") = 0 [pid 8484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8484] setpgid(0, 0) = 0 [pid 5062] getdents64(3, [pid 8484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8483] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8481] <... munmap resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8484] <... openat resumed>) = 3 [pid 8483] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8481] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] close(3 [pid 8484] write(3, "1000", 4 [pid 8483] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8481] <... openat resumed>) = 4 [pid 8484] <... write resumed>) = 4 [pid 8483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8481] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... close resumed>) = 0 [pid 8484] close(3 [pid 8483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8482] <... write resumed>) = 2097152 [pid 8484] <... close resumed>) = 0 [pid 8484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8484] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8484] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8484] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8484] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8484] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8483] <... mmap resumed>) = 0x7f6713892000 [pid 5062] rmdir("./335" [pid 8483] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... rmdir resumed>) = 0 [pid 8483] <... mprotect resumed>) = 0 [pid 8484] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8483] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] mkdir("./336", 0777./strace-static-x86_64: Process 8485 attached [pid 8483] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8482] munmap(0x7f670b400000, 138412032 [pid 8485] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8484] <... clone3 resumed> => {parent_tid=[8485]}, 88) = 8485 [pid 8483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8482] <... munmap resumed>) = 0 [pid 8481] <... ioctl resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8486 attached [pid 8481] close(3 [pid 8483] <... clone3 resumed> => {parent_tid=[8486]}, 88) = 8486 [pid 8481] <... close resumed>) = 0 [pid 8486] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8486] <... rseq resumed>) = 0 [pid 8483] rt_sigprocmask(SIG_SETMASK, [], [pid 8481] close(4 [pid 8486] set_robust_list(0x7f67138b29a0, 24 [pid 8485] <... rseq resumed>) = 0 [pid 8484] rt_sigprocmask(SIG_SETMASK, [], [pid 8483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8486] <... set_robust_list resumed>) = 0 [pid 8485] set_robust_list(0x7f67138b29a0, 24 [pid 8484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8483] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8486] rt_sigprocmask(SIG_SETMASK, [], [pid 8485] <... set_robust_list resumed>) = 0 [pid 8484] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8483] <... futex resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8485] rt_sigprocmask(SIG_SETMASK, [], [pid 8484] <... futex resumed>) = 0 [pid 8483] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8484] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8486] memfd_create("syzkaller", 0 [pid 8485] memfd_create("syzkaller", 0 [pid 8482] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8486] <... memfd_create resumed>) = 3 [pid 8482] <... openat resumed>) = 4 [pid 8486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8485] <... memfd_create resumed>) = 3 [pid 8481] <... close resumed>) = 0 [pid 8486] <... mmap resumed>) = 0x7f670b400000 [pid 8485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8482] ioctl(4, LOOP_SET_FD, 3 [pid 8481] mkdir("./file0", 0777 [pid 8485] <... mmap resumed>) = 0x7f670b400000 [pid 8482] <... ioctl resumed>) = 0 [pid 8482] close(3 [pid 8481] <... mkdir resumed>) = 0 [pid 8482] <... close resumed>) = 0 [pid 8482] close(4) = 0 [pid 8482] mkdir("./file0", 0777) = 0 [pid 8482] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [ 287.206359][ T8481] loop2: detected capacity change from 0 to 4096 [ 287.241009][ T8482] loop1: detected capacity change from 0 to 4096 [pid 8481] mount("/dev/loop2", "./file0", "ntfs3", 0, "") = 0 [pid 8481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8482] <... mount resumed>) = 0 [pid 8482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8482] chdir("./file0" [pid 8486] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8482] <... chdir resumed>) = 0 [pid 8481] chdir("./file0" [pid 5062] <... ioctl resumed>) = 0 [pid 8482] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8482] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8482] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] close(3 [pid 8481] <... chdir resumed>) = 0 [pid 8479] <... futex resumed>) = 0 [pid 8481] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... close resumed>) = 0 [pid 8479] exit_group(0 [pid 8481] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8482] <... futex resumed>) = ? [pid 8479] <... exit_group resumed>) = ? [pid 8482] +++ exited with 0 +++ [pid 8485] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8479] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8479, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 ./strace-static-x86_64: Process 8487 attached [pid 8487] set_robust_list(0x5555569076a0, 24 [pid 8481] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8487 [pid 8487] <... set_robust_list resumed>) = 0 [pid 8487] chdir("./336" [pid 8481] <... futex resumed>) = 1 [pid 8487] <... chdir resumed>) = 0 [pid 8487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8487] setpgid(0, 0) = 0 [pid 8487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8481] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8480] <... futex resumed>) = 0 [pid 8480] exit_group(0 [pid 5063] umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8481] <... futex resumed>) = ? [pid 8480] <... exit_group resumed>) = ? [pid 8487] write(3, "1000", 4 [pid 8481] +++ exited with 0 +++ [pid 8480] +++ exited with 0 +++ [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8487] <... write resumed>) = 4 [pid 5063] openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8487] close(3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8480, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5063] <... openat resumed>) = 3 [pid 8487] <... close resumed>) = 0 [pid 5063] newfstatat(3, "", [pid 8487] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8487] <... symlink resumed>) = 0 [pid 5064] umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(3, [pid 8487] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8487] <... futex resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8487] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... openat resumed>) = 3 [pid 8487] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] newfstatat(3, "", [pid 5063] newfstatat(AT_FDCWD, "./343/binderfs", [pid 8487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5064] getdents64(3, [pid 5063] unlink("./343/binderfs" [pid 8487] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... unlink resumed>) = 0 [pid 8487] <... mprotect resumed>) = 0 [pid 5064] umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8487] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8487] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] newfstatat(AT_FDCWD, "./340/binderfs", [pid 5063] <... umount2 resumed>) = 0 [pid 8487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./340/binderfs"./strace-static-x86_64: Process 8488 attached [pid 8485] <... write resumed>) = 2097152 [pid 5063] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8488] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8487] <... clone3 resumed> => {parent_tid=[8488]}, 88) = 8488 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8488] <... rseq resumed>) = 0 [pid 8487] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... unlink resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./343/file0", [pid 8488] set_robust_list(0x7f67138b29a0, 24 [pid 8487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8487] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8488] <... set_robust_list resumed>) = 0 [pid 8487] <... futex resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8488] rt_sigprocmask(SIG_SETMASK, [], [pid 8487] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... openat resumed>) = 4 [pid 8488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] newfstatat(4, "", [pid 8488] memfd_create("syzkaller", 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8488] <... memfd_create resumed>) = 3 [pid 8488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5063] getdents64(4, [pid 8488] <... mmap resumed>) = 0x7f670b400000 [pid 5064] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8486] <... write resumed>) = 2097152 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] newfstatat(AT_FDCWD, "./340/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8485] munmap(0x7f670b400000, 138412032 [pid 5064] <... openat resumed>) = 4 [pid 8485] <... munmap resumed>) = 0 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 8486] munmap(0x7f670b400000, 138412032 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 5064] getdents64(4, [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./340/file0") = 0 [pid 5063] close(4 [pid 5064] getdents64(3, [pid 5063] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] rmdir("./343/file0" [pid 5064] close(3) = 0 [pid 5064] rmdir("./340") = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8486] <... munmap resumed>) = 0 [pid 8485] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] mkdir("./341", 0777 [pid 5063] getdents64(3, [pid 8485] <... openat resumed>) = 4 [pid 5064] <... mkdir resumed>) = 0 [pid 8485] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./343" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8486] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8485] <... ioctl resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./344", 0777 [pid 8485] close(3) = 0 [pid 8488] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8486] ioctl(4, LOOP_SET_FD, 3 [pid 8485] close(4 [pid 5063] <... mkdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 8485] <... close resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8485] mkdir("./file0", 0777) = 0 [pid 8485] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8486] <... ioctl resumed>) = 0 [pid 8486] close(3) = 0 [pid 8486] close(4) = 0 [ 287.450117][ T8485] loop4: detected capacity change from 0 to 4096 [ 287.465786][ T8486] loop3: detected capacity change from 0 to 4096 [pid 8486] mkdir("./file0", 0777) = 0 [pid 8488] <... write resumed>) = 2097152 [pid 8486] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5064] <... ioctl resumed>) = 0 [pid 8488] munmap(0x7f670b400000, 138412032 [pid 5063] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] close(3) = 0 [pid 8488] <... munmap resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8489 [pid 8486] <... mount resumed>) = 0 [pid 8486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 8490 attached ) = 3 ./strace-static-x86_64: Process 8489 attached [pid 8489] set_robust_list(0x5555569076a0, 24 [pid 8490] set_robust_list(0x5555569076a0, 24 [pid 8489] <... set_robust_list resumed>) = 0 [pid 8486] chdir("./file0" [pid 8489] chdir("./341" [pid 8486] <... chdir resumed>) = 0 [pid 8486] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8486] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8489] <... chdir resumed>) = 0 [pid 8486] <... futex resumed>) = 1 [pid 8483] <... futex resumed>) = 0 [pid 8489] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8486] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8490] <... set_robust_list resumed>) = 0 [pid 8483] exit_group(0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8490 [pid 8490] chdir("./344" [pid 8489] <... prctl resumed>) = 0 [pid 8488] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8486] <... futex resumed>) = ? [pid 8483] <... exit_group resumed>) = ? [pid 8489] setpgid(0, 0 [pid 8488] <... openat resumed>) = 4 [pid 8486] +++ exited with 0 +++ [pid 8489] <... setpgid resumed>) = 0 [pid 8488] ioctl(4, LOOP_SET_FD, 3 [pid 8490] <... chdir resumed>) = 0 [pid 8489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8483] +++ exited with 0 +++ [pid 8490] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8489] <... openat resumed>) = 3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8483, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 8490] <... prctl resumed>) = 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 8489] write(3, "1000", 4 [pid 8490] setpgid(0, 0 [pid 5065] <... restart_syscall resumed>) = 0 [pid 8489] <... write resumed>) = 4 [pid 8489] close(3) = 0 [pid 5065] umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8490] <... setpgid resumed>) = 0 [pid 8489] symlink("/dev/binderfs", "./binderfs" [pid 8488] <... ioctl resumed>) = 0 [pid 8485] <... mount resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8489] <... symlink resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8489] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8488] close(3 [pid 8485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8489] <... futex resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 8490] <... openat resumed>) = 3 [pid 8489] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8485] <... openat resumed>) = 3 [pid 8490] write(3, "1000", 4 [pid 8489] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8488] <... close resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 8490] <... write resumed>) = 4 [pid 8489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8488] close(4 [pid 8490] close(3 [pid 8489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8488] <... close resumed>) = 0 [pid 8490] <... close resumed>) = 0 [pid 8489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8485] chdir("./file0" [pid 8488] mkdir("./file0", 0777 [pid 5065] getdents64(3, [pid 8490] symlink("/dev/binderfs", "./binderfs" [pid 8485] <... chdir resumed>) = 0 [pid 8489] <... mmap resumed>) = 0x7f6713892000 [pid 8489] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8488] <... mkdir resumed>) = 0 [pid 8489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8491 attached [pid 8491] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8490] <... symlink resumed>) = 0 [pid 8489] <... clone3 resumed> => {parent_tid=[8491]}, 88) = 8491 [pid 8485] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8491] <... rseq resumed>) = 0 [pid 8490] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8489] rt_sigprocmask(SIG_SETMASK, [], [pid 8488] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8491] set_robust_list(0x7f67138b29a0, 24 [pid 8489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8485] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8491] <... set_robust_list resumed>) = 0 [pid 8490] <... futex resumed>) = 0 [pid 8489] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8485] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8491] rt_sigprocmask(SIG_SETMASK, [], [pid 8490] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8489] <... futex resumed>) = 0 [pid 8485] <... futex resumed>) = 1 [pid 8484] <... futex resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./339/binderfs", [pid 8491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8484] exit_group(0 [pid 8489] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8484] <... exit_group resumed>) = ? [pid 8490] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8490] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8485] +++ exited with 0 +++ [pid 5065] unlink("./339/binderfs" [ 287.596164][ T8488] loop0: detected capacity change from 0 to 4096 [pid 8491] memfd_create("syzkaller", 0 [pid 8490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8484] +++ exited with 0 +++ [pid 5065] <... unlink resumed>) = 0 [pid 8491] <... memfd_create resumed>) = 3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8484, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5065] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... umount2 resumed>) = 0 [pid 8490] <... mmap resumed>) = 0x7f6713892000 [pid 5066] umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8490] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8488] <... mount resumed>) = 0 [pid 5065] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8490] <... mprotect resumed>) = 0 [pid 8488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 8491] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8490] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(3, "", [pid 8488] <... openat resumed>) = 3 [pid 8488] chdir("./file0") = 0 [pid 8488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8488] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8487] <... futex resumed>) = 0 [pid 8488] <... futex resumed>) = 1 [pid 8487] exit_group(0 [pid 8490] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8487] <... exit_group resumed>) = ? [pid 5065] newfstatat(AT_FDCWD, "./339/file0", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8488] +++ exited with 0 +++ [pid 8487] +++ exited with 0 +++ ./strace-static-x86_64: Process 8492 attached [pid 5066] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8487, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5062] umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8490] <... clone3 resumed> => {parent_tid=[8492]}, 88) = 8492 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8490] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8492] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8492] <... rseq resumed>) = 0 [pid 8490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... openat resumed>) = 3 [pid 8492] set_robust_list(0x7f67138b29a0, 24 [pid 8490] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(3, "", [pid 8492] <... set_robust_list resumed>) = 0 [pid 8490] <... futex resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./339/binderfs", [pid 5065] openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8492] rt_sigprocmask(SIG_SETMASK, [], [pid 8490] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5062] getdents64(3, [pid 8492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] unlink("./339/binderfs" [pid 5065] newfstatat(4, "", [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8492] memfd_create("syzkaller", 0 [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8492] <... memfd_create resumed>) = 3 [pid 5066] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] newfstatat(AT_FDCWD, "./336/binderfs", [pid 8492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8491] <... write resumed>) = 2097152 [pid 5065] getdents64(4, [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8492] <... mmap resumed>) = 0x7f670b400000 [pid 8491] munmap(0x7f670b400000, 138412032 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] unlink("./336/binderfs" [pid 8491] <... munmap resumed>) = 0 [pid 5066] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(4 [pid 5062] <... unlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5062] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8491] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] newfstatat(AT_FDCWD, "./339/file0", [pid 8491] <... openat resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8491] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rmdir("./339/file0" [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] getdents64(3, [pid 5062] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5062] getdents64(4, [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] close(3 [pid 8492] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8491] <... ioctl resumed>) = 0 [pid 5066] getdents64(4, [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8491] close(3 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 5062] getdents64(4, [pid 8491] <... close resumed>) = 0 [pid 5066] close(4 [pid 5065] rmdir("./339" [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8491] close(4 [pid 5066] <... close resumed>) = 0 [pid 5062] close(4 [pid 8491] <... close resumed>) = 0 [pid 5066] rmdir("./339/file0") = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8491] mkdir("./file0", 0777 [pid 5066] getdents64(3, [pid 8491] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./339" [pid 5065] mkdir("./340", 0777 [pid 5062] rmdir("./336/file0" [pid 5066] <... rmdir resumed>) = 0 [pid 8491] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] <... mkdir resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] mkdir("./340", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] getdents64(3, [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] close(3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./336") = 0 [pid 5062] mkdir("./337", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 287.724696][ T8491] loop2: detected capacity change from 0 to 4096 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8491] <... mount resumed>) = 0 [pid 8491] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8491] chdir("./file0" [pid 8492] <... write resumed>) = 2097152 [pid 8491] <... chdir resumed>) = 0 [pid 8491] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8492] munmap(0x7f670b400000, 138412032 [pid 8491] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8489] <... futex resumed>) = 0 [pid 8491] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8489] exit_group(0 [pid 8491] <... futex resumed>) = ? [pid 8489] <... exit_group resumed>) = ? [pid 8491] +++ exited with 0 +++ [pid 8492] <... munmap resumed>) = 0 [pid 8489] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8489, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./341/binderfs") = 0 [pid 5064] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... ioctl resumed>) = 0 [pid 8492] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5066] close(3 [pid 8492] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8493 attached [pid 8492] <... ioctl resumed>) = 0 [pid 8493] set_robust_list(0x5555569076a0, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8493 [pid 8493] <... set_robust_list resumed>) = 0 [pid 8493] chdir("./340") = 0 [pid 8493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8493] setpgid(0, 0) = 0 [pid 8493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8492] close(3 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8493] write(3, "1000", 4 [pid 8492] <... close resumed>) = 0 [pid 8493] <... write resumed>) = 4 [pid 8492] close(4 [pid 8493] close(3 [pid 5064] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8493] <... close resumed>) = 0 [pid 8492] <... close resumed>) = 0 [pid 5065] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8493] symlink("/dev/binderfs", "./binderfs" [pid 8492] mkdir("./file0", 0777 [pid 5065] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./341/file0", [pid 8493] <... symlink resumed>) = 0 [pid 8492] <... mkdir resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8493] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8493] <... futex resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8494 attached [pid 8493] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8492] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8494] set_robust_list(0x5555569076a0, 24 [pid 5064] <... openat resumed>) = 4 [pid 8493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8494] <... set_robust_list resumed>) = 0 [pid 8493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] newfstatat(4, "", [pid 8493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8494] chdir("./340" [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8494 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8493] <... mmap resumed>) = 0x7f6713892000 [pid 5064] getdents64(4, [pid 8493] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8493] <... mprotect resumed>) = 0 [pid 5064] getdents64(4, [pid 8494] <... chdir resumed>) = 0 [pid 8494] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8493] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8494] <... prctl resumed>) = 0 [pid 8494] setpgid(0, 0 [pid 5064] close(4 [pid 8494] <... setpgid resumed>) = 0 [pid 8493] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... close resumed>) = 0 [pid 5062] close(3 [pid 8493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] rmdir("./341/file0"./strace-static-x86_64: Process 8495 attached [pid 8494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8495] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [ 287.850793][ T8492] loop1: detected capacity change from 0 to 4096 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8495] <... rseq resumed>) = 0 [pid 8495] set_robust_list(0x7f67138b29a0, 24 [pid 8493] <... clone3 resumed> => {parent_tid=[8495]}, 88) = 8495 [pid 8495] <... set_robust_list resumed>) = 0 [pid 8493] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] getdents64(3, [pid 8495] rt_sigprocmask(SIG_SETMASK, [], [pid 8494] <... openat resumed>) = 3 [pid 8493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8493] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] close(3./strace-static-x86_64: Process 8496 attached [pid 8494] write(3, "1000", 4 [pid 8496] set_robust_list(0x5555569076a0, 24 [pid 8494] <... write resumed>) = 4 [pid 8493] <... futex resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8494] close(3 [pid 8493] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8496 [pid 8496] <... set_robust_list resumed>) = 0 [pid 8495] memfd_create("syzkaller", 0 [pid 8494] <... close resumed>) = 0 [pid 5064] rmdir("./341" [pid 8494] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... rmdir resumed>) = 0 [pid 8496] chdir("./337" [pid 8492] <... mount resumed>) = 0 [pid 8496] <... chdir resumed>) = 0 [pid 8494] <... symlink resumed>) = 0 [pid 8495] <... memfd_create resumed>) = 3 [pid 5064] mkdir("./342", 0777 [pid 8496] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8494] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8492] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... mkdir resumed>) = 0 [pid 8496] <... prctl resumed>) = 0 [pid 8495] <... mmap resumed>) = 0x7f670b400000 [pid 8496] setpgid(0, 0 [pid 8494] <... futex resumed>) = 0 [pid 8496] <... setpgid resumed>) = 0 [pid 8494] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8492] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8494] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8496] <... openat resumed>) = 3 [pid 8494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8496] write(3, "1000", 4 [pid 8494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8496] <... write resumed>) = 4 [pid 8494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8496] close(3) = 0 [pid 8494] <... mmap resumed>) = 0x7f6713892000 [pid 8492] chdir("./file0" [pid 8496] symlink("/dev/binderfs", "./binderfs" [pid 8492] <... chdir resumed>) = 0 [pid 8492] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8494] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8496] <... symlink resumed>) = 0 [pid 8492] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8494] <... mprotect resumed>) = 0 [pid 8492] <... futex resumed>) = 1 [pid 8496] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8492] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8496] <... futex resumed>) = 0 [pid 8496] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8494] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8496] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8490] <... futex resumed>) = 0 [pid 8490] exit_group(0 [pid 8496] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8494] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8492] <... futex resumed>) = ? [pid 8490] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 8497 attached [pid 8496] <... mmap resumed>) = 0x7f6713892000 [pid 8492] +++ exited with 0 +++ [pid 8497] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8496] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8494] <... clone3 resumed> => {parent_tid=[8497]}, 88) = 8497 [pid 8497] <... rseq resumed>) = 0 [pid 8494] rt_sigprocmask(SIG_SETMASK, [], [pid 8497] set_robust_list(0x7f67138b29a0, 24 [pid 8496] <... mprotect resumed>) = 0 [pid 8494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8497] <... set_robust_list resumed>) = 0 [pid 8496] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8494] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8490] +++ exited with 0 +++ [pid 8497] rt_sigprocmask(SIG_SETMASK, [], [pid 8496] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8495] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8494] <... futex resumed>) = 0 [pid 8497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8494] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8498 attached [pid 8497] memfd_create("syzkaller", 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8490, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 8498] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 8498] <... rseq resumed>) = 0 [pid 5063] <... restart_syscall resumed>) = 0 [pid 8496] <... clone3 resumed> => {parent_tid=[8498]}, 88) = 8498 [pid 8497] <... memfd_create resumed>) = 3 [pid 8496] rt_sigprocmask(SIG_SETMASK, [], [pid 8497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8497] <... mmap resumed>) = 0x7f670b400000 [pid 8496] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8498] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8496] <... futex resumed>) = 0 [pid 8498] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8496] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8498] memfd_create("syzkaller", 0 [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8498] <... memfd_create resumed>) = 3 [pid 5063] umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] unlink("./344/binderfs") = 0 [pid 8498] <... mmap resumed>) = 0x7f670b400000 [pid 5063] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5063] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8497] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] close(3 [pid 5063] newfstatat(AT_FDCWD, "./344/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8495] <... write resumed>) = 2097152 [pid 8495] munmap(0x7f670b400000, 138412032 [pid 5063] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8499 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./344/file0"./strace-static-x86_64: Process 8499 attached [pid 8495] <... munmap resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8499] set_robust_list(0x5555569076a0, 24 [pid 5063] close(3 [pid 8499] <... set_robust_list resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8499] chdir("./342" [pid 5063] rmdir("./344" [pid 8499] <... chdir resumed>) = 0 [pid 8499] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./345", 0777 [pid 8499] <... prctl resumed>) = 0 [pid 8499] setpgid(0, 0) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8495] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... openat resumed>) = 3 [pid 8499] <... openat resumed>) = 3 [pid 8495] <... openat resumed>) = 4 [pid 8499] write(3, "1000", 4 [pid 8498] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8495] ioctl(4, LOOP_SET_FD, 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8499] <... write resumed>) = 4 [pid 8499] close(3) = 0 [pid 8499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8499] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8499] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8499] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8500 attached => {parent_tid=[8500]}, 88) = 8500 [pid 8500] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8499] rt_sigprocmask(SIG_SETMASK, [], [pid 8500] <... rseq resumed>) = 0 [pid 8499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8500] set_robust_list(0x7f67138b29a0, 24 [pid 8499] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8500] <... set_robust_list resumed>) = 0 [pid 8499] <... futex resumed>) = 0 [pid 8500] rt_sigprocmask(SIG_SETMASK, [], [pid 8499] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8495] <... ioctl resumed>) = 0 [pid 8500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8500] memfd_create("syzkaller", 0 [pid 8495] close(3) = 0 [pid 8495] close(4) = 0 [pid 8495] mkdir("./file0", 0777 [pid 8500] <... memfd_create resumed>) = 3 [pid 8495] <... mkdir resumed>) = 0 [pid 8500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8495] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8497] <... write resumed>) = 2097152 [pid 8498] <... write resumed>) = 2097152 [ 288.091912][ T8495] loop4: detected capacity change from 0 to 4096 [pid 8497] munmap(0x7f670b400000, 138412032) = 0 [pid 8498] munmap(0x7f670b400000, 138412032 [pid 8500] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8497] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8498] <... munmap resumed>) = 0 [pid 8498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8497] <... openat resumed>) = 4 [pid 8495] <... mount resumed>) = 0 [pid 8498] ioctl(4, LOOP_SET_FD, 3 [pid 8497] ioctl(4, LOOP_SET_FD, 3 [pid 8495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8495] chdir("./file0") = 0 [pid 8495] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8495] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8498] <... ioctl resumed>) = 0 [pid 8495] <... futex resumed>) = 1 [pid 8493] <... futex resumed>) = 0 [pid 8495] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8493] exit_group(0 [pid 8498] close(3) = 0 [pid 8493] <... exit_group resumed>) = ? [pid 8495] <... futex resumed>) = ? [pid 8495] +++ exited with 0 +++ [pid 8493] +++ exited with 0 +++ [pid 8498] close(4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8493, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5063] <... ioctl resumed>) = 0 [pid 8498] <... close resumed>) = 0 [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8498] mkdir("./file0", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] close(3 [pid 5066] newfstatat(AT_FDCWD, "./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... close resumed>) = 0 [pid 5066] unlink("./340/binderfs" [pid 8498] <... mkdir resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8501 [pid 8497] <... ioctl resumed>) = 0 [pid 5066] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8497] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8497] <... close resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./340/file0", [pid 8497] close(4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8501 attached [pid 8497] <... close resumed>) = 0 [pid 5066] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8501] set_robust_list(0x5555569076a0, 24 [pid 8498] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8497] mkdir("./file0", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8501] <... set_robust_list resumed>) = 0 [pid 8497] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8501] chdir("./345" [pid 5066] <... openat resumed>) = 4 [ 288.179832][ T8498] loop0: detected capacity change from 0 to 4096 [ 288.180977][ T8497] loop3: detected capacity change from 0 to 4096 [pid 8501] <... chdir resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8501] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8497] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8501] <... prctl resumed>) = 0 [pid 5066] getdents64(4, [pid 8501] setpgid(0, 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8501] <... setpgid resumed>) = 0 [pid 5066] getdents64(4, [pid 8501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8501] <... openat resumed>) = 3 [pid 5066] close(4 [pid 8501] write(3, "1000", 4 [pid 5066] <... close resumed>) = 0 [pid 8501] <... write resumed>) = 4 [pid 8500] <... write resumed>) = 2097152 [pid 5066] rmdir("./340/file0" [pid 8501] close(3 [pid 5066] <... rmdir resumed>) = 0 [pid 8501] <... close resumed>) = 0 [pid 8501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8501] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] getdents64(3, [pid 8501] <... futex resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8501] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] close(3 [pid 8501] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... close resumed>) = 0 [pid 8501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] rmdir("./340" [pid 8501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8500] munmap(0x7f670b400000, 138412032 [pid 5066] <... rmdir resumed>) = 0 [pid 8501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8498] <... mount resumed>) = 0 [pid 8501] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] mkdir("./341", 0777) = 0 [pid 8501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8500] <... munmap resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 8502 attached [pid 8500] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8498] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8497] <... mount resumed>) = 0 [pid 8502] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5066] <... openat resumed>) = 3 [pid 8502] <... rseq resumed>) = 0 [pid 8501] <... clone3 resumed> => {parent_tid=[8502]}, 88) = 8502 [pid 8500] <... openat resumed>) = 4 [pid 8498] <... openat resumed>) = 3 [pid 8502] set_robust_list(0x7f67138b29a0, 24 [pid 8501] rt_sigprocmask(SIG_SETMASK, [], [pid 8497] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8502] <... set_robust_list resumed>) = 0 [pid 8501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8500] ioctl(4, LOOP_SET_FD, 3 [pid 8498] chdir("./file0" [pid 8497] <... openat resumed>) = 3 [pid 8502] rt_sigprocmask(SIG_SETMASK, [], [pid 8501] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8501] <... futex resumed>) = 0 [pid 8502] memfd_create("syzkaller", 0 [pid 8501] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8498] <... chdir resumed>) = 0 [pid 8498] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8497] chdir("./file0" [pid 8498] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8497] <... chdir resumed>) = 0 [pid 8502] <... memfd_create resumed>) = 3 [pid 8498] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8497] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8497] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8502] <... mmap resumed>) = 0x7f670b400000 [pid 8497] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8498] <... futex resumed>) = 1 [pid 8497] <... futex resumed>) = 1 [pid 8494] <... futex resumed>) = 0 [pid 8498] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8497] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8496] <... futex resumed>) = 0 [pid 8494] exit_group(0 [pid 8497] <... futex resumed>) = ? [pid 8496] exit_group(0 [pid 8494] <... exit_group resumed>) = ? [pid 8498] <... futex resumed>) = ? [pid 8497] +++ exited with 0 +++ [pid 8496] <... exit_group resumed>) = ? [pid 8494] +++ exited with 0 +++ [pid 8498] +++ exited with 0 +++ [pid 8496] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8494, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8496, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5065] umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8500] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8500] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5062] openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8500] <... close resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 8500] close(4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8500] <... close resumed>) = 0 [pid 5062] getdents64(3, [pid 8500] mkdir("./file0", 0777) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./337/binderfs" [pid 8500] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 288.296869][ T8500] loop2: detected capacity change from 0 to 4096 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(AT_FDCWD, "./337/file0", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] unlink("./340/binderfs" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 5065] <... unlink resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./337/file0" [pid 5065] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5062] getdents64(3, [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./337") = 0 [pid 5062] mkdir("./338", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 8503 attached [pid 8502] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8503 [pid 5065] <... umount2 resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8503] set_robust_list(0x5555569076a0, 24 [pid 8500] <... mount resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8500] chdir("./file0" [pid 5065] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8500] <... chdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8500] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5065] newfstatat(AT_FDCWD, "./340/file0", [pid 8500] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8503] <... set_robust_list resumed>) = 0 [pid 8500] <... futex resumed>) = 1 [pid 8499] <... futex resumed>) = 0 [pid 8503] chdir("./341" [pid 8500] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8499] exit_group(0 [pid 5065] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8503] <... chdir resumed>) = 0 [pid 8500] <... futex resumed>) = ? [pid 8499] <... exit_group resumed>) = ? [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 8503] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8500] +++ exited with 0 +++ [pid 8499] +++ exited with 0 +++ [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8503] <... prctl resumed>) = 0 [pid 8503] setpgid(0, 0 [pid 5065] getdents64(4, [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8499, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8503] <... setpgid resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(4 [pid 5064] openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./340/file0" [pid 8503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... openat resumed>) = 3 [pid 8503] <... openat resumed>) = 3 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] newfstatat(3, "", [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] close(3 [pid 5064] getdents64(3, [pid 8503] write(3, "1000", 4 [pid 5065] <... close resumed>) = 0 [pid 8503] <... write resumed>) = 4 [pid 5065] rmdir("./340" [pid 8503] close(3 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] mkdir("./341", 0777 [pid 5064] umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8503] <... close resumed>) = 0 [pid 8503] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8503] <... symlink resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] newfstatat(AT_FDCWD, "./342/binderfs", [pid 8503] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... openat resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8503] <... futex resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] unlink("./342/binderfs" [pid 8503] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8503] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8503] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... unlink resumed>) = 0 [pid 8503] <... mprotect resumed>) = 0 [pid 8503] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8503] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8504]}, 88) = 8504 [pid 8503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8503] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8503] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8504 attached [pid 8504] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8504] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8504] memfd_create("syzkaller", 0) = 3 [pid 8504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8504] <... mmap resumed>) = 0x7f670b400000 [pid 5064] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./342/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8502] <... write resumed>) = 2097152 [pid 5062] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8502] munmap(0x7f670b400000, 138412032 [pid 5062] <... close resumed>) = 0 [pid 8502] <... munmap resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8505 [pid 5064] getdents64(4, [pid 8502] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8505 attached [pid 8504] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8505] set_robust_list(0x5555569076a0, 24 [pid 8502] <... openat resumed>) = 4 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] getdents64(4, [pid 8505] <... set_robust_list resumed>) = 0 [pid 8505] chdir("./338" [pid 8502] ioctl(4, LOOP_SET_FD, 3 [pid 8505] <... chdir resumed>) = 0 [pid 8502] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8505] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] close(4 [pid 8505] <... prctl resumed>) = 0 [pid 8504] <... write resumed>) = 2097152 [pid 8502] close(3 [pid 5065] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8505] setpgid(0, 0 [pid 8504] munmap(0x7f670b400000, 138412032 [pid 8502] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] rmdir("./342/file0"./strace-static-x86_64: Process 8506 attached [pid 8505] <... setpgid resumed>) = 0 [pid 8502] close(4 [pid 5064] <... rmdir resumed>) = 0 [pid 8506] set_robust_list(0x5555569076a0, 24 [pid 8505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8504] <... munmap resumed>) = 0 [pid 8502] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 8506] <... set_robust_list resumed>) = 0 [ 288.548118][ T8502] loop1: detected capacity change from 0 to 4096 [pid 8505] <... openat resumed>) = 3 [pid 8504] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8502] mkdir("./file0", 0777 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8506 [pid 8506] chdir("./341" [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8506] <... chdir resumed>) = 0 [pid 8505] write(3, "1000", 4 [pid 8502] <... mkdir resumed>) = 0 [pid 5064] close(3 [pid 8506] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8502] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... close resumed>) = 0 [pid 8505] <... write resumed>) = 4 [pid 8506] <... prctl resumed>) = 0 [pid 8505] close(3 [pid 5064] rmdir("./342" [pid 8506] setpgid(0, 0 [pid 8505] <... close resumed>) = 0 [pid 8504] <... openat resumed>) = 4 [pid 8506] <... setpgid resumed>) = 0 [pid 8504] ioctl(4, LOOP_SET_FD, 3 [pid 8506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8505] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./343", 0777 [pid 8506] <... openat resumed>) = 3 [pid 5064] <... mkdir resumed>) = 0 [pid 8505] <... symlink resumed>) = 0 [pid 8506] write(3, "1000", 4 [pid 8504] <... ioctl resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8506] <... write resumed>) = 4 [pid 5064] <... openat resumed>) = 3 [pid 8506] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8506] <... close resumed>) = 0 [pid 8504] close(3 [pid 8506] symlink("/dev/binderfs", "./binderfs" [pid 8505] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8504] <... close resumed>) = 0 [pid 8506] <... symlink resumed>) = 0 [pid 8505] <... futex resumed>) = 0 [pid 8505] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8504] close(4 [pid 8506] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8505] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8504] <... close resumed>) = 0 [pid 8506] <... futex resumed>) = 0 [pid 8505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8504] mkdir("./file0", 0777 [pid 8502] <... mount resumed>) = 0 [pid 8506] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8504] <... mkdir resumed>) = 0 [pid 8502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8506] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8505] <... mmap resumed>) = 0x7f6713892000 [pid 8504] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8502] <... openat resumed>) = 3 [pid 8506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8505] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8502] chdir("./file0" [pid 8506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8505] <... mprotect resumed>) = 0 [pid 8502] <... chdir resumed>) = 0 [pid 8506] <... mmap resumed>) = 0x7f6713892000 [pid 8505] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8502] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8506] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8502] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8506] <... mprotect resumed>) = 0 [pid 8505] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8502] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8506] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8502] <... futex resumed>) = 1 [pid 8501] <... futex resumed>) = 0 [pid 8506] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8502] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8501] exit_group(0 [pid 8506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8502] <... futex resumed>) = ? [pid 8501] <... exit_group resumed>) = ? [ 288.604759][ T8504] loop4: detected capacity change from 0 to 4096 ./strace-static-x86_64: Process 8508 attached ./strace-static-x86_64: Process 8507 attached [pid 8502] +++ exited with 0 +++ [pid 8501] +++ exited with 0 +++ [pid 8508] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8507] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8501, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8508] set_robust_list(0x7f67138b29a0, 24 [pid 8507] <... rseq resumed>) = 0 [pid 8508] <... set_robust_list resumed>) = 0 [pid 8507] set_robust_list(0x7f67138b29a0, 24 [pid 8506] <... clone3 resumed> => {parent_tid=[8507]}, 88) = 8507 [pid 8508] rt_sigprocmask(SIG_SETMASK, [], [pid 8507] <... set_robust_list resumed>) = 0 [pid 8506] rt_sigprocmask(SIG_SETMASK, [], [pid 8508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8507] rt_sigprocmask(SIG_SETMASK, [], [pid 8506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8505] <... clone3 resumed> => {parent_tid=[8508]}, 88) = 8508 [pid 5063] umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8508] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8506] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8505] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8506] <... futex resumed>) = 0 [pid 8506] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8507] memfd_create("syzkaller", 0 [pid 5063] openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8505] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8505] <... futex resumed>) = 1 [pid 8508] <... futex resumed>) = 0 [pid 5063] getdents64(3, [pid 8505] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8508] memfd_create("syzkaller", 0 [pid 8507] <... memfd_create resumed>) = 3 [pid 5063] umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8508] <... memfd_create resumed>) = 3 [pid 8508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8507] <... mmap resumed>) = 0x7f670b400000 [pid 5063] newfstatat(AT_FDCWD, "./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./345/binderfs") = 0 [pid 5063] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8509 attached [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8509 [pid 8509] set_robust_list(0x5555569076a0, 24) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8509] chdir("./343" [pid 8508] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] newfstatat(AT_FDCWD, "./345/file0", [pid 8509] <... chdir resumed>) = 0 [pid 8509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8509] setpgid(0, 0) = 0 [pid 8509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8509] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8509] write(3, "1000", 4 [pid 5063] openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8509] <... write resumed>) = 4 [pid 8509] close(3 [pid 5063] <... openat resumed>) = 4 [pid 8509] <... close resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 8509] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8509] <... symlink resumed>) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 8509] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8509] <... futex resumed>) = 0 [pid 5063] close(4 [pid 8509] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./345/file0" [pid 8509] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8509] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8509] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] getdents64(3, [pid 8509] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8509] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] close(3 [pid 8509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8510 attached [pid 5063] <... close resumed>) = 0 [pid 8510] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8509] <... clone3 resumed> => {parent_tid=[8510]}, 88) = 8510 [pid 5063] rmdir("./345" [pid 8510] <... rseq resumed>) = 0 [pid 8510] set_robust_list(0x7f67138b29a0, 24 [pid 8509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8509] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... rmdir resumed>) = 0 [pid 8510] <... set_robust_list resumed>) = 0 [pid 8509] <... futex resumed>) = 0 [pid 5063] mkdir("./346", 0777 [pid 8510] rt_sigprocmask(SIG_SETMASK, [], [pid 8509] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8507] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8510] memfd_create("syzkaller", 0 [pid 8504] <... mount resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8504] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8504] chdir("./file0") = 0 [pid 8504] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8510] <... memfd_create resumed>) = 3 [pid 8504] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8504] <... futex resumed>) = 1 [pid 8503] <... futex resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8503] exit_group(0 [pid 8510] <... mmap resumed>) = 0x7f670b400000 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8503] <... exit_group resumed>) = ? [pid 8504] +++ exited with 0 +++ [pid 8503] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8503, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5066] umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./341/binderfs", [pid 8507] <... write resumed>) = 2097152 [pid 8510] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8508] <... write resumed>) = 2097152 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8508] munmap(0x7f670b400000, 138412032 [pid 8507] munmap(0x7f670b400000, 138412032 [pid 5066] unlink("./341/binderfs" [pid 8508] <... munmap resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8508] ioctl(4, LOOP_SET_FD, 3 [pid 8507] <... munmap resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8507] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8507] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 8511 attached [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8511 [pid 8511] set_robust_list(0x5555569076a0, 24 [pid 8508] <... ioctl resumed>) = 0 [pid 8511] <... set_robust_list resumed>) = 0 [pid 8511] chdir("./346" [pid 8508] close(3) = 0 [pid 8511] <... chdir resumed>) = 0 [pid 8510] <... write resumed>) = 2097152 [pid 8508] close(4 [pid 8507] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8511] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8510] munmap(0x7f670b400000, 138412032 [pid 8508] <... close resumed>) = 0 [pid 8507] close(3 [pid 5066] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8511] <... prctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8507] <... close resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./341/file0", [pid 8508] mkdir("./file0", 0777 [pid 8511] setpgid(0, 0 [pid 8507] close(4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8507] <... close resumed>) = 0 [pid 5066] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8511] <... setpgid resumed>) = 0 [pid 8507] mkdir("./file0", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8508] <... mkdir resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 8508] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8511] <... openat resumed>) = 3 [pid 8507] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 8511] write(3, "1000", 4 [pid 8510] <... munmap resumed>) = 0 [pid 8507] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8511] <... write resumed>) = 4 [pid 8511] close(3 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./341/file0" [pid 8511] <... close resumed>) = 0 [pid 8510] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8511] symlink("/dev/binderfs", "./binderfs" [pid 8510] <... openat resumed>) = 4 [ 288.857262][ T8508] loop0: detected capacity change from 0 to 4096 [ 288.874452][ T8507] loop3: detected capacity change from 0 to 4096 [pid 8510] ioctl(4, LOOP_SET_FD, 3 [pid 8508] <... mount resumed>) = 0 [pid 8508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8511] <... symlink resumed>) = 0 [pid 8510] <... ioctl resumed>) = 0 [pid 8508] chdir("./file0" [pid 5066] <... rmdir resumed>) = 0 [pid 8511] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8510] close(3 [pid 8508] <... chdir resumed>) = 0 [pid 5066] getdents64(3, [pid 8511] <... futex resumed>) = 0 [pid 8510] <... close resumed>) = 0 [pid 8508] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8511] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8510] close(4 [pid 8508] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] close(3 [pid 8511] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8510] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 8511] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8510] mkdir("./file0", 0777 [pid 8508] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8507] <... mount resumed>) = 0 [pid 5066] rmdir("./341" [pid 8511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8510] <... mkdir resumed>) = 0 [pid 8508] <... futex resumed>) = 1 [pid 8505] <... futex resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8510] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8508] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8507] <... openat resumed>) = 3 [pid 8505] exit_group(0 [pid 5066] mkdir("./342", 0777 [pid 8511] <... mmap resumed>) = 0x7f6713892000 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8505] <... exit_group resumed>) = ? [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8508] <... futex resumed>) = ? [pid 8511] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8508] +++ exited with 0 +++ [pid 8507] chdir("./file0") = 0 [pid 8507] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8511] <... mprotect resumed>) = 0 [pid 8507] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8511] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8507] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8506] <... futex resumed>) = 0 [pid 8506] exit_group(0) = ? [pid 8511] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8505] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8505, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- ./strace-static-x86_64: Process 8512 attached [ 288.916977][ T8510] loop2: detected capacity change from 0 to 4096 [pid 8512] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8511] <... clone3 resumed> => {parent_tid=[8512]}, 88) = 8512 [pid 8507] +++ exited with 0 +++ [pid 8506] +++ exited with 0 +++ [pid 8512] <... rseq resumed>) = 0 [pid 8511] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8512] set_robust_list(0x7f67138b29a0, 24 [pid 8511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8506, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8512] <... set_robust_list resumed>) = 0 [pid 8511] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8512] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8511] <... futex resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./338/binderfs", [pid 8512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8511] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8512] memfd_create("syzkaller", 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] unlink("./338/binderfs") = 0 [pid 5065] openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8512] <... memfd_create resumed>) = 3 [pid 5065] getdents64(3, [pid 8512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./338/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(AT_FDCWD, "./341/binderfs", [pid 5062] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] unlink("./341/binderfs" [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5062] close(4 [pid 5065] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./338/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./338") = 0 [pid 5062] mkdir("./339", 0777) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5066] <... ioctl resumed>) = 0 [pid 8510] <... mount resumed>) = 0 [pid 5065] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8510] chdir("./file0") = 0 [pid 8510] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8510] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8509] <... futex resumed>) = 0 [pid 8509] exit_group(0 [pid 5065] newfstatat(AT_FDCWD, "./341/file0", [pid 8509] <... exit_group resumed>) = ? [pid 5066] close(3) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8510] +++ exited with 0 +++ [pid 8509] +++ exited with 0 +++ [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8509, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- ./strace-static-x86_64: Process 8513 attached [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8513] set_robust_list(0x5555569076a0, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8513 [pid 5065] openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8513] <... set_robust_list resumed>) = 0 [pid 8513] chdir("./342" [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8513] <... chdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8513] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] getdents64(4, [pid 5064] openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... openat resumed>) = 3 [pid 8513] <... prctl resumed>) = 0 [pid 5065] getdents64(4, [pid 5064] newfstatat(3, "", [pid 8513] setpgid(0, 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8513] <... setpgid resumed>) = 0 [pid 5065] close(4 [pid 5064] getdents64(3, [pid 8513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 8513] <... openat resumed>) = 3 [pid 5065] rmdir("./341/file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./343/binderfs", [pid 8513] write(3, "1000", 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8513] <... write resumed>) = 4 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] unlink("./343/binderfs" [pid 5065] getdents64(3, [pid 8513] close(3 [pid 8512] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... unlink resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8513] <... close resumed>) = 0 [pid 5065] close(3 [pid 8513] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... close resumed>) = 0 [pid 8513] <... symlink resumed>) = 0 [pid 5065] rmdir("./341" [pid 5064] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8513] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 8513] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5065] mkdir("./342", 0777 [pid 8513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... mkdir resumed>) = 0 [pid 8513] <... mmap resumed>) = 0x7f6713892000 [pid 8513] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8513] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8513] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8514 attached => {parent_tid=[8514]}, 88) = 8514 [pid 8514] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8513] rt_sigprocmask(SIG_SETMASK, [], [pid 8514] <... rseq resumed>) = 0 [pid 8513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8513] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8514] set_robust_list(0x7f67138b29a0, 24 [pid 8513] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... umount2 resumed>) = 0 [pid 8514] <... set_robust_list resumed>) = 0 [pid 8514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8514] memfd_create("syzkaller", 0 [pid 5065] <... openat resumed>) = 3 [pid 5064] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8514] <... memfd_create resumed>) = 3 [pid 8514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./343/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] newfstatat(4, "", ./strace-static-x86_64: Process 8515 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8515] set_robust_list(0x5555569076a0, 24 [pid 5064] getdents64(4, [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8515 [pid 8515] <... set_robust_list resumed>) = 0 [pid 8515] chdir("./339" [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8515] <... chdir resumed>) = 0 [pid 5064] getdents64(4, [pid 8515] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8515] <... prctl resumed>) = 0 [pid 5064] close(4 [pid 8515] setpgid(0, 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./343/file0" [pid 8515] <... setpgid resumed>) = 0 [pid 8515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... rmdir resumed>) = 0 [pid 8515] <... openat resumed>) = 3 [pid 8515] write(3, "1000", 4) = 4 [pid 5064] getdents64(3, [pid 8515] close(3) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8515] symlink("/dev/binderfs", "./binderfs" [pid 5064] close(3 [pid 8515] <... symlink resumed>) = 0 [pid 8515] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 8515] <... futex resumed>) = 0 [pid 5064] rmdir("./343" [pid 8515] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8515] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] mkdir("./344", 0777 [pid 8515] <... mmap resumed>) = 0x7f6713892000 [pid 8514] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8512] <... write resumed>) = 2097152 [pid 8515] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8512] munmap(0x7f670b400000, 138412032 [pid 8515] <... mprotect resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 8515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8516 attached [pid 8515] <... clone3 resumed> => {parent_tid=[8516]}, 88) = 8516 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8516] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8515] rt_sigprocmask(SIG_SETMASK, [], [pid 8516] <... rseq resumed>) = 0 [pid 8515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8516] set_robust_list(0x7f67138b29a0, 24 [pid 8515] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8516] <... set_robust_list resumed>) = 0 [pid 8515] <... futex resumed>) = 0 [pid 8516] rt_sigprocmask(SIG_SETMASK, [], [pid 8515] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8516] memfd_create("syzkaller", 0 [pid 8512] <... munmap resumed>) = 0 [pid 8516] <... memfd_create resumed>) = 3 [pid 5065] close(3 [pid 8516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8512] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8512] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8517 ./strace-static-x86_64: Process 8517 attached [pid 8517] set_robust_list(0x5555569076a0, 24) = 0 [pid 8517] chdir("./342") = 0 [pid 8517] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8512] <... ioctl resumed>) = 0 [pid 8517] <... prctl resumed>) = 0 [pid 8517] setpgid(0, 0) = 0 [pid 8517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8517] write(3, "1000", 4) = 4 [pid 8517] close(3) = 0 [pid 8517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8517] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8517] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8517] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8517] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8514] <... write resumed>) = 2097152 [pid 8517] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8518 attached => {parent_tid=[8518]}, 88) = 8518 [pid 8518] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8517] rt_sigprocmask(SIG_SETMASK, [], [pid 8514] munmap(0x7f670b400000, 138412032 [pid 8518] <... rseq resumed>) = 0 [pid 8517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8514] <... munmap resumed>) = 0 [pid 8512] close(3 [pid 8518] set_robust_list(0x7f67138b29a0, 24 [pid 8517] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8518] <... set_robust_list resumed>) = 0 [pid 8517] <... futex resumed>) = 0 [pid 8518] rt_sigprocmask(SIG_SETMASK, [], [pid 8517] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8512] <... close resumed>) = 0 [pid 8518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8512] close(4 [pid 8518] memfd_create("syzkaller", 0 [pid 8512] <... close resumed>) = 0 [pid 8512] mkdir("./file0", 0777 [pid 8518] <... memfd_create resumed>) = 3 [pid 8512] <... mkdir resumed>) = 0 [pid 8518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [ 289.239071][ T8512] loop1: detected capacity change from 0 to 4096 [pid 8512] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8514] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8514] close(3) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 8514] close(4 [pid 5064] <... close resumed>) = 0 [pid 8514] <... close resumed>) = 0 [pid 8514] mkdir("./file0", 0777 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8514] <... mkdir resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8519 ./strace-static-x86_64: Process 8519 attached [pid 8519] set_robust_list(0x5555569076a0, 24 [pid 8514] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8519] <... set_robust_list resumed>) = 0 [pid 8519] chdir("./344") = 0 [pid 8519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8519] setpgid(0, 0) = 0 [pid 8519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8519] write(3, "1000", 4) = 4 [pid 8519] close(3) = 0 [pid 8519] symlink("/dev/binderfs", "./binderfs") = 0 [ 289.290026][ T8514] loop4: detected capacity change from 0 to 4096 [pid 8516] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8519] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8518] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8519] <... futex resumed>) = 0 [pid 8519] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8512] <... mount resumed>) = 0 [pid 8519] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8512] <... openat resumed>) = 3 [pid 8519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8512] chdir("./file0" [pid 8519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8512] <... chdir resumed>) = 0 [pid 8519] <... mmap resumed>) = 0x7f6713892000 [pid 8519] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8512] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8512] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8520 attached [pid 8519] <... clone3 resumed> => {parent_tid=[8520]}, 88) = 8520 [pid 8520] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8519] rt_sigprocmask(SIG_SETMASK, [], [pid 8520] <... rseq resumed>) = 0 [pid 8519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8512] <... futex resumed>) = 1 [pid 8520] set_robust_list(0x7f67138b29a0, 24 [pid 8519] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8520] <... set_robust_list resumed>) = 0 [pid 8519] <... futex resumed>) = 0 [pid 8512] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8520] rt_sigprocmask(SIG_SETMASK, [], [pid 8519] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8514] <... mount resumed>) = 0 [pid 8511] <... futex resumed>) = 0 [pid 8520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8511] exit_group(0 [pid 8520] memfd_create("syzkaller", 0 [pid 8514] <... openat resumed>) = 3 [pid 8520] <... memfd_create resumed>) = 3 [pid 8520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8514] chdir("./file0" [pid 8520] <... mmap resumed>) = 0x7f670b400000 [pid 8514] <... chdir resumed>) = 0 [pid 8512] <... futex resumed>) = ? [pid 8511] <... exit_group resumed>) = ? [pid 8512] +++ exited with 0 +++ [pid 8514] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8511] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8511, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5063] umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", [pid 8514] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8514] <... futex resumed>) = 1 [pid 8513] <... futex resumed>) = 0 [pid 5063] getdents64(3, [pid 8514] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8513] exit_group(0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8514] <... futex resumed>) = ? [pid 8513] <... exit_group resumed>) = ? [pid 5063] newfstatat(AT_FDCWD, "./346/binderfs", [pid 8516] <... write resumed>) = 2097152 [pid 8514] +++ exited with 0 +++ [pid 8513] +++ exited with 0 +++ [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8516] munmap(0x7f670b400000, 138412032 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8513, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5063] unlink("./346/binderfs") = 0 [pid 5066] umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8518] <... write resumed>) = 2097152 [pid 8516] <... munmap resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 5063] <... umount2 resumed>) = 0 [pid 8518] munmap(0x7f670b400000, 138412032) = 0 [pid 8516] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(3, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] newfstatat(AT_FDCWD, "./346/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8516] <... openat resumed>) = 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8516] ioctl(4, LOOP_SET_FD, 3 [pid 5063] openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 5066] umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8520] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8518] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8516] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] getdents64(4, [pid 8518] <... openat resumed>) = 4 [pid 8516] close(3 [pid 5066] newfstatat(AT_FDCWD, "./342/binderfs", [pid 8518] ioctl(4, LOOP_SET_FD, 3 [pid 8516] <... close resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] close(4 [pid 5066] unlink("./342/binderfs" [pid 8516] close(4) = 0 [pid 8516] mkdir("./file0", 0777) = 0 [pid 8516] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8518] <... ioctl resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5066] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] rmdir("./346/file0" [pid 8518] close(3) = 0 [pid 8518] close(4) = 0 [pid 8518] mkdir("./file0", 0777 [pid 5063] <... rmdir resumed>) = 0 [pid 8518] <... mkdir resumed>) = 0 [pid 5063] getdents64(3, [pid 8518] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./346") = 0 [pid 5063] mkdir("./347", 0777) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./342/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 289.461032][ T8516] loop0: detected capacity change from 0 to 4096 [ 289.472260][ T8518] loop3: detected capacity change from 0 to 4096 [pid 5066] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8520] <... write resumed>) = 2097152 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] <... openat resumed>) = 4 [pid 8520] munmap(0x7f670b400000, 138412032 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8520] <... munmap resumed>) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./342/file0") = 0 [pid 8516] <... mount resumed>) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] close(3 [pid 8516] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 8516] chdir("./file0" [pid 5066] rmdir("./342" [pid 8520] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8520] ioctl(4, LOOP_SET_FD, 3 [pid 8516] <... chdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5066] mkdir("./343", 0777 [pid 8520] <... ioctl resumed>) = 0 [pid 8516] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... mkdir resumed>) = 0 [pid 8520] close(3 [pid 8516] <... futex resumed>) = 1 [pid 8515] <... futex resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8520] <... close resumed>) = 0 [pid 8516] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8520] close(4 [pid 8515] exit_group(0 [pid 8516] <... futex resumed>) = ? [pid 8515] <... exit_group resumed>) = ? [pid 5066] <... openat resumed>) = 3 [pid 8520] <... close resumed>) = 0 [pid 8518] <... mount resumed>) = 0 [pid 8516] +++ exited with 0 +++ [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8520] mkdir("./file0", 0777) = 0 [pid 8518] <... openat resumed>) = 3 [pid 8518] chdir("./file0" [pid 8520] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8518] <... chdir resumed>) = 0 [pid 8518] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8518] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8517] <... futex resumed>) = 0 [pid 8517] exit_group(0) = ? [ 289.554963][ T8520] loop2: detected capacity change from 0 to 4096 [pid 8515] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8515, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8518] +++ exited with 0 +++ [pid 8517] +++ exited with 0 +++ [pid 5063] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8517, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5062] openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(3, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] getdents64(3, [pid 5065] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] newfstatat(3, "", [pid 5062] umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(3, [pid 5062] newfstatat(AT_FDCWD, "./339/binderfs", [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] close(3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] unlink("./339/binderfs" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./342/binderfs", [pid 5062] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] unlink("./342/binderfs") = 0 [pid 5065] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8521 attached [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8521 [pid 5062] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./339/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8521] set_robust_list(0x5555569076a0, 24) = 0 [pid 8521] chdir("./347") = 0 [pid 8521] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... umount2 resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8521] <... prctl resumed>) = 0 [pid 8521] setpgid(0, 0) = 0 [pid 8521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", [pid 8521] <... openat resumed>) = 3 [pid 8520] <... mount resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 8520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8520] <... openat resumed>) = 3 [pid 5062] getdents64(4, [pid 8521] write(3, "1000", 4 [pid 8520] chdir("./file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8521] <... write resumed>) = 4 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] close(4 [pid 8520] <... chdir resumed>) = 0 [pid 8520] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8521] close(3 [pid 8520] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] newfstatat(AT_FDCWD, "./342/file0", [pid 8521] <... close resumed>) = 0 [pid 8520] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./339/file0" [pid 8521] symlink("/dev/binderfs", "./binderfs" [pid 8520] <... futex resumed>) = 1 [pid 8519] <... futex resumed>) = 0 [pid 5065] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8521] <... symlink resumed>) = 0 [pid 8519] exit_group(0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... rmdir resumed>) = 0 [pid 8519] <... exit_group resumed>) = ? [pid 5065] openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8521] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8520] +++ exited with 0 +++ [pid 8519] +++ exited with 0 +++ [pid 5066] close(3 [pid 5065] <... openat resumed>) = 4 [pid 5062] getdents64(3, [pid 8521] <... futex resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8521] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] close(3 [pid 8521] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] getdents64(4, [pid 5062] <... close resumed>) = 0 [pid 8521] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] rmdir("./339" [pid 8521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] getdents64(4, [pid 8521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8521] <... mmap resumed>) = 0x7f6713892000 [pid 5065] close(4 [pid 8521] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... close resumed>) = 0 [pid 8521] <... mprotect resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] rmdir("./342/file0" [pid 5062] <... rmdir resumed>) = 0 [pid 8521] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... rmdir resumed>) = 0 [pid 5062] mkdir("./340", 0777 [pid 8521] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] getdents64(3, [pid 8521] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8522 attached [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8522] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8521] <... clone3 resumed> => {parent_tid=[8522]}, 88) = 8522 [pid 5065] close(3 [pid 5062] <... mkdir resumed>) = 0 [pid 8522] set_robust_list(0x7f67138b29a0, 24 [pid 8521] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... close resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8519, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8522] <... set_robust_list resumed>) = 0 [pid 8521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] rmdir("./342" [pid 8522] rt_sigprocmask(SIG_SETMASK, [], [pid 8521] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8521] <... futex resumed>) = 0 [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8521] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] mkdir("./343", 0777./strace-static-x86_64: Process 8523 attached [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8523 [pid 5065] <... mkdir resumed>) = 0 [pid 8523] set_robust_list(0x5555569076a0, 24 [pid 5064] umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8523] <... set_robust_list resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8523] chdir("./343" [pid 8522] memfd_create("syzkaller", 0 [pid 5065] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8523] <... chdir resumed>) = 0 [pid 8522] <... memfd_create resumed>) = 3 [pid 8523] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] <... openat resumed>) = 3 [pid 8523] <... prctl resumed>) = 0 [pid 8522] <... mmap resumed>) = 0x7f670b400000 [pid 5064] newfstatat(3, "", [pid 8523] setpgid(0, 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8523] <... setpgid resumed>) = 0 [pid 8523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8523] <... openat resumed>) = 3 [pid 5064] umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8523] write(3, "1000", 4 [pid 5064] newfstatat(AT_FDCWD, "./344/binderfs", [pid 8523] <... write resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8523] close(3 [pid 5064] unlink("./344/binderfs" [pid 8523] <... close resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8523] symlink("/dev/binderfs", "./binderfs" [pid 8522] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8523] <... symlink resumed>) = 0 [pid 8523] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = 0 [pid 8523] <... futex resumed>) = 0 [pid 8523] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8523] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8522] <... write resumed>) = 2097152 [pid 8523] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8522] munmap(0x7f670b400000, 138412032 [pid 8523] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8524]}, 88) = 8524 [pid 8523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8523] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8524 attached [pid 8523] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8522] <... munmap resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./344/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8524] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 8524] <... rseq resumed>) = 0 [pid 8524] set_robust_list(0x7f67138b29a0, 24 [pid 8522] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] rmdir("./344/file0" [pid 8524] <... set_robust_list resumed>) = 0 [pid 8522] <... openat resumed>) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./344" [pid 8524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8522] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... rmdir resumed>) = 0 [pid 8524] memfd_create("syzkaller", 0 [pid 8522] <... ioctl resumed>) = 0 [pid 8524] <... memfd_create resumed>) = 3 [pid 8524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] mkdir("./345", 0777 [pid 8524] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... mkdir resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] close(3 [pid 8522] close(3 [pid 5065] <... ioctl resumed>) = 0 [pid 8522] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8522] close(4 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8522] <... close resumed>) = 0 [pid 8522] mkdir("./file0", 0777) = 0 ./strace-static-x86_64: Process 8525 attached [pid 5065] close(3 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8525 [pid 8522] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5065] <... close resumed>) = 0 [pid 8525] set_robust_list(0x5555569076a0, 24 [pid 8524] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8525] <... set_robust_list resumed>) = 0 [ 289.800340][ T8522] loop1: detected capacity change from 0 to 4096 [pid 8525] chdir("./340" [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8526 ./strace-static-x86_64: Process 8526 attached [pid 8525] <... chdir resumed>) = 0 [pid 8526] set_robust_list(0x5555569076a0, 24) = 0 [pid 8525] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8526] chdir("./343" [pid 8525] <... prctl resumed>) = 0 [pid 8526] <... chdir resumed>) = 0 [pid 8525] setpgid(0, 0 [pid 8526] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8525] <... setpgid resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 8522] <... mount resumed>) = 0 [pid 8522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8526] <... prctl resumed>) = 0 [pid 8525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8522] <... openat resumed>) = 3 [pid 8522] chdir("./file0" [pid 8525] <... openat resumed>) = 3 [pid 8522] <... chdir resumed>) = 0 [pid 8526] setpgid(0, 0) = 0 [pid 8525] write(3, "1000", 4 [pid 8522] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8522] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8522] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8525] <... write resumed>) = 4 [pid 8521] <... futex resumed>) = 0 [pid 8525] close(3 [pid 5064] close(3 [pid 8526] <... openat resumed>) = 3 [pid 8525] <... close resumed>) = 0 [pid 8521] exit_group(0 [pid 5064] <... close resumed>) = 0 [pid 8526] write(3, "1000", 4 [pid 8525] symlink("/dev/binderfs", "./binderfs" [pid 8522] <... futex resumed>) = ? [pid 8521] <... exit_group resumed>) = ? [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8522] +++ exited with 0 +++ [pid 8525] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 8527 attached [pid 8526] <... write resumed>) = 4 [pid 8525] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8524] <... write resumed>) = 2097152 [pid 8521] +++ exited with 0 +++ [pid 8526] close(3 [pid 8525] <... futex resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8521, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8527] set_robust_list(0x5555569076a0, 24 [pid 8526] <... close resumed>) = 0 [pid 8525] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8524] munmap(0x7f670b400000, 138412032 [pid 8526] symlink("/dev/binderfs", "./binderfs" [pid 8525] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8527] <... set_robust_list resumed>) = 0 [pid 8525] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8527 [pid 8527] chdir("./345" [pid 8525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8527] <... chdir resumed>) = 0 [pid 8525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8527] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8527] <... prctl resumed>) = 0 [pid 8525] <... mmap resumed>) = 0x7f6713892000 [pid 8527] setpgid(0, 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8527] <... setpgid resumed>) = 0 [pid 8526] <... symlink resumed>) = 0 [pid 8525] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8525] <... mprotect resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8527] <... openat resumed>) = 3 [pid 8525] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8527] write(3, "1000", 4 [pid 8525] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] newfstatat(3, "", [pid 8527] <... write resumed>) = 4 [pid 8526] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8528 attached [pid 8527] close(3 [pid 8526] <... futex resumed>) = 0 [pid 5063] getdents64(3, [pid 8528] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8527] <... close resumed>) = 0 [pid 8525] <... clone3 resumed> => {parent_tid=[8528]}, 88) = 8528 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8527] symlink("/dev/binderfs", "./binderfs" [pid 8526] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8528] <... rseq resumed>) = 0 [pid 8527] <... symlink resumed>) = 0 [pid 8526] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8525] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8528] set_robust_list(0x7f67138b29a0, 24 [pid 8527] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8526] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] newfstatat(AT_FDCWD, "./347/binderfs", [pid 8528] <... set_robust_list resumed>) = 0 [pid 8527] <... futex resumed>) = 0 [pid 8526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8525] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8528] rt_sigprocmask(SIG_SETMASK, [], [pid 8527] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8525] <... futex resumed>) = 0 [pid 5063] unlink("./347/binderfs" [pid 8528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8527] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8525] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... unlink resumed>) = 0 [pid 8527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8526] <... mmap resumed>) = 0x7f6713892000 [pid 5063] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8524] <... munmap resumed>) = 0 [pid 8527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8528] memfd_create("syzkaller", 0 [pid 8527] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8526] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8527] <... mprotect resumed>) = 0 [pid 8526] <... mprotect resumed>) = 0 [pid 8524] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... umount2 resumed>) = 0 [pid 8528] <... memfd_create resumed>) = 3 [pid 8527] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8526] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8527] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8524] <... openat resumed>) = 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8528] <... mmap resumed>) = 0x7f670b400000 [pid 8527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8526] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8524] ioctl(4, LOOP_SET_FD, 3 [pid 5063] newfstatat(AT_FDCWD, "./347/file0", ./strace-static-x86_64: Process 8529 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8529] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8529] <... rseq resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8529] set_robust_list(0x7f67138b29a0, 24 [pid 8527] <... clone3 resumed> => {parent_tid=[8529]}, 88) = 8529 [pid 5063] openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8529] <... set_robust_list resumed>) = 0 [pid 8527] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... openat resumed>) = 4 [pid 8529] rt_sigprocmask(SIG_SETMASK, [], [pid 8527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8527] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] newfstatat(4, "", [pid 8527] <... futex resumed>) = 0 [pid 8527] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8529] memfd_create("syzkaller", 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./347/file0" [pid 8529] <... memfd_create resumed>) = 3 [pid 5063] <... rmdir resumed>) = 0 [pid 8529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8526] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8524] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 8530 attached [pid 5063] getdents64(3, [pid 8530] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8526] <... clone3 resumed> => {parent_tid=[8530]}, 88) = 8530 [pid 8530] <... rseq resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8530] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8530] rt_sigprocmask(SIG_SETMASK, [], [pid 8526] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] close(3 [pid 8530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... close resumed>) = 0 [pid 8530] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] rmdir("./347") = 0 [pid 8526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8524] close(3 [pid 8526] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8524] <... close resumed>) = 0 [pid 5063] mkdir("./348", 0777 [pid 8530] <... futex resumed>) = 0 [pid 8526] <... futex resumed>) = 1 [pid 8524] close(4 [pid 5063] <... mkdir resumed>) = 0 [pid 8530] memfd_create("syzkaller", 0 [pid 8526] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8524] <... close resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8524] mkdir("./file0", 0777 [pid 8530] <... memfd_create resumed>) = 3 [pid 8530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8524] <... mkdir resumed>) = 0 [pid 8524] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD) = 0 [pid 5063] close(3) = 0 [ 289.959386][ T8524] loop4: detected capacity change from 0 to 4096 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8531 attached [pid 8528] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8531] set_robust_list(0x5555569076a0, 24) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8531 [pid 8531] chdir("./348") = 0 [pid 8531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8531] setpgid(0, 0) = 0 [pid 8531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8531] write(3, "1000", 4) = 4 [pid 8531] close(3) = 0 [pid 8531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8531] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8531] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8531] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8529] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8531] <... mmap resumed>) = 0x7f6713892000 [pid 8531] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8524] <... mount resumed>) = 0 [pid 8531] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8530] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 8532 attached [pid 8528] <... write resumed>) = 2097152 [pid 8524] <... openat resumed>) = 3 [pid 8532] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8531] <... clone3 resumed> => {parent_tid=[8532]}, 88) = 8532 [pid 8532] <... rseq resumed>) = 0 [pid 8531] rt_sigprocmask(SIG_SETMASK, [], [pid 8528] munmap(0x7f670b400000, 138412032 [pid 8524] chdir("./file0" [pid 8532] set_robust_list(0x7f67138b29a0, 24 [pid 8531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8532] <... set_robust_list resumed>) = 0 [pid 8531] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8524] <... chdir resumed>) = 0 [pid 8532] rt_sigprocmask(SIG_SETMASK, [], [pid 8531] <... futex resumed>) = 0 [pid 8532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8524] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8531] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8532] memfd_create("syzkaller", 0 [pid 8524] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8524] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8532] <... memfd_create resumed>) = 3 [pid 8528] <... munmap resumed>) = 0 [pid 8532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8524] <... futex resumed>) = 1 [pid 8523] <... futex resumed>) = 0 [pid 8532] <... mmap resumed>) = 0x7f670b400000 [pid 8524] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8523] exit_group(0 [pid 8528] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8523] <... exit_group resumed>) = ? [pid 8528] <... openat resumed>) = 4 [pid 8524] <... futex resumed>) = ? [pid 8528] ioctl(4, LOOP_SET_FD, 3 [pid 8524] +++ exited with 0 +++ [pid 8523] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8523, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8530] <... write resumed>) = 2097152 [pid 8529] <... write resumed>) = 2097152 [pid 8528] <... ioctl resumed>) = 0 [pid 8530] munmap(0x7f670b400000, 138412032 [pid 8528] close(3 [pid 5066] openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8530] <... munmap resumed>) = 0 [pid 8529] munmap(0x7f670b400000, 138412032 [pid 8528] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 8528] close(4) = 0 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8528] mkdir("./file0", 0777 [pid 5066] umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8528] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8528] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] newfstatat(AT_FDCWD, "./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8530] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] unlink("./343/binderfs" [pid 8530] <... openat resumed>) = 4 [pid 8529] <... munmap resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 8530] ioctl(4, LOOP_SET_FD, 3 [ 290.142095][ T8528] loop0: detected capacity change from 0 to 4096 [pid 5066] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8529] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... umount2 resumed>) = 0 [pid 8532] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8529] <... openat resumed>) = 4 [pid 8529] ioctl(4, LOOP_SET_FD, 3 [pid 5066] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./343/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 8528] <... mount resumed>) = 0 [pid 5066] rmdir("./343/file0") = 0 [pid 8528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] getdents64(3, [pid 8530] <... ioctl resumed>) = 0 [pid 8528] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8530] close(3 [pid 8528] chdir("./file0" [pid 5066] close(3 [pid 8530] <... close resumed>) = 0 [pid 8528] <... chdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 8530] close(4 [pid 8529] <... ioctl resumed>) = 0 [pid 5066] rmdir("./343" [pid 8530] <... close resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8530] mkdir("./file0", 0777 [pid 8529] close(3 [pid 5066] mkdir("./344", 0777 [pid 8530] <... mkdir resumed>) = 0 [pid 8529] <... close resumed>) = 0 [pid 8528] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... mkdir resumed>) = 0 [pid 8528] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8528] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8529] close(4 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8529] <... close resumed>) = 0 [pid 8529] mkdir("./file0", 0777) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8530] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8529] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8528] <... futex resumed>) = 1 [pid 8525] <... futex resumed>) = 0 [ 290.194629][ T8530] loop3: detected capacity change from 0 to 4096 [ 290.207535][ T8529] loop2: detected capacity change from 0 to 4096 [pid 8528] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8525] exit_group(0 [pid 8528] <... futex resumed>) = ? [pid 8525] <... exit_group resumed>) = ? [pid 8528] +++ exited with 0 +++ [pid 8525] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8525, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5062] umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./340/binderfs") = 0 [pid 5062] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5062] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./340/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8532] <... write resumed>) = 2097152 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./340/file0" [pid 8532] munmap(0x7f670b400000, 138412032 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 8532] <... munmap resumed>) = 0 [pid 5062] rmdir("./340" [pid 8530] <... mount resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./341", 0777 [pid 8532] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... mkdir resumed>) = 0 [pid 8532] <... openat resumed>) = 4 [pid 8530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8529] <... mount resumed>) = 0 [pid 8532] ioctl(4, LOOP_SET_FD, 3 [pid 8530] <... openat resumed>) = 3 [pid 8530] chdir("./file0" [pid 8529] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8529] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 8530] <... chdir resumed>) = 0 [pid 8529] chdir("./file0" [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8529] <... chdir resumed>) = 0 [pid 8530] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8529] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8530] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8530] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8529] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] <... futex resumed>) = 1 [pid 8529] <... futex resumed>) = 1 [pid 8526] <... futex resumed>) = 0 [pid 8530] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8529] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8526] exit_group(0 [pid 8530] <... futex resumed>) = ? [pid 8527] <... futex resumed>) = 0 [pid 8526] <... exit_group resumed>) = ? [pid 8530] +++ exited with 0 +++ [pid 8527] exit_group(0 [pid 8526] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8526, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5065] umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8532] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8532] close(3 [pid 8529] <... futex resumed>) = ? [pid 8527] <... exit_group resumed>) = ? [pid 5065] openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 8529] +++ exited with 0 +++ [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8532] <... close resumed>) = 0 [pid 5065] unlink("./343/binderfs" [pid 8532] close(4 [pid 5065] <... unlink resumed>) = 0 [pid 8532] <... close resumed>) = 0 [pid 8527] +++ exited with 0 +++ [pid 8532] mkdir("./file0", 0777 [pid 5065] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8532] <... mkdir resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8527, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5065] <... umount2 resumed>) = 0 [pid 5064] umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8532] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] <... ioctl resumed>) = 0 [pid 5065] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./343/file0", [pid 5066] close(3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5062] close(3 [pid 5065] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(3, "", [pid 5062] <... close resumed>) = 0 [ 290.331990][ T8532] loop1: detected capacity change from 0 to 4096 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", ./strace-static-x86_64: Process 8534 attached ./strace-static-x86_64: Process 8533 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 8534] set_robust_list(0x5555569076a0, 24 [pid 8533] set_robust_list(0x5555569076a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8534 [pid 8534] <... set_robust_list resumed>) = 0 [pid 8534] chdir("./341" [pid 8533] <... set_robust_list resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8533 [pid 5065] getdents64(4, [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./343/file0" [pid 8534] <... chdir resumed>) = 0 [pid 8534] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8533] chdir("./344" [pid 5065] <... rmdir resumed>) = 0 [pid 8534] <... prctl resumed>) = 0 [pid 5064] umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8534] setpgid(0, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8534] <... setpgid resumed>) = 0 [pid 8534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8533] <... chdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] newfstatat(AT_FDCWD, "./345/binderfs", [pid 8534] <... openat resumed>) = 3 [pid 8533] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8533] <... prctl resumed>) = 0 [pid 5064] unlink("./345/binderfs" [pid 8534] write(3, "1000", 4 [pid 8533] setpgid(0, 0 [pid 8534] <... write resumed>) = 4 [pid 8533] <... setpgid resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8534] close(3) = 0 [pid 8533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] close(3 [pid 8534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8533] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5064] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./343" [pid 8534] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8533] write(3, "1000", 4 [pid 5065] <... rmdir resumed>) = 0 [pid 8533] <... write resumed>) = 4 [pid 8534] <... futex resumed>) = 0 [pid 8533] close(3) = 0 [pid 5065] mkdir("./344", 0777 [pid 8534] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] <... mkdir resumed>) = 0 [pid 8534] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8533] symlink("/dev/binderfs", "./binderfs" [pid 8534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8533] <... symlink resumed>) = 0 [pid 8534] <... mmap resumed>) = 0x7f6713892000 [pid 8533] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8534] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8533] <... futex resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8534] <... mprotect resumed>) = 0 [pid 8533] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] newfstatat(AT_FDCWD, "./345/file0", [pid 8533] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8533] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8534] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8532] <... mount resumed>) = 0 [pid 5064] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8533] <... mmap resumed>) = 0x7f6713892000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8532] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8532] chdir("./file0" [pid 8534] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8533] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... openat resumed>) = 4 [pid 8534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8533] <... mprotect resumed>) = 0 [pid 8532] <... chdir resumed>) = 0 [pid 8532] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8532] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8531] <... futex resumed>) = 0 [pid 8533] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8534] <... clone3 resumed> => {parent_tid=[8535]}, 88) = 8535 [pid 8534] rt_sigprocmask(SIG_SETMASK, [], [pid 8533] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] newfstatat(4, "", [pid 8534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8534] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8534] <... futex resumed>) = 0 [pid 8534] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8532] <... futex resumed>) = 1 [pid 8531] exit_group(0) = ? [pid 5064] getdents64(4, ./strace-static-x86_64: Process 8536 attached ./strace-static-x86_64: Process 8535 attached [pid 8532] +++ exited with 0 +++ [pid 8531] +++ exited with 0 +++ [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8536] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8535] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8533] <... clone3 resumed> => {parent_tid=[8536]}, 88) = 8536 [pid 5064] getdents64(4, [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8531, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 8536] <... rseq resumed>) = 0 [pid 8535] <... rseq resumed>) = 0 [pid 8533] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8536] set_robust_list(0x7f67138b29a0, 24 [pid 8535] set_robust_list(0x7f67138b29a0, 24 [pid 8533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] close(4 [pid 8536] <... set_robust_list resumed>) = 0 [pid 8535] <... set_robust_list resumed>) = 0 [pid 8533] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 8536] rt_sigprocmask(SIG_SETMASK, [], [pid 8535] rt_sigprocmask(SIG_SETMASK, [], [pid 8533] <... futex resumed>) = 0 [pid 5064] rmdir("./345/file0" [pid 8536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8533] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8536] memfd_create("syzkaller", 0 [pid 8535] memfd_create("syzkaller", 0 [pid 5063] umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8536] <... memfd_create resumed>) = 3 [pid 5063] openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8535] <... memfd_create resumed>) = 3 [pid 5063] <... openat resumed>) = 3 [pid 8536] <... mmap resumed>) = 0x7f670b400000 [pid 8535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] close(3 [pid 5063] newfstatat(3, "", [pid 8535] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] rmdir("./345" [pid 5063] getdents64(3, [pid 5064] <... rmdir resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] mkdir("./346", 0777 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5063] unlink("./348/binderfs") = 0 [pid 5063] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] <... umount2 resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... ioctl resumed>) = 0 [pid 8536] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8535] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] close(3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./348/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8537 attached [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8537 [pid 8537] set_robust_list(0x5555569076a0, 24) = 0 [pid 5063] openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8537] chdir("./344" [pid 5063] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", [pid 8537] <... chdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] getdents64(4, [pid 8537] setpgid(0, 0 [pid 8535] <... write resumed>) = 2097152 [pid 8535] munmap(0x7f670b400000, 138412032 [pid 8537] <... setpgid resumed>) = 0 [pid 8536] <... write resumed>) = 2097152 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8535] <... munmap resumed>) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./348/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 8537] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 8537] write(3, "1000", 4 [pid 5063] rmdir("./348" [pid 8537] <... write resumed>) = 4 [pid 5063] <... rmdir resumed>) = 0 [pid 8537] close(3 [pid 5063] mkdir("./349", 0777 [pid 8537] <... close resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8537] symlink("/dev/binderfs", "./binderfs" [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8537] <... symlink resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8537] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8537] <... futex resumed>) = 0 [pid 8537] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8536] munmap(0x7f670b400000, 138412032 [pid 8535] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8535] <... openat resumed>) = 4 [pid 8537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8535] ioctl(4, LOOP_SET_FD, 3 [pid 8537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8536] <... munmap resumed>) = 0 [pid 5064] close(3 [pid 8536] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... close resumed>) = 0 [pid 8536] <... openat resumed>) = 4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8537] <... mmap resumed>) = 0x7f6713892000 [pid 8536] ioctl(4, LOOP_SET_FD, 3 [pid 8535] <... ioctl resumed>) = 0 [pid 8537] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8536] <... ioctl resumed>) = 0 [pid 8535] close(3 [pid 8537] <... mprotect resumed>) = 0 [pid 8535] <... close resumed>) = 0 [pid 8537] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8535] close(4./strace-static-x86_64: Process 8538 attached [pid 8537] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8535] <... close resumed>) = 0 [pid 8538] set_robust_list(0x5555569076a0, 24 [pid 8535] mkdir("./file0", 0777 [pid 8538] <... set_robust_list resumed>) = 0 [pid 8537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8538 ./strace-static-x86_64: Process 8539 attached [pid 8538] chdir("./346" [pid 8539] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8538] <... chdir resumed>) = 0 [pid 8537] <... clone3 resumed> => {parent_tid=[8539]}, 88) = 8539 [pid 8539] <... rseq resumed>) = 0 [pid 8538] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8537] rt_sigprocmask(SIG_SETMASK, [], [pid 8539] set_robust_list(0x7f67138b29a0, 24 [pid 8538] <... prctl resumed>) = 0 [pid 8537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8538] setpgid(0, 0) = 0 [pid 8537] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8536] close(3 [pid 8539] <... set_robust_list resumed>) = 0 [pid 8538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8537] <... futex resumed>) = 0 [pid 8535] <... mkdir resumed>) = 0 [pid 8537] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8538] <... openat resumed>) = 3 [pid 8535] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8538] write(3, "1000", 4 [pid 8536] <... close resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8536] close(4) = 0 [pid 8536] mkdir("./file0", 0777 [pid 8538] <... write resumed>) = 4 [pid 8538] close(3) = 0 [pid 8538] symlink("/dev/binderfs", "./binderfs" [pid 8539] memfd_create("syzkaller", 0 [pid 8538] <... symlink resumed>) = 0 [pid 8536] <... mkdir resumed>) = 0 [pid 5063] close(3 [pid 8536] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8539] <... memfd_create resumed>) = 3 [ 290.611320][ T8535] loop0: detected capacity change from 0 to 4096 [ 290.620054][ T8536] loop4: detected capacity change from 0 to 4096 [pid 8538] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... close resumed>) = 0 [pid 8539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8538] <... futex resumed>) = 0 [pid 8539] <... mmap resumed>) = 0x7f670b400000 [pid 8538] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8538] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8538] <... mmap resumed>) = 0x7f6713892000 [pid 8538] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8541 ./strace-static-x86_64: Process 8540 attached ./strace-static-x86_64: Process 8541 attached [pid 8538] <... clone3 resumed> => {parent_tid=[8540]}, 88) = 8540 [pid 8541] set_robust_list(0x5555569076a0, 24 [pid 8538] rt_sigprocmask(SIG_SETMASK, [], [pid 8541] <... set_robust_list resumed>) = 0 [pid 8540] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8541] chdir("./349" [pid 8540] <... rseq resumed>) = 0 [pid 8540] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8541] <... chdir resumed>) = 0 [pid 8540] rt_sigprocmask(SIG_SETMASK, [], [pid 8538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8541] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8538] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8541] <... prctl resumed>) = 0 [pid 8540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8538] <... futex resumed>) = 0 [pid 8541] setpgid(0, 0 [pid 8540] memfd_create("syzkaller", 0 [pid 8538] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8541] <... setpgid resumed>) = 0 [pid 8541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8540] <... memfd_create resumed>) = 3 [pid 8540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8541] <... openat resumed>) = 3 [pid 8540] <... mmap resumed>) = 0x7f670b400000 [pid 8541] write(3, "1000", 4 [pid 8535] <... mount resumed>) = 0 [pid 8535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8535] chdir("./file0") = 0 [pid 8541] <... write resumed>) = 4 [pid 8535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8541] close(3 [pid 8535] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8541] <... close resumed>) = 0 [pid 8535] <... futex resumed>) = 1 [pid 8534] <... futex resumed>) = 0 [pid 8534] exit_group(0) = ? [pid 8541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8535] +++ exited with 0 +++ [pid 8534] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8534, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 8541] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8541] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8541] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8536] <... mount resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] newfstatat(3, "", [pid 8541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8536] <... openat resumed>) = 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8541] <... mmap resumed>) = 0x7f6713892000 [pid 8539] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8536] chdir("./file0" [pid 5062] getdents64(3, [pid 8541] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8536] <... chdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8536] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8541] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8536] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8536] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8541] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] newfstatat(AT_FDCWD, "./341/binderfs", [pid 8541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8536] <... futex resumed>) = 1 [pid 8533] <... futex resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8542 attached [pid 8536] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8533] exit_group(0 [pid 8542] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8541] <... clone3 resumed> => {parent_tid=[8542]}, 88) = 8542 [pid 8542] set_robust_list(0x7f67138b29a0, 24 [pid 8541] rt_sigprocmask(SIG_SETMASK, [], [pid 8542] <... set_robust_list resumed>) = 0 [pid 8541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8541] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8542] rt_sigprocmask(SIG_SETMASK, [], [pid 8541] <... futex resumed>) = 0 [pid 8542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8541] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8536] <... futex resumed>) = ? [pid 8533] <... exit_group resumed>) = ? [pid 5062] unlink("./341/binderfs" [pid 8542] memfd_create("syzkaller", 0 [pid 8536] +++ exited with 0 +++ [pid 8533] +++ exited with 0 +++ [pid 5062] <... unlink resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8533, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5062] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8542] <... memfd_create resumed>) = 3 [pid 8540] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8539] <... write resumed>) = 2097152 [pid 5062] <... umount2 resumed>) = 0 [pid 8542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8539] munmap(0x7f670b400000, 138412032) = 0 [pid 5062] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8542] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(AT_FDCWD, "./341/file0", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... openat resumed>) = 3 [pid 8539] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", [pid 5066] newfstatat(3, "", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 8539] <... openat resumed>) = 4 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, [pid 8539] ioctl(4, LOOP_SET_FD, 3 [pid 5066] getdents64(3, [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... close resumed>) = 0 [pid 8539] <... ioctl resumed>) = 0 [pid 5062] rmdir("./341/file0" [pid 5066] umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... rmdir resumed>) = 0 [pid 8540] <... write resumed>) = 2097152 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] getdents64(3, [pid 8540] munmap(0x7f670b400000, 138412032 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8542] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8539] close(3 [pid 5066] newfstatat(AT_FDCWD, "./344/binderfs", [pid 8540] <... munmap resumed>) = 0 [pid 8539] <... close resumed>) = 0 [pid 5062] close(3 [pid 8539] close(4) = 0 [pid 8539] mkdir("./file0", 0777) = 0 [pid 8539] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./341" [pid 8540] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] unlink("./344/binderfs" [pid 5062] <... rmdir resumed>) = 0 [pid 8540] <... openat resumed>) = 4 [pid 8540] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... unlink resumed>) = 0 [pid 5062] mkdir("./342", 0777) = 0 [ 290.819621][ T8539] loop3: detected capacity change from 0 to 4096 [pid 5066] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 8539] <... mount resumed>) = 0 [pid 8542] <... write resumed>) = 2097152 [pid 5066] <... umount2 resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8542] munmap(0x7f670b400000, 138412032 [pid 8540] <... ioctl resumed>) = 0 [pid 8539] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8540] close(3 [pid 8539] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./344/file0", [pid 8540] <... close resumed>) = 0 [pid 8539] chdir("./file0" [pid 8540] close(4 [pid 8539] <... chdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8540] <... close resumed>) = 0 [pid 5066] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8540] mkdir("./file0", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8540] <... mkdir resumed>) = 0 [pid 8539] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8539] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... openat resumed>) = 4 [pid 8539] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(4, "", [pid 8540] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8539] <... futex resumed>) = 1 [pid 8537] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8542] <... munmap resumed>) = 0 [pid 8539] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8537] exit_group(0 [pid 5066] getdents64(4, [pid 8539] <... futex resumed>) = ? [pid 8537] <... exit_group resumed>) = ? [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./344/file0") = 0 [pid 8539] +++ exited with 0 +++ [pid 8537] +++ exited with 0 +++ [pid 5066] getdents64(3, [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8537, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 8542] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] close(3 [pid 5065] <... restart_syscall resumed>) = 0 [pid 8542] <... openat resumed>) = 4 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./344") = 0 [pid 5066] mkdir("./345", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [ 290.887927][ T8540] loop2: detected capacity change from 0 to 4096 [pid 8542] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... ioctl resumed>) = 0 [pid 5065] umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8542] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] close(3 [pid 5065] openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... close resumed>) = 0 [pid 8542] close(3 [pid 5065] <... openat resumed>) = 3 [pid 8542] <... close resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 8542] close(4 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8542] <... close resumed>) = 0 [pid 8540] <... mount resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8542] mkdir("./file0", 0777 [pid 5065] getdents64(3, [pid 8542] <... mkdir resumed>) = 0 [pid 8540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8543 attached [pid 8542] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8540] <... openat resumed>) = 3 [pid 5065] umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./344/binderfs" [pid 8543] set_robust_list(0x5555569076a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8543 [pid 8543] <... set_robust_list resumed>) = 0 [pid 8540] chdir("./file0" [pid 5065] <... unlink resumed>) = 0 [pid 8543] chdir("./342" [pid 8540] <... chdir resumed>) = 0 [pid 5065] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8543] <... chdir resumed>) = 0 [ 290.943607][ T8542] loop1: detected capacity change from 0 to 4096 [pid 8540] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8543] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8540] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8543] <... prctl resumed>) = 0 [pid 8543] setpgid(0, 0 [pid 8540] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8543] <... setpgid resumed>) = 0 [pid 8543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8540] <... futex resumed>) = 1 [pid 8538] <... futex resumed>) = 0 [pid 8543] <... openat resumed>) = 3 [pid 8538] exit_group(0 [pid 5066] <... ioctl resumed>) = 0 [pid 8538] <... exit_group resumed>) = ? [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8543] write(3, "1000", 4) = 4 [pid 8543] close(3) = 0 [pid 8543] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 8544 attached [pid 8544] set_robust_list(0x5555569076a0, 24) = 0 [pid 8543] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8544] chdir("./345" [pid 8543] <... futex resumed>) = 0 [pid 8543] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8540] +++ exited with 0 +++ [pid 8538] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = 0 [pid 8543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8544] <... chdir resumed>) = 0 [pid 8543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8538, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 8543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8544] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8544 [pid 8544] <... prctl resumed>) = 0 [pid 8544] setpgid(0, 0) = 0 [pid 8544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8543] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./344/file0", [pid 8543] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8544] <... openat resumed>) = 3 [pid 8543] <... mprotect resumed>) = 0 [pid 5065] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8544] write(3, "1000", 4 [pid 8543] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 3 [pid 8544] <... write resumed>) = 4 [pid 5065] openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(3, "", [pid 8544] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8544] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 8544] symlink("/dev/binderfs", "./binderfs" [pid 8543] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8544] <... symlink resumed>) = 0 [pid 8543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] newfstatat(4, "", [pid 5064] umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8544] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8545 attached [pid 8544] <... futex resumed>) = 0 [pid 5065] getdents64(4, [pid 5064] newfstatat(AT_FDCWD, "./346/binderfs", [pid 8545] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8544] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8543] <... clone3 resumed> => {parent_tid=[8545]}, 88) = 8545 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8545] <... rseq resumed>) = 0 [pid 8544] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8543] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] getdents64(4, [pid 5064] unlink("./346/binderfs" [pid 8545] set_robust_list(0x7f67138b29a0, 24 [pid 8544] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8545] <... set_robust_list resumed>) = 0 [pid 8544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8543] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] close(4 [pid 5064] <... unlink resumed>) = 0 [pid 8545] rt_sigprocmask(SIG_SETMASK, [], [pid 8544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8543] <... futex resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8544] <... mmap resumed>) = 0x7f6713892000 [pid 8543] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] rmdir("./344/file0" [pid 5064] <... umount2 resumed>) = 0 [pid 8544] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... rmdir resumed>) = 0 [pid 8544] <... mprotect resumed>) = 0 [pid 5065] getdents64(3, [pid 8545] memfd_create("syzkaller", 0 [pid 8542] <... mount resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8544] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8542] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] close(3 [pid 8545] <... memfd_create resumed>) = 3 [pid 8544] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8542] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5064] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8542] chdir("./file0" [pid 5065] rmdir("./344" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8546 attached [pid 8545] <... mmap resumed>) = 0x7f670b400000 [pid 8542] <... chdir resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./346/file0", [pid 8546] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8544] <... clone3 resumed> => {parent_tid=[8546]}, 88) = 8546 [pid 8542] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... rmdir resumed>) = 0 [pid 8544] rt_sigprocmask(SIG_SETMASK, [], [pid 8542] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] mkdir("./345", 0777 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8546] <... rseq resumed>) = 0 [pid 8544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8542] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8546] set_robust_list(0x7f67138b29a0, 24 [pid 8544] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8542] <... futex resumed>) = 1 [pid 8541] <... futex resumed>) = 0 [pid 5064] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8544] <... futex resumed>) = 0 [pid 8542] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8541] exit_group(0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8546] <... set_robust_list resumed>) = 0 [pid 8544] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8542] <... futex resumed>) = ? [pid 8541] <... exit_group resumed>) = ? [pid 5064] openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8546] rt_sigprocmask(SIG_SETMASK, [], [pid 8542] +++ exited with 0 +++ [pid 5065] <... mkdir resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 8546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] newfstatat(4, "", [pid 8546] memfd_create("syzkaller", 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./346/file0" [pid 8546] <... memfd_create resumed>) = 3 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... rmdir resumed>) = 0 [pid 8546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... openat resumed>) = 3 [pid 8546] <... mmap resumed>) = 0x7f670b400000 [pid 5064] getdents64(3, [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8541] +++ exited with 0 +++ [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8541, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5063] umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] close(3 [pid 5063] <... openat resumed>) = 3 [pid 5064] <... close resumed>) = 0 [pid 5063] newfstatat(3, "", [pid 5064] rmdir("./346" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./349/binderfs", [pid 5064] mkdir("./347", 0777) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./349/binderfs" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5063] <... unlink resumed>) = 0 [pid 5063] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... umount2 resumed>) = 0 [pid 8545] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8546] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... ioctl resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./349/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", [pid 8545] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 8547 attached [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8547] set_robust_list(0x5555569076a0, 24 [pid 5063] getdents64(4, [pid 8547] <... set_robust_list resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8547 [pid 8547] chdir("./345" [pid 8545] munmap(0x7f670b400000, 138412032 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8547] <... chdir resumed>) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 8547] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] rmdir("./349/file0" [pid 8547] <... prctl resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8547] setpgid(0, 0 [pid 5063] getdents64(3, [pid 8547] <... setpgid resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] close(3 [pid 8547] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./349" [pid 8547] write(3, "1000", 4 [pid 5064] close(3 [pid 8547] <... write resumed>) = 4 [pid 5064] <... close resumed>) = 0 [pid 8547] close(3 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... rmdir resumed>) = 0 [pid 8547] <... close resumed>) = 0 [pid 5063] mkdir("./350", 0777 [pid 8545] <... munmap resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8547] symlink("/dev/binderfs", "./binderfs" [pid 8545] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8548 attached [pid 8547] <... symlink resumed>) = 0 [pid 8545] <... openat resumed>) = 4 [pid 5063] <... openat resumed>) = 3 [pid 8548] set_robust_list(0x5555569076a0, 24 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8545] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8548 [pid 8548] <... set_robust_list resumed>) = 0 [pid 8547] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8548] chdir("./347" [pid 8547] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8547] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8548] <... chdir resumed>) = 0 [pid 8547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8548] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8548] <... prctl resumed>) = 0 [pid 8547] <... mmap resumed>) = 0x7f6713892000 [pid 8548] setpgid(0, 0 [pid 8547] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8548] <... setpgid resumed>) = 0 [pid 8547] <... mprotect resumed>) = 0 [pid 8548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8547] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8546] <... write resumed>) = 2097152 [pid 8546] munmap(0x7f670b400000, 138412032 [pid 8548] <... openat resumed>) = 3 [pid 8547] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8548] write(3, "1000", 4 [pid 8547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8548] <... write resumed>) = 4 [pid 8548] close(3) = 0 [pid 8548] symlink("/dev/binderfs", "./binderfs" [pid 8547] <... clone3 resumed> => {parent_tid=[8549]}, 88) = 8549 [pid 8548] <... symlink resumed>) = 0 [pid 8547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8547] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8547] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8548] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8548] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8545] <... ioctl resumed>) = 0 [pid 8548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8545] close(3 [pid 8548] <... mmap resumed>) = 0x7f6713892000 [pid 8548] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8545] <... close resumed>) = 0 [pid 8548] <... mprotect resumed>) = 0 [pid 8545] close(4 [pid 8548] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8545] <... close resumed>) = 0 [pid 8548] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8545] mkdir("./file0", 0777 [pid 8548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8550 attached => {parent_tid=[8550]}, 88) = 8550 [pid 8550] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8548] rt_sigprocmask(SIG_SETMASK, [], [pid 8545] <... mkdir resumed>) = 0 [pid 8550] <... rseq resumed>) = 0 [pid 8548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8550] set_robust_list(0x7f67138b29a0, 24 [pid 8548] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8545] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8550] <... set_robust_list resumed>) = 0 [pid 8548] <... futex resumed>) = 0 [pid 8550] rt_sigprocmask(SIG_SETMASK, [], [pid 8548] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8550] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8549 attached [pid 8549] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8550] memfd_create("syzkaller", 0 [pid 8549] set_robust_list(0x7f67138b29a0, 24 [pid 8546] <... munmap resumed>) = 0 [pid 8549] <... set_robust_list resumed>) = 0 [pid 8549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8550] <... memfd_create resumed>) = 3 [pid 8550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [ 291.207162][ T8545] loop0: detected capacity change from 0 to 4096 [pid 8549] memfd_create("syzkaller", 0 [pid 8546] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... ioctl resumed>) = 0 [pid 8549] <... memfd_create resumed>) = 3 [pid 8546] <... openat resumed>) = 4 [pid 8546] ioctl(4, LOOP_SET_FD, 3 [pid 8549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8546] <... ioctl resumed>) = 0 [pid 8546] close(3 [pid 5063] close(3 [pid 8546] <... close resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8546] close(4 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8546] <... close resumed>) = 0 [pid 8546] mkdir("./file0", 0777) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8551 ./strace-static-x86_64: Process 8551 attached [pid 8546] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8551] set_robust_list(0x5555569076a0, 24) = 0 [pid 8551] chdir("./350") = 0 [ 291.278766][ T8546] loop4: detected capacity change from 0 to 4096 [pid 8551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8550] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8551] setpgid(0, 0) = 0 [pid 8551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8551] write(3, "1000", 4) = 4 [pid 8551] close(3) = 0 [pid 8551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8551] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8549] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8551] <... futex resumed>) = 0 [pid 8551] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8551] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8551] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8552 attached [pid 8552] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8552] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8551] <... clone3 resumed> => {parent_tid=[8552]}, 88) = 8552 [pid 8552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8551] rt_sigprocmask(SIG_SETMASK, [], [pid 8552] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8551] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8552] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8552] memfd_create("syzkaller", 0 [pid 8551] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8545] <... mount resumed>) = 0 [pid 8545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8550] <... write resumed>) = 2097152 [pid 8545] chdir("./file0" [pid 8552] <... memfd_create resumed>) = 3 [pid 8552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8546] <... mount resumed>) = 0 [pid 8545] <... chdir resumed>) = 0 [pid 8546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8545] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8546] <... openat resumed>) = 3 [pid 8545] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8546] chdir("./file0" [pid 8545] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8546] <... chdir resumed>) = 0 [pid 8545] <... futex resumed>) = 1 [pid 8543] <... futex resumed>) = 0 [pid 8546] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8545] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8550] munmap(0x7f670b400000, 138412032 [pid 8546] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8543] exit_group(0 [pid 8550] <... munmap resumed>) = 0 [pid 8546] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8545] <... futex resumed>) = ? [pid 8543] <... exit_group resumed>) = ? [pid 8545] +++ exited with 0 +++ [pid 8543] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8543, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8546] <... futex resumed>) = 1 [pid 5062] <... restart_syscall resumed>) = 0 [pid 8546] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8544] <... futex resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 8544] exit_group(0 [pid 8546] <... futex resumed>) = ? [pid 8544] <... exit_group resumed>) = ? [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8549] <... write resumed>) = 2097152 [pid 8546] +++ exited with 0 +++ [pid 5062] getdents64(3, [pid 8549] munmap(0x7f670b400000, 138412032 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8550] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5062] umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8550] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8544] +++ exited with 0 +++ [pid 8552] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8549] <... munmap resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8544, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5062] newfstatat(AT_FDCWD, "./342/binderfs", [pid 8549] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8549] ioctl(4, LOOP_SET_FD, 3 [pid 8550] <... ioctl resumed>) = 0 [pid 5066] umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./342/binderfs" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8549] <... ioctl resumed>) = 0 [pid 8550] close(3 [pid 5066] openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... unlink resumed>) = 0 [pid 8549] close(3) = 0 [pid 8549] close(4) = 0 [pid 8549] mkdir("./file0", 0777 [pid 5066] <... openat resumed>) = 3 [pid 8550] <... close resumed>) = 0 [pid 5062] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(3, "", [pid 8550] close(4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8550] <... close resumed>) = 0 [pid 8550] mkdir("./file0", 0777 [pid 8549] <... mkdir resumed>) = 0 [pid 5066] getdents64(3, [pid 5062] <... umount2 resumed>) = 0 [pid 8550] <... mkdir resumed>) = 0 [pid 8549] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8550] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5066] umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8552] <... write resumed>) = 2097152 [pid 5066] newfstatat(AT_FDCWD, "./345/binderfs", [pid 5062] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] newfstatat(AT_FDCWD, "./342/file0", [pid 5066] unlink("./345/binderfs" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5062] umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8552] munmap(0x7f670b400000, 138412032 [pid 5066] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 291.454831][ T8550] loop2: detected capacity change from 0 to 4096 [ 291.462233][ T8549] loop3: detected capacity change from 0 to 4096 [pid 5062] openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", [pid 8550] <... mount resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 8550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, [pid 5066] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8550] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] close(4 [pid 8550] chdir("./file0") = 0 [pid 8549] <... mount resumed>) = 0 [pid 8550] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] newfstatat(AT_FDCWD, "./345/file0", [pid 5062] <... close resumed>) = 0 [pid 8550] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] rmdir("./342/file0" [pid 8549] <... openat resumed>) = 3 [pid 8549] chdir("./file0") = 0 [pid 8552] <... munmap resumed>) = 0 [pid 8550] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... rmdir resumed>) = 0 [pid 8552] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] getdents64(3, [pid 8552] <... openat resumed>) = 4 [pid 8550] <... futex resumed>) = 1 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8552] ioctl(4, LOOP_SET_FD, 3 [pid 8550] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8548] <... futex resumed>) = 0 [pid 8549] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] close(3 [pid 8549] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8549] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8549] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8547] <... futex resumed>) = 0 [pid 8547] exit_group(0 [pid 8549] <... futex resumed>) = ? [pid 8547] <... exit_group resumed>) = ? [pid 8549] +++ exited with 0 +++ [pid 8548] exit_group(0 [pid 5066] openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5062] rmdir("./342") = 0 [pid 8550] <... futex resumed>) = ? [pid 8548] <... exit_group resumed>) = ? [pid 8550] +++ exited with 0 +++ [pid 8552] <... ioctl resumed>) = 0 [pid 8548] +++ exited with 0 +++ [pid 8547] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", [pid 5062] mkdir("./343", 0777 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8548, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 8552] close(3) = 0 [pid 8552] close(4) = 0 [pid 8552] mkdir("./file0", 0777 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... restart_syscall resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 5066] getdents64(4, [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8547, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 8552] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] getdents64(4, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... openat resumed>) = 3 [pid 8552] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] close(4 [pid 5065] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 5064] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5066] rmdir("./345/file0" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(3, "", [pid 5066] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./347/binderfs", [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(AT_FDCWD, "./345/binderfs", [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./347/binderfs" [pid 5066] <... close resumed>) = 0 [pid 5065] unlink("./345/binderfs" [pid 5064] <... unlink resumed>) = 0 [pid 5066] rmdir("./345" [pid 5065] <... unlink resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5065] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 291.553884][ T8552] loop1: detected capacity change from 0 to 4096 [pid 5066] mkdir("./346", 0777 [pid 5065] <... umount2 resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./347/file0", [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./345/file0", [pid 5064] openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] <... openat resumed>) = 4 [pid 8552] <... mount resumed>) = 0 [pid 8552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(4, "", [pid 8552] <... openat resumed>) = 3 [pid 5065] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8552] chdir("./file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 5062] close(3 [pid 8552] <... chdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8552] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./347/file0" [pid 8552] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... rmdir resumed>) = 0 [pid 8552] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] newfstatat(4, "", [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8553 [pid 8552] <... futex resumed>) = 1 [pid 8551] <... futex resumed>) = 0 [pid 5064] getdents64(3, [pid 8551] exit_group(0 [pid 8552] ???() = ? [pid 8551] <... exit_group resumed>) = ? [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8553 attached [pid 5065] getdents64(4, [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8553] set_robust_list(0x5555569076a0, 24 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] close(3 [pid 5065] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] rmdir("./347" [pid 5065] close(4 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./348", 0777 [pid 5065] <... close resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8553] <... set_robust_list resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8553] chdir("./343" [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8553] <... chdir resumed>) = 0 [pid 8553] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] rmdir("./345/file0" [pid 8553] <... prctl resumed>) = 0 [pid 8553] setpgid(0, 0) = 0 [pid 8553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... rmdir resumed>) = 0 [pid 8553] <... openat resumed>) = 3 [pid 8553] write(3, "1000", 4 [pid 8552] +++ exited with 0 +++ [pid 8551] +++ exited with 0 +++ [pid 5065] getdents64(3, [pid 8553] <... write resumed>) = 4 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8551, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8553] close(3) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] close(3 [pid 8553] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8553] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8553] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... close resumed>) = 0 [pid 5063] umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8553] <... mmap resumed>) = 0x7f6713892000 [pid 5065] rmdir("./345" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8553] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8553] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... rmdir resumed>) = 0 [pid 5063] newfstatat(3, "", [pid 8553] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] mkdir("./346", 0777 [pid 8553] <... clone3 resumed> => {parent_tid=[8554]}, 88) = 8554 ./strace-static-x86_64: Process 8554 attached [pid 8553] rt_sigprocmask(SIG_SETMASK, [], [pid 8554] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8554] <... rseq resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8553] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(3, [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8554] set_robust_list(0x7f67138b29a0, 24 [pid 8553] <... futex resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 8554] <... set_robust_list resumed>) = 0 [pid 8553] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8554] memfd_create("syzkaller", 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8554] <... memfd_create resumed>) = 3 [pid 8554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] newfstatat(AT_FDCWD, "./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./350/binderfs") = 0 [pid 5063] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 8554] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... ioctl resumed>) = 0 [pid 5063] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5066] close(3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] newfstatat(AT_FDCWD, "./350/file0", [pid 5066] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8556 attached [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8555 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8556 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8556] set_robust_list(0x5555569076a0, 24 [pid 5063] openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8555 attached [pid 8555] set_robust_list(0x5555569076a0, 24 [pid 8556] <... set_robust_list resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8555] <... set_robust_list resumed>) = 0 [pid 8555] chdir("./348") = 0 [pid 8556] chdir("./346" [pid 8555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8556] <... chdir resumed>) = 0 [pid 8556] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8555] setpgid(0, 0 [pid 5063] getdents64(4, [pid 8556] <... prctl resumed>) = 0 [pid 8556] setpgid(0, 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8556] <... setpgid resumed>) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4 [pid 8555] <... setpgid resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] rmdir("./350/file0" [pid 8555] <... openat resumed>) = 3 [pid 5065] close(3 [pid 8555] write(3, "1000", 4 [pid 5065] <... close resumed>) = 0 [pid 8555] <... write resumed>) = 4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... rmdir resumed>) = 0 [pid 8556] <... openat resumed>) = 3 [pid 8555] close(3) = 0 [pid 8555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8555] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8557 [pid 8555] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 ./strace-static-x86_64: Process 8557 attached [pid 8555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8555] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8555] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8557] set_robust_list(0x5555569076a0, 24) = 0 [pid 8557] chdir("./346" [pid 8555] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8557] <... chdir resumed>) = 0 [pid 8555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8557] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8556] write(3, "1000", 4 [pid 5063] getdents64(3, ./strace-static-x86_64: Process 8558 attached [pid 8558] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8558] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8558] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8557] <... prctl resumed>) = 0 [pid 8557] setpgid(0, 0) = 0 [pid 8555] <... clone3 resumed> => {parent_tid=[8558]}, 88) = 8558 [pid 8557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8555] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8558] <... futex resumed>) = 0 [pid 8555] <... futex resumed>) = 1 [pid 8558] memfd_create("syzkaller", 0 [pid 8557] write(3, "1000", 4 [pid 8556] <... write resumed>) = 4 [pid 8555] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8558] <... memfd_create resumed>) = 3 [pid 8557] <... write resumed>) = 4 [pid 8558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8557] close(3 [pid 8558] <... mmap resumed>) = 0x7f670b400000 [pid 8557] <... close resumed>) = 0 [pid 5063] close(3 [pid 8557] symlink("/dev/binderfs", "./binderfs" [pid 8556] close(3 [pid 5063] <... close resumed>) = 0 [pid 8557] <... symlink resumed>) = 0 [pid 8556] <... close resumed>) = 0 [pid 5063] rmdir("./350" [pid 8557] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8556] symlink("/dev/binderfs", "./binderfs" [pid 8554] <... write resumed>) = 2097152 [pid 8557] <... futex resumed>) = 0 [pid 8557] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8556] <... symlink resumed>) = 0 [pid 8557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8556] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8554] munmap(0x7f670b400000, 138412032 [pid 5063] <... rmdir resumed>) = 0 [pid 8557] <... mmap resumed>) = 0x7f6713892000 [pid 8556] <... futex resumed>) = 0 [pid 5063] mkdir("./351", 0777 [pid 8557] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8556] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8557] <... mprotect resumed>) = 0 [pid 8557] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8556] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8557] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8559]}, 88) = 8559 [pid 8557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8557] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8557] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8559 attached [pid 8559] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8556] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8554] <... munmap resumed>) = 0 [pid 8556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8554] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8559] set_robust_list(0x7f67138b29a0, 24 [pid 8556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8554] <... openat resumed>) = 4 [pid 5063] <... mkdir resumed>) = 0 [pid 8559] <... set_robust_list resumed>) = 0 [pid 8556] <... mmap resumed>) = 0x7f6713892000 [pid 8554] ioctl(4, LOOP_SET_FD, 3 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8559] rt_sigprocmask(SIG_SETMASK, [], [pid 8556] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... openat resumed>) = 3 [pid 8556] <... mprotect resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8560]}, 88) = 8560 [pid 8556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8556] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8556] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8560 attached [pid 8559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8560] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8560] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8560] rt_sigprocmask(SIG_SETMASK, [], [pid 8559] memfd_create("syzkaller", 0 [pid 8560] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8554] <... ioctl resumed>) = 0 [pid 8559] <... memfd_create resumed>) = 3 [pid 8560] memfd_create("syzkaller", 0 [pid 8559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8554] close(3 [pid 8560] <... memfd_create resumed>) = 3 [pid 8560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8559] <... mmap resumed>) = 0x7f670b400000 [pid 8558] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8554] <... close resumed>) = 0 [pid 8554] close(4) = 0 [pid 8554] mkdir("./file0", 0777) = 0 [ 291.868156][ T8554] loop0: detected capacity change from 0 to 4096 [pid 8554] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8558] <... write resumed>) = 2097152 [pid 8559] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8558] munmap(0x7f670b400000, 138412032) = 0 [pid 8558] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8558] ioctl(4, LOOP_SET_FD, 3 [pid 8560] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8559] <... write resumed>) = 2097152 [pid 8558] <... ioctl resumed>) = 0 [pid 8559] munmap(0x7f670b400000, 138412032 [pid 8558] close(3) = 0 [pid 8558] close(4 [pid 8559] <... munmap resumed>) = 0 [pid 8558] <... close resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8558] mkdir("./file0", 0777) = 0 [ 291.956251][ T8558] loop2: detected capacity change from 0 to 4096 [pid 8559] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8558] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8554] <... mount resumed>) = 0 [pid 5063] close(3) = 0 [pid 8559] <... openat resumed>) = 4 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8561 attached [pid 8554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8561] set_robust_list(0x5555569076a0, 24 [pid 8559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8554] <... openat resumed>) = 3 [pid 8561] <... set_robust_list resumed>) = 0 [pid 8554] chdir("./file0" [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8561 [pid 8561] chdir("./351" [pid 8554] <... chdir resumed>) = 0 [pid 8561] <... chdir resumed>) = 0 [pid 8554] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8561] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8554] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8554] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8561] <... prctl resumed>) = 0 [pid 8559] close(3 [pid 8554] <... futex resumed>) = 1 [pid 8553] <... futex resumed>) = 0 [pid 8561] setpgid(0, 0 [pid 8554] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8553] exit_group(0 [pid 8561] <... setpgid resumed>) = 0 [pid 8559] <... close resumed>) = 0 [pid 8554] <... futex resumed>) = ? [pid 8553] <... exit_group resumed>) = ? [pid 8554] +++ exited with 0 +++ [pid 8561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8553] +++ exited with 0 +++ [pid 8559] close(4 [pid 8561] <... openat resumed>) = 3 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8553, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8561] write(3, "1000", 4 [pid 8559] <... close resumed>) = 0 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8561] <... write resumed>) = 4 [pid 8559] mkdir("./file0", 0777 [pid 5062] <... restart_syscall resumed>) = 0 [pid 8561] close(3 [pid 8560] <... write resumed>) = 2097152 [pid 8559] <... mkdir resumed>) = 0 [pid 8561] <... close resumed>) = 0 [pid 8560] munmap(0x7f670b400000, 138412032 [pid 8559] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8561] symlink("/dev/binderfs", "./binderfs" [pid 5062] umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8561] <... symlink resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8561] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... openat resumed>) = 3 [pid 8561] <... futex resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 8561] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8561] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] getdents64(3, [pid 8561] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8561] <... mmap resumed>) = 0x7f6713892000 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8561] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] newfstatat(AT_FDCWD, "./343/binderfs", [pid 8561] <... mprotect resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 292.029570][ T8559] loop3: detected capacity change from 0 to 4096 [pid 5062] unlink("./343/binderfs" [pid 8561] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8561] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8562 attached [pid 8562] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8561] <... clone3 resumed> => {parent_tid=[8562]}, 88) = 8562 [pid 8562] set_robust_list(0x7f67138b29a0, 24 [pid 8561] rt_sigprocmask(SIG_SETMASK, [], [pid 8562] <... set_robust_list resumed>) = 0 [pid 8561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8561] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8562] memfd_create("syzkaller", 0 [pid 8561] <... futex resumed>) = 0 [pid 8561] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... umount2 resumed>) = 0 [pid 8560] <... munmap resumed>) = 0 [pid 8560] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8562] <... memfd_create resumed>) = 3 [pid 8560] <... openat resumed>) = 4 [pid 8562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8562] <... mmap resumed>) = 0x7f670b400000 [pid 8560] ioctl(4, LOOP_SET_FD, 3 [pid 8558] <... mount resumed>) = 0 [pid 8558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8559] <... mount resumed>) = 0 [pid 8558] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8558] chdir("./file0" [pid 8559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8558] <... chdir resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./343/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8558] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] close(4 [pid 8560] <... ioctl resumed>) = 0 [pid 8559] <... openat resumed>) = 3 [pid 8558] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] <... close resumed>) = 0 [pid 8560] close(3 [pid 8559] chdir("./file0" [pid 8558] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] rmdir("./343/file0" [pid 8558] <... futex resumed>) = 1 [pid 8555] <... futex resumed>) = 0 [pid 8559] <... chdir resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8560] <... close resumed>) = 0 [pid 8559] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8555] exit_group(0 [pid 8560] close(4 [pid 8558] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8559] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8560] <... close resumed>) = 0 [pid 8560] mkdir("./file0", 0777 [pid 8558] <... futex resumed>) = ? [pid 8555] <... exit_group resumed>) = ? [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./343" [pid 8560] <... mkdir resumed>) = 0 [pid 8558] +++ exited with 0 +++ [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./344", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8559] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8560] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8559] <... futex resumed>) = 1 [pid 8559] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8555] +++ exited with 0 +++ [pid 8557] <... futex resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8555, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8557] exit_group(0 [pid 5064] umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8557] <... exit_group resumed>) = ? [pid 8559] <... futex resumed>) = ? [pid 5064] getdents64(3, [pid 8559] +++ exited with 0 +++ [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8562] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./348/binderfs", [pid 8557] +++ exited with 0 +++ [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 292.134654][ T8560] loop4: detected capacity change from 0 to 4096 [pid 5064] unlink("./348/binderfs" [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8557, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5065] umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... unlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5064] <... umount2 resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8562] <... write resumed>) = 2097152 [pid 5065] umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8562] munmap(0x7f670b400000, 138412032 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./346/binderfs", [pid 5064] newfstatat(AT_FDCWD, "./348/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./346/binderfs" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8562] <... munmap resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5065] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5062] close(3 [pid 5064] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8562] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... umount2 resumed>) = 0 [pid 5064] rmdir("./348/file0" [pid 8560] <... mount resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8562] <... openat resumed>) = 4 [pid 5064] getdents64(3, [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8562] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8563 attached [pid 8560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8563] set_robust_list(0x5555569076a0, 24 [pid 8560] <... openat resumed>) = 3 [pid 5065] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3 [pid 8563] <... set_robust_list resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8563] chdir("./344" [pid 8560] chdir("./file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./348" [pid 8560] <... chdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./346/file0", [pid 8560] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8563] <... chdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8560] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8563] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8560] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] mkdir("./349", 0777 [pid 8563] <... prctl resumed>) = 0 [pid 8563] setpgid(0, 0 [pid 8560] <... futex resumed>) = 1 [pid 8556] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8563 [pid 8563] <... setpgid resumed>) = 0 [pid 8560] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8556] exit_group(0 [pid 5065] <... openat resumed>) = 4 [pid 8560] <... futex resumed>) = ? [pid 8556] <... exit_group resumed>) = ? [pid 5065] newfstatat(4, "", [pid 5064] <... mkdir resumed>) = 0 [pid 8560] +++ exited with 0 +++ [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8556] +++ exited with 0 +++ [pid 8563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] close(4 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8563] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8563] write(3, "1000", 4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8556, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5065] rmdir("./346/file0" [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8563] <... write resumed>) = 4 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5065] <... rmdir resumed>) = 0 [pid 8562] <... ioctl resumed>) = 0 [pid 5065] getdents64(3, [pid 8562] close(3 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8562] <... close resumed>) = 0 [pid 5065] close(3 [pid 8562] close(4 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./346" [pid 8562] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./347", 0777 [pid 8562] mkdir("./file0", 0777 [pid 5066] <... restart_syscall resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 8563] close(3 [pid 5066] umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8563] <... close resumed>) = 0 [pid 8562] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8563] symlink("/dev/binderfs", "./binderfs" [pid 5066] openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... openat resumed>) = 3 [pid 8563] <... symlink resumed>) = 0 [pid 8562] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8563] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... openat resumed>) = 3 [pid 8563] <... futex resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 8563] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8563] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] newfstatat(AT_FDCWD, "./346/binderfs", [pid 8563] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8563] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 292.254447][ T8562] loop1: detected capacity change from 0 to 4096 [pid 5066] unlink("./346/binderfs" [pid 8563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... unlink resumed>) = 0 [pid 8563] <... mmap resumed>) = 0x7f6713892000 [pid 5066] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8563] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8563] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... ioctl resumed>) = 0 [pid 8563] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./346/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8564 attached [pid 8564] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8563] <... clone3 resumed> => {parent_tid=[8564]}, 88) = 8564 [pid 5066] newfstatat(4, "", [pid 8564] <... rseq resumed>) = 0 [pid 8563] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] close(3 [pid 8564] set_robust_list(0x7f67138b29a0, 24 [pid 8563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8564] <... set_robust_list resumed>) = 0 [pid 8563] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 8564] rt_sigprocmask(SIG_SETMASK, [], [pid 8563] <... futex resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8563] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8564] memfd_create("syzkaller", 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8565 ./strace-static-x86_64: Process 8565 attached [pid 5066] getdents64(4, [pid 8565] set_robust_list(0x5555569076a0, 24 [pid 8564] <... memfd_create resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... ioctl resumed>) = 0 [pid 8565] <... set_robust_list resumed>) = 0 [pid 8565] chdir("./349" [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 8564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8565] <... chdir resumed>) = 0 [pid 8564] <... mmap resumed>) = 0x7f670b400000 [pid 8562] <... mount resumed>) = 0 [pid 5066] rmdir("./346/file0") = 0 [pid 8565] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] getdents64(3, [pid 5065] close(3 [pid 8565] <... prctl resumed>) = 0 [pid 8562] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 5066] close(3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... close resumed>) = 0 [pid 8562] chdir("./file0" [pid 5066] rmdir("./346"./strace-static-x86_64: Process 8566 attached [pid 8565] setpgid(0, 0 [pid 8562] <... chdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8566 [pid 8566] set_robust_list(0x5555569076a0, 24 [pid 8565] <... setpgid resumed>) = 0 [pid 8562] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] mkdir("./347", 0777 [pid 8566] <... set_robust_list resumed>) = 0 [pid 8565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8562] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... mkdir resumed>) = 0 [pid 8566] chdir("./347" [pid 8565] <... openat resumed>) = 3 [pid 8562] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8566] <... chdir resumed>) = 0 [pid 8565] write(3, "1000", 4 [pid 5066] <... openat resumed>) = 3 [pid 8566] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8565] <... write resumed>) = 4 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8566] <... prctl resumed>) = 0 [pid 8565] close(3 [pid 8566] setpgid(0, 0 [pid 8565] <... close resumed>) = 0 [pid 8562] <... futex resumed>) = 1 [pid 8561] <... futex resumed>) = 0 [pid 8566] <... setpgid resumed>) = 0 [pid 8565] symlink("/dev/binderfs", "./binderfs" [pid 8562] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8561] exit_group(0 [pid 8566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8565] <... symlink resumed>) = 0 [pid 8562] <... futex resumed>) = ? [pid 8561] <... exit_group resumed>) = ? [pid 8566] <... openat resumed>) = 3 [pid 8565] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8562] +++ exited with 0 +++ [pid 8566] write(3, "1000", 4 [pid 8565] <... futex resumed>) = 0 [pid 8566] <... write resumed>) = 4 [pid 8565] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8566] close(3 [pid 8565] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8566] <... close resumed>) = 0 [pid 8565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8566] symlink("/dev/binderfs", "./binderfs" [pid 8565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8561] +++ exited with 0 +++ [pid 8566] <... symlink resumed>) = 0 [pid 8565] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8561, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8566] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8565] <... mprotect resumed>) = 0 [pid 8566] <... futex resumed>) = 0 [pid 8565] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8566] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8565] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8567 attached [pid 8566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8567] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8565] <... clone3 resumed> => {parent_tid=[8567]}, 88) = 8567 [pid 5063] <... openat resumed>) = 3 [pid 8567] <... rseq resumed>) = 0 [pid 8566] <... mmap resumed>) = 0x7f6713892000 [pid 8565] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] newfstatat(3, "", [pid 8567] set_robust_list(0x7f67138b29a0, 24 [pid 8566] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8567] <... set_robust_list resumed>) = 0 [pid 8566] <... mprotect resumed>) = 0 [pid 8565] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(3, [pid 8567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8566] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8565] <... futex resumed>) = 0 [pid 8564] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8567] memfd_create("syzkaller", 0 [pid 8566] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8565] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./351/binderfs" [pid 8566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8567] <... memfd_create resumed>) = 3 [pid 5063] <... unlink resumed>) = 0 [pid 8567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8567] <... mmap resumed>) = 0x7f670b400000 [pid 8566] <... clone3 resumed> => {parent_tid=[8568]}, 88) = 8568 [pid 8566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8566] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8568 attached [pid 8568] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8566] <... futex resumed>) = 0 [pid 8566] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... umount2 resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 8568] <... rseq resumed>) = 0 [pid 8564] <... write resumed>) = 2097152 [pid 5063] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8568] set_robust_list(0x7f67138b29a0, 24 [pid 8564] munmap(0x7f670b400000, 138412032 [pid 5066] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8568] <... set_robust_list resumed>) = 0 [pid 8567] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] newfstatat(AT_FDCWD, "./351/file0", [pid 8568] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8568] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8568] memfd_create("syzkaller", 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8568] <... memfd_create resumed>) = 3 [pid 8568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... openat resumed>) = 4 [pid 8568] <... mmap resumed>) = 0x7f670b400000 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 8564] <... munmap resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8569 [pid 8564] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8564] <... openat resumed>) = 4 [pid 5063] getdents64(4, [pid 8564] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./351/file0"./strace-static-x86_64: Process 8569 attached [pid 8569] set_robust_list(0x5555569076a0, 24) = 0 [pid 8569] chdir("./347") = 0 [pid 8569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8569] setpgid(0, 0) = 0 [pid 8569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8569] write(3, "1000", 4 [pid 5063] <... rmdir resumed>) = 0 [pid 8569] <... write resumed>) = 4 [pid 8569] close(3) = 0 [pid 8569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8569] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] getdents64(3, [pid 8569] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8564] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8569] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8564] close(3 [pid 5063] close(3 [pid 8569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8564] <... close resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8564] close(4 [pid 5063] rmdir("./351" [pid 8569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8569] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8564] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8569] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8564] mkdir("./file0", 0777 [pid 8569] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] mkdir("./352", 0777 [pid 8569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8564] <... mkdir resumed>) = 0 [pid 8569] <... clone3 resumed> => {parent_tid=[8570]}, 88) = 8570 ./strace-static-x86_64: Process 8570 attached [pid 8569] rt_sigprocmask(SIG_SETMASK, [], [pid 8564] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5063] <... mkdir resumed>) = 0 [pid 8570] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8569] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8570] <... rseq resumed>) = 0 [pid 8569] <... futex resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8569] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8570] set_robust_list(0x7f67138b29a0, 24 [pid 5063] <... openat resumed>) = 3 [pid 8568] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8570] <... set_robust_list resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8567] <... write resumed>) = 2097152 [pid 8570] memfd_create("syzkaller", 0) = 3 [ 292.510045][ T8564] loop0: detected capacity change from 0 to 4096 [pid 8567] munmap(0x7f670b400000, 138412032) = 0 [pid 8570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8567] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8568] <... write resumed>) = 2097152 [pid 8568] munmap(0x7f670b400000, 138412032) = 0 [pid 8567] <... openat resumed>) = 4 [pid 8567] ioctl(4, LOOP_SET_FD, 3 [pid 8568] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8568] ioctl(4, LOOP_SET_FD, 3 [pid 8567] <... ioctl resumed>) = 0 [pid 8567] close(3) = 0 [pid 8567] close(4) = 0 [pid 8567] mkdir("./file0", 0777) = 0 [pid 8567] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8564] <... mount resumed>) = 0 [pid 8564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8564] chdir("./file0") = 0 [pid 8568] <... ioctl resumed>) = 0 [pid 8564] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8568] close(3 [pid 8564] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8568] <... close resumed>) = 0 [pid 8564] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8568] close(4 [pid 8564] <... futex resumed>) = 1 [pid 8563] <... futex resumed>) = 0 [pid 8570] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8568] <... close resumed>) = 0 [pid 8564] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8563] exit_group(0 [pid 8568] mkdir("./file0", 0777 [pid 8564] <... futex resumed>) = ? [pid 8563] <... exit_group resumed>) = ? [pid 8568] <... mkdir resumed>) = 0 [pid 8568] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] <... ioctl resumed>) = 0 [ 292.600077][ T8567] loop2: detected capacity change from 0 to 4096 [ 292.611126][ T8568] loop3: detected capacity change from 0 to 4096 [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8567] <... mount resumed>) = 0 [pid 8564] +++ exited with 0 +++ [pid 8563] +++ exited with 0 +++ [pid 8567] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8563, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- ./strace-static-x86_64: Process 8571 attached [pid 8567] <... openat resumed>) = 3 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8571 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8567] chdir("./file0" [pid 5062] <... restart_syscall resumed>) = 0 [pid 8571] set_robust_list(0x5555569076a0, 24 [pid 8567] <... chdir resumed>) = 0 [pid 8571] <... set_robust_list resumed>) = 0 [pid 8567] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5062] umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8571] chdir("./352" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8571] <... chdir resumed>) = 0 [pid 8567] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8571] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8567] <... futex resumed>) = 1 [pid 8565] <... futex resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8571] <... prctl resumed>) = 0 [pid 8565] exit_group(0 [pid 5062] newfstatat(3, "", [pid 8571] setpgid(0, 0 [pid 8565] <... exit_group resumed>) = ? [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8571] <... setpgid resumed>) = 0 [pid 8567] +++ exited with 0 +++ [pid 8565] +++ exited with 0 +++ [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8565, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5062] newfstatat(AT_FDCWD, "./344/binderfs", [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 8571] <... openat resumed>) = 3 [pid 5064] <... restart_syscall resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8571] write(3, "1000", 4) = 4 [pid 5062] unlink("./344/binderfs") = 0 [pid 8571] close(3 [pid 8568] <... mount resumed>) = 0 [pid 5064] umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8571] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = 0 [pid 8568] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8571] symlink("/dev/binderfs", "./binderfs" [pid 5064] openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8571] <... symlink resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8568] <... openat resumed>) = 3 [pid 8571] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8570] <... write resumed>) = 2097152 [pid 5064] newfstatat(3, "", [pid 5062] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8571] <... futex resumed>) = 0 [pid 8570] munmap(0x7f670b400000, 138412032 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8568] chdir("./file0") = 0 [pid 8568] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] getdents64(3, [pid 8568] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8568] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8568] <... futex resumed>) = 1 [pid 8566] <... futex resumed>) = 0 [pid 5064] umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8571] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8568] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8566] exit_group(0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8571] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8570] <... munmap resumed>) = 0 [pid 8568] <... futex resumed>) = ? [pid 8566] <... exit_group resumed>) = ? [pid 5064] newfstatat(AT_FDCWD, "./349/binderfs", [pid 5062] newfstatat(AT_FDCWD, "./344/file0", [pid 8571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8570] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8568] +++ exited with 0 +++ [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8570] <... openat resumed>) = 4 [pid 5064] unlink("./349/binderfs" [pid 5062] umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8570] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... unlink resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8571] <... mmap resumed>) = 0x7f6713892000 [pid 8570] <... ioctl resumed>) = 0 [pid 5064] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8571] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8566] +++ exited with 0 +++ [pid 5062] <... openat resumed>) = 4 [pid 8571] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8566, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8571] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... openat resumed>) = 3 [pid 5062] close(4 [pid 5065] newfstatat(3, "", ./strace-static-x86_64: Process 8572 attached [pid 8571] <... clone3 resumed> => {parent_tid=[8572]}, 88) = 8572 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... close resumed>) = 0 [pid 8572] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8571] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] getdents64(3, [pid 5062] rmdir("./344/file0" [pid 8572] <... rseq resumed>) = 0 [pid 8571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8570] close(3 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... umount2 resumed>) = 0 [pid 8572] set_robust_list(0x7f67138b29a0, 24 [pid 8570] <... close resumed>) = 0 [pid 5065] umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8572] <... set_robust_list resumed>) = 0 [pid 8571] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8570] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... rmdir resumed>) = 0 [pid 8572] rt_sigprocmask(SIG_SETMASK, [], [pid 8571] <... futex resumed>) = 0 [pid 8570] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./347/binderfs", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] getdents64(3, [pid 8572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8571] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8570] mkdir("./file0", 0777 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(AT_FDCWD, "./349/file0", [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8572] memfd_create("syzkaller", 0 [pid 8570] <... mkdir resumed>) = 0 [pid 5065] unlink("./347/binderfs") = 0 [pid 5062] close(3 [pid 5065] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5065] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... close resumed>) = 0 [pid 8572] <... memfd_create resumed>) = 3 [pid 8570] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] rmdir("./344" [pid 8572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8572] <... mmap resumed>) = 0x7f670b400000 [pid 5065] newfstatat(AT_FDCWD, "./347/file0", [pid 5064] openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] mkdir("./345", 0777 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] <... mkdir resumed>) = 0 [pid 5064] getdents64(4, [pid 5065] openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [ 292.750997][ T8570] loop4: detected capacity change from 0 to 4096 [pid 5064] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(4, [pid 5064] close(4 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... close resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5064] rmdir("./349/file0") = 0 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5064] getdents64(3, [pid 5065] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] rmdir("./347/file0" [pid 5064] close(3 [pid 8570] <... mount resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8572] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] getdents64(3, [pid 5064] rmdir("./349") = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./347" [pid 5064] mkdir("./350", 0777 [pid 8570] <... openat resumed>) = 3 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 8570] chdir("./file0") = 0 [pid 8570] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5065] mkdir("./348", 0777 [pid 8570] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8570] <... futex resumed>) = 1 [pid 8569] <... futex resumed>) = 0 [pid 8569] exit_group(0) = ? [pid 5064] <... openat resumed>) = 3 [pid 8570] +++ exited with 0 +++ [pid 8569] +++ exited with 0 +++ [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8569, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8572] <... write resumed>) = 2097152 [pid 5066] umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8572] munmap(0x7f670b400000, 138412032 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... ioctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8572] <... munmap resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5062] close(3 [pid 5066] newfstatat(3, "", [pid 5062] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] getdents64(3, [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8573 ./strace-static-x86_64: Process 8573 attached [pid 8572] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8573] set_robust_list(0x5555569076a0, 24 [pid 5066] umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8573] <... set_robust_list resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8573] chdir("./345" [pid 5066] newfstatat(AT_FDCWD, "./347/binderfs", [pid 8572] <... openat resumed>) = 4 [pid 8572] ioctl(4, LOOP_SET_FD, 3 [pid 8573] <... chdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./347/binderfs" [pid 8573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8573] setpgid(0, 0) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 8573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8572] <... ioctl resumed>) = 0 [pid 8572] close(3) = 0 [pid 8572] close(4) = 0 [pid 8572] mkdir("./file0", 0777) = 0 [pid 8572] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8573] <... openat resumed>) = 3 [pid 8573] write(3, "1000", 4) = 4 [pid 8573] close(3) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 8573] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 8573] <... symlink resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8573] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] close(3 [pid 8573] <... futex resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8574 attached [pid 8573] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8574] set_robust_list(0x5555569076a0, 24 [pid 8573] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 292.909255][ T8572] loop1: detected capacity change from 0 to 4096 [pid 8573] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] newfstatat(AT_FDCWD, "./347/file0", ./strace-static-x86_64: Process 8575 attached [pid 8574] <... set_robust_list resumed>) = 0 [pid 8573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8574 [pid 8573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8575 [pid 8574] chdir("./350" [pid 8573] <... mmap resumed>) = 0x7f6713892000 [pid 5066] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8575] set_robust_list(0x5555569076a0, 24 [pid 8574] <... chdir resumed>) = 0 [pid 8573] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8575] <... set_robust_list resumed>) = 0 [pid 8574] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8573] <... mprotect resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8573] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8574] <... prctl resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8575] chdir("./348" [pid 8572] <... mount resumed>) = 0 [pid 8574] setpgid(0, 0) = 0 [pid 8572] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8575] <... chdir resumed>) = 0 [pid 8575] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8573] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8572] <... openat resumed>) = 3 [pid 5066] getdents64(4, [pid 8575] <... prctl resumed>) = 0 [pid 8573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8572] chdir("./file0" [pid 8575] setpgid(0, 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8575] <... setpgid resumed>) = 0 [pid 8575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8572] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 8576 attached [pid 8573] <... clone3 resumed> => {parent_tid=[8576]}, 88) = 8576 [pid 8572] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8576] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8575] <... openat resumed>) = 3 [pid 8574] <... openat resumed>) = 3 [pid 8573] rt_sigprocmask(SIG_SETMASK, [], [pid 8572] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] getdents64(4, [pid 8576] <... rseq resumed>) = 0 [pid 8575] write(3, "1000", 4 [pid 8573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8572] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8576] set_robust_list(0x7f67138b29a0, 24 [pid 8575] <... write resumed>) = 4 [pid 8573] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8572] <... futex resumed>) = 1 [pid 8571] <... futex resumed>) = 0 [pid 8576] <... set_robust_list resumed>) = 0 [pid 8575] close(3 [pid 8574] write(3, "1000", 4 [pid 8573] <... futex resumed>) = 0 [pid 8572] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8571] exit_group(0 [pid 5066] close(4 [pid 8576] rt_sigprocmask(SIG_SETMASK, [], [pid 8575] <... close resumed>) = 0 [pid 8574] <... write resumed>) = 4 [pid 8573] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8572] <... futex resumed>) = ? [pid 8571] <... exit_group resumed>) = ? [pid 8576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8572] +++ exited with 0 +++ [pid 5066] <... close resumed>) = 0 [pid 8576] memfd_create("syzkaller", 0 [pid 5066] rmdir("./347/file0" [pid 8575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8576] <... memfd_create resumed>) = 3 [pid 8575] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8574] close(3 [pid 8571] +++ exited with 0 +++ [pid 5066] <... rmdir resumed>) = 0 [pid 8576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8575] <... futex resumed>) = 0 [pid 8574] <... close resumed>) = 0 [pid 5066] getdents64(3, [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8571, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8574] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8575] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8576] <... mmap resumed>) = 0x7f670b400000 [pid 8575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8574] <... symlink resumed>) = 0 [pid 5066] close(3 [pid 5063] umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... close resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8575] <... mmap resumed>) = 0x7f6713892000 [pid 5066] rmdir("./347" [pid 5063] newfstatat(3, "", [pid 8575] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8575] <... mprotect resumed>) = 0 [pid 5063] getdents64(3, [pid 8575] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8575] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8574] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] mkdir("./348", 0777 [pid 5063] newfstatat(AT_FDCWD, "./352/binderfs", [pid 8575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8577 attached => {parent_tid=[8577]}, 88) = 8577 [pid 8574] <... futex resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8575] rt_sigprocmask(SIG_SETMASK, [], [pid 8574] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] unlink("./352/binderfs" [pid 8577] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5066] <... openat resumed>) = 3 [pid 8577] <... rseq resumed>) = 0 [pid 8577] set_robust_list(0x7f67138b29a0, 24 [pid 8575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8574] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8577] <... set_robust_list resumed>) = 0 [pid 8575] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8574] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8577] memfd_create("syzkaller", 0 [pid 8575] <... futex resumed>) = 0 [pid 8574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8575] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8574] <... mmap resumed>) = 0x7f6713892000 [pid 8574] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8577] <... memfd_create resumed>) = 3 [pid 8577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8574] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8577] <... mmap resumed>) = 0x7f670b400000 [pid 8574] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8576] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] newfstatat(AT_FDCWD, "./352/file0", ./strace-static-x86_64: Process 8578 attached [pid 8578] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8574] <... clone3 resumed> => {parent_tid=[8578]}, 88) = 8578 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8578] <... rseq resumed>) = 0 [pid 8578] set_robust_list(0x7f67138b29a0, 24 [pid 5063] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8578] <... set_robust_list resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8578] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8578] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8574] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... openat resumed>) = 4 [pid 8574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] newfstatat(4, "", [pid 8574] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8574] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] getdents64(4, [pid 8578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8578] memfd_create("syzkaller", 0 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./352/file0" [pid 8578] <... memfd_create resumed>) = 3 [pid 5063] <... rmdir resumed>) = 0 [pid 8578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 8576] <... write resumed>) = 2097152 [pid 5063] rmdir("./352") = 0 [pid 5063] mkdir("./353", 0777) = 0 [pid 8576] munmap(0x7f670b400000, 138412032 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8577] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8576] <... munmap resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8576] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8576] <... openat resumed>) = 4 [pid 8576] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8579 ./strace-static-x86_64: Process 8579 attached [pid 8579] set_robust_list(0x5555569076a0, 24) = 0 [pid 8579] chdir("./348") = 0 [pid 8576] <... ioctl resumed>) = 0 [pid 8576] close(3) = 0 [pid 8576] close(4) = 0 [pid 8576] mkdir("./file0", 0777) = 0 [pid 8576] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8578] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 293.129526][ T8576] loop0: detected capacity change from 0 to 4096 [pid 8579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8579] setpgid(0, 0) = 0 [pid 8579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8579] write(3, "1000", 4) = 4 [pid 8579] close(3 [pid 8577] <... write resumed>) = 2097152 [pid 5063] <... ioctl resumed>) = 0 [pid 8579] <... close resumed>) = 0 [pid 8579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8577] munmap(0x7f670b400000, 138412032 [pid 5063] close(3 [pid 8579] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8577] <... munmap resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8579] <... futex resumed>) = 0 [pid 8579] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8577] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8579] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8580 attached [pid 8579] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8578] <... write resumed>) = 2097152 [pid 8577] <... openat resumed>) = 4 [pid 8576] <... mount resumed>) = 0 [pid 8580] set_robust_list(0x5555569076a0, 24 [pid 8579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8577] ioctl(4, LOOP_SET_FD, 3 [pid 8580] <... set_robust_list resumed>) = 0 [pid 8579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8578] munmap(0x7f670b400000, 138412032 [pid 8576] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8580 [pid 8580] chdir("./353" [pid 8576] <... openat resumed>) = 3 [pid 8580] <... chdir resumed>) = 0 [pid 8576] chdir("./file0" [pid 8580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8576] <... chdir resumed>) = 0 [pid 8580] setpgid(0, 0) = 0 [pid 8576] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8576] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8580] <... openat resumed>) = 3 [pid 8576] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8579] <... mmap resumed>) = 0x7f6713892000 [pid 8576] <... futex resumed>) = 1 [pid 8573] <... futex resumed>) = 0 [pid 8580] write(3, "1000", 4 [pid 8576] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8573] exit_group(0 [pid 8580] <... write resumed>) = 4 [pid 8576] <... futex resumed>) = ? [pid 8573] <... exit_group resumed>) = ? [pid 8580] close(3 [pid 8576] +++ exited with 0 +++ [pid 8579] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8580] <... close resumed>) = 0 [pid 8580] symlink("/dev/binderfs", "./binderfs" [pid 8579] <... mprotect resumed>) = 0 [pid 8580] <... symlink resumed>) = 0 [pid 8578] <... munmap resumed>) = 0 [pid 8580] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8579] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8580] <... futex resumed>) = 0 [pid 8579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8578] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8573] +++ exited with 0 +++ [pid 8580] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8578] <... openat resumed>) = 4 [pid 8580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8573, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8578] ioctl(4, LOOP_SET_FD, 3 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 8581 attached [pid 8580] <... mmap resumed>) = 0x7f6713892000 [pid 8581] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8580] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8581] <... rseq resumed>) = 0 [pid 8580] <... mprotect resumed>) = 0 [pid 5062] umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8581] set_robust_list(0x7f67138b29a0, 24 [pid 8580] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8581] <... set_robust_list resumed>) = 0 [pid 8580] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8581] rt_sigprocmask(SIG_SETMASK, [], [pid 8580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8582 attached [pid 8581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] newfstatat(3, "", [pid 8582] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8581] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8580] <... clone3 resumed> => {parent_tid=[8582]}, 88) = 8582 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8582] <... rseq resumed>) = 0 [pid 8580] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] getdents64(3, [pid 8582] set_robust_list(0x7f67138b29a0, 24 [pid 8580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8582] <... set_robust_list resumed>) = 0 [pid 8580] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8578] <... ioctl resumed>) = 0 [pid 5062] umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8582] rt_sigprocmask(SIG_SETMASK, [], [pid 8580] <... futex resumed>) = 0 [pid 8578] close(3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8580] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] newfstatat(AT_FDCWD, "./345/binderfs", [pid 8582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8579] <... clone3 resumed> => {parent_tid=[8581]}, 88) = 8581 [pid 8578] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8579] rt_sigprocmask(SIG_SETMASK, [], [pid 8578] close(4 [pid 8577] <... ioctl resumed>) = 0 [pid 5062] unlink("./345/binderfs" [pid 8579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8578] <... close resumed>) = 0 [pid 8577] close(3 [pid 8579] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8578] mkdir("./file0", 0777 [pid 8577] <... close resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8579] <... futex resumed>) = 1 [pid 8578] <... mkdir resumed>) = 0 [pid 8577] close(4 [pid 8581] <... futex resumed>) = 0 [pid 8579] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8577] <... close resumed>) = 0 [pid 8577] mkdir("./file0", 0777 [pid 8582] memfd_create("syzkaller", 0 [pid 8581] memfd_create("syzkaller", 0 [pid 8582] <... memfd_create resumed>) = 3 [pid 8578] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8577] <... mkdir resumed>) = 0 [pid 5062] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8577] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5062] <... umount2 resumed>) = 0 [pid 8581] <... memfd_create resumed>) = 3 [pid 5062] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8581] <... mmap resumed>) = 0x7f670b400000 [pid 5062] newfstatat(AT_FDCWD, "./345/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 293.241594][ T8577] loop3: detected capacity change from 0 to 4096 [ 293.268690][ T8578] loop2: detected capacity change from 0 to 4096 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./345/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./345") = 0 [pid 5062] mkdir("./346", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8577] <... mount resumed>) = 0 [pid 8577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8577] chdir("./file0" [pid 8578] <... mount resumed>) = 0 [pid 8577] <... chdir resumed>) = 0 [pid 8577] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8578] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8577] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8578] <... openat resumed>) = 3 [pid 8577] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8578] chdir("./file0" [pid 8577] <... futex resumed>) = 1 [pid 8575] <... futex resumed>) = 0 [pid 8582] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8578] <... chdir resumed>) = 0 [pid 8577] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8575] exit_group(0 [pid 8581] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8578] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8575] <... exit_group resumed>) = ? [pid 8578] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8577] <... futex resumed>) = ? [pid 8577] +++ exited with 0 +++ [pid 8575] +++ exited with 0 +++ [pid 8578] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8575, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8578] <... futex resumed>) = 1 [pid 8574] <... futex resumed>) = 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 8574] exit_group(0) = ? [pid 5065] <... restart_syscall resumed>) = 0 [pid 5065] umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./348/binderfs") = 0 [pid 5065] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8582] <... write resumed>) = 2097152 [pid 8578] +++ exited with 0 +++ [pid 8574] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8574, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5064] umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(3, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(AT_FDCWD, "./348/file0", [pid 5064] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(AT_FDCWD, "./350/binderfs", [pid 5065] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(4, "", [pid 5064] unlink("./350/binderfs" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5065] getdents64(4, [pid 5064] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8581] <... write resumed>) = 2097152 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = 0 [pid 8582] munmap(0x7f670b400000, 138412032 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./348/file0" [pid 8581] munmap(0x7f670b400000, 138412032 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] close(3 [pid 8582] <... munmap resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(AT_FDCWD, "./350/file0", [pid 5065] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./348" [pid 5064] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] mkdir("./349", 0777./strace-static-x86_64: Process 8583 attached [pid 8582] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... mkdir resumed>) = 0 [pid 5064] getdents64(4, [pid 8583] set_robust_list(0x5555569076a0, 24 [pid 8582] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8583 [pid 5064] close(4) = 0 [pid 8583] <... set_robust_list resumed>) = 0 [pid 8582] ioctl(4, LOOP_SET_FD, 3 [pid 5064] rmdir("./350/file0" [pid 8581] <... munmap resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8581] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... openat resumed>) = 3 [pid 8581] <... openat resumed>) = 4 [pid 8581] ioctl(4, LOOP_SET_FD, 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8583] chdir("./346" [pid 8582] <... ioctl resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8583] <... chdir resumed>) = 0 [pid 8582] close(3 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] getdents64(3, [pid 8583] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8582] <... close resumed>) = 0 [pid 8583] <... prctl resumed>) = 0 [pid 8582] close(4 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8583] setpgid(0, 0 [pid 5065] close(3 [pid 8582] <... close resumed>) = 0 [pid 5064] close(3 [pid 5065] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8582] mkdir("./file0", 0777 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8584 ./strace-static-x86_64: Process 8584 attached [pid 8584] set_robust_list(0x5555569076a0, 24) = 0 [pid 8584] chdir("./349") = 0 [pid 8584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8584] setpgid(0, 0) = 0 [pid 8584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8583] <... setpgid resumed>) = 0 [pid 8582] <... mkdir resumed>) = 0 [pid 5064] rmdir("./350" [pid 8584] write(3, "1000", 4) = 4 [pid 8584] close(3) = 0 [pid 8584] symlink("/dev/binderfs", "./binderfs" [pid 8581] <... ioctl resumed>) = 0 [pid 8584] <... symlink resumed>) = 0 [pid 8583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8582] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... rmdir resumed>) = 0 [pid 8583] <... openat resumed>) = 3 [pid 8581] close(3 [pid 5064] mkdir("./351", 0777 [pid 8581] <... close resumed>) = 0 [pid 8581] close(4 [pid 8584] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8581] <... close resumed>) = 0 [pid 8584] <... futex resumed>) = 0 [pid 8581] mkdir("./file0", 0777 [pid 8584] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8581] <... mkdir resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 8584] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8581] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8583] write(3, "1000", 4 [pid 5064] <... openat resumed>) = 3 [pid 8584] <... mmap resumed>) = 0x7f6713892000 [pid 8583] <... write resumed>) = 4 [pid 8584] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8583] close(3 [pid 8582] <... mount resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8584] <... mprotect resumed>) = 0 [pid 8583] <... close resumed>) = 0 [ 293.474742][ T8582] loop1: detected capacity change from 0 to 4096 [ 293.482080][ T8581] loop4: detected capacity change from 0 to 4096 [pid 8582] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8584] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8583] symlink("/dev/binderfs", "./binderfs" [pid 8582] <... openat resumed>) = 3 [pid 8584] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8583] <... symlink resumed>) = 0 [pid 8582] chdir("./file0"./strace-static-x86_64: Process 8585 attached [pid 8583] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8582] <... chdir resumed>) = 0 [pid 8583] <... futex resumed>) = 0 [pid 8582] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8583] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8585] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8584] <... clone3 resumed> => {parent_tid=[8585]}, 88) = 8585 [pid 8582] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8585] <... rseq resumed>) = 0 [pid 8584] rt_sigprocmask(SIG_SETMASK, [], [pid 8583] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8582] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8581] <... mount resumed>) = 0 [pid 8585] set_robust_list(0x7f67138b29a0, 24 [pid 8584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8582] <... futex resumed>) = 1 [pid 8581] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8580] <... futex resumed>) = 0 [pid 8585] <... set_robust_list resumed>) = 0 [pid 8584] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8583] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8581] <... openat resumed>) = 3 [pid 8582] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8580] exit_group(0 [pid 8585] rt_sigprocmask(SIG_SETMASK, [], [pid 8584] <... futex resumed>) = 0 [pid 8581] chdir("./file0" [pid 8585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8582] <... futex resumed>) = ? [pid 8580] <... exit_group resumed>) = ? [pid 8585] memfd_create("syzkaller", 0 [pid 8581] <... chdir resumed>) = 0 [pid 8581] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8584] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8581] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8585] <... memfd_create resumed>) = 3 [pid 8581] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8581] <... futex resumed>) = 1 [pid 8585] <... mmap resumed>) = 0x7f670b400000 [pid 8581] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8579] <... futex resumed>) = 0 [pid 8579] exit_group(0) = ? [pid 8583] <... mmap resumed>) = 0x7f6713892000 [pid 8581] <... futex resumed>) = ? [pid 8583] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8582] +++ exited with 0 +++ [pid 8581] +++ exited with 0 +++ [pid 8580] +++ exited with 0 +++ [pid 8579] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8579, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8580, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8583] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8586 attached [pid 8586] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8583] <... clone3 resumed> => {parent_tid=[8586]}, 88) = 8586 [pid 8583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] newfstatat(3, "", [pid 5063] openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5066] getdents64(3, [pid 5063] newfstatat(3, "", [pid 8586] <... rseq resumed>) = 0 [pid 8586] set_robust_list(0x7f67138b29a0, 24 [pid 8583] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(3, [pid 8586] <... set_robust_list resumed>) = 0 [pid 8583] <... futex resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] newfstatat(AT_FDCWD, "./348/binderfs", [pid 5063] umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8586] rt_sigprocmask(SIG_SETMASK, [], [pid 8583] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] unlink("./348/binderfs" [pid 5063] newfstatat(AT_FDCWD, "./353/binderfs", [pid 5066] <... unlink resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] unlink("./353/binderfs" [pid 8586] memfd_create("syzkaller", 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5063] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8586] <... memfd_create resumed>) = 3 [pid 5066] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3 [pid 5063] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./348/file0", [pid 8586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... close resumed>) = 0 [pid 8586] <... mmap resumed>) = 0x7f670b400000 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... openat resumed>) = 4 [pid 5063] newfstatat(AT_FDCWD, "./353/file0", ./strace-static-x86_64: Process 8587 attached [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8587 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(4, "", [pid 5063] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8587] set_robust_list(0x5555569076a0, 24) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] newfstatat(4, "", [pid 8587] chdir("./351" [pid 5066] getdents64(4, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 5066] getdents64(4, [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] getdents64(4, [pid 8587] <... chdir resumed>) = 0 [pid 8587] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] close(4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8587] <... prctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5063] close(4 [pid 5066] rmdir("./348/file0" [pid 5063] <... close resumed>) = 0 [pid 8587] setpgid(0, 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] rmdir("./353/file0" [pid 8587] <... setpgid resumed>) = 0 [pid 8587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8585] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] getdents64(3, [pid 5063] <... rmdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] getdents64(3, [pid 8587] <... openat resumed>) = 3 [pid 5066] close(3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] <... close resumed>) = 0 [pid 5063] close(3 [pid 5066] rmdir("./348" [pid 5063] <... close resumed>) = 0 [pid 8587] write(3, "1000", 4 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] rmdir("./353" [pid 8587] <... write resumed>) = 4 [pid 5066] mkdir("./349", 0777 [pid 5063] <... rmdir resumed>) = 0 [pid 8587] close(3 [pid 8586] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... mkdir resumed>) = 0 [pid 5063] mkdir("./354", 0777 [pid 8587] <... close resumed>) = 0 [pid 8587] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... mkdir resumed>) = 0 [pid 8587] <... symlink resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8587] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... openat resumed>) = 3 [pid 5063] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8587] <... futex resumed>) = 0 [pid 8585] <... write resumed>) = 2097152 [pid 8585] munmap(0x7f670b400000, 138412032 [pid 8587] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8586] <... write resumed>) = 2097152 [pid 8587] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8586] munmap(0x7f670b400000, 138412032 [pid 8587] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8585] <... munmap resumed>) = 0 [pid 8587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8585] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8585] <... openat resumed>) = 4 [pid 8585] ioctl(4, LOOP_SET_FD, 3 [pid 8587] <... mmap resumed>) = 0x7f6713892000 [pid 8586] <... munmap resumed>) = 0 [pid 8587] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8586] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8585] <... ioctl resumed>) = 0 [pid 8587] <... mprotect resumed>) = 0 [pid 8586] <... openat resumed>) = 4 [pid 8585] close(3 [pid 8587] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8586] ioctl(4, LOOP_SET_FD, 3 [pid 8585] <... close resumed>) = 0 [pid 8587] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8588 attached => {parent_tid=[8588]}, 88) = 8588 [pid 8588] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8587] rt_sigprocmask(SIG_SETMASK, [], [pid 8586] <... ioctl resumed>) = 0 [pid 8585] close(4 [pid 8588] <... rseq resumed>) = 0 [pid 8587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8586] close(3 [pid 8587] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8588] set_robust_list(0x7f67138b29a0, 24 [pid 8586] <... close resumed>) = 0 [pid 8585] <... close resumed>) = 0 [pid 8588] <... set_robust_list resumed>) = 0 [pid 8587] <... futex resumed>) = 0 [pid 8586] close(4 [pid 8585] mkdir("./file0", 0777 [pid 5063] <... ioctl resumed>) = 0 [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8589 [ 293.730208][ T8585] loop3: detected capacity change from 0 to 4096 [ 293.738990][ T8586] loop0: detected capacity change from 0 to 4096 ./strace-static-x86_64: Process 8589 attached [pid 8588] rt_sigprocmask(SIG_SETMASK, [], [pid 8587] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8586] <... close resumed>) = 0 [pid 8585] <... mkdir resumed>) = 0 [pid 8588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8586] mkdir("./file0", 0777 [pid 8589] set_robust_list(0x5555569076a0, 24 [pid 8588] memfd_create("syzkaller", 0 [pid 8589] <... set_robust_list resumed>) = 0 [pid 8588] <... memfd_create resumed>) = 3 [pid 8586] <... mkdir resumed>) = 0 [pid 8585] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5066] <... ioctl resumed>) = 0 [pid 8589] chdir("./354" [pid 8588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8589] <... chdir resumed>) = 0 [pid 8589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8589] setpgid(0, 0) = 0 [pid 8586] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] close(3 [pid 8589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8590 [pid 8589] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8590 attached [pid 8590] set_robust_list(0x5555569076a0, 24) = 0 [pid 8590] chdir("./349" [pid 8589] write(3, "1000", 4 [pid 8590] <... chdir resumed>) = 0 [pid 8589] <... write resumed>) = 4 [pid 8590] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8589] close(3 [pid 8590] <... prctl resumed>) = 0 [pid 8590] setpgid(0, 0 [pid 8589] <... close resumed>) = 0 [pid 8590] <... setpgid resumed>) = 0 [pid 8589] symlink("/dev/binderfs", "./binderfs" [pid 8590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8589] <... symlink resumed>) = 0 [pid 8585] <... mount resumed>) = 0 [pid 8585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8589] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8590] write(3, "1000", 4 [pid 8589] <... futex resumed>) = 0 [pid 8588] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8585] <... openat resumed>) = 3 [pid 8589] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8585] chdir("./file0" [pid 8589] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8585] <... chdir resumed>) = 0 [pid 8589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8585] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8590] <... write resumed>) = 4 [pid 8589] <... mmap resumed>) = 0x7f6713892000 [pid 8585] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8590] close(3 [pid 8589] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8585] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8590] <... close resumed>) = 0 [pid 8585] <... futex resumed>) = 1 [pid 8584] <... futex resumed>) = 0 [pid 8590] symlink("/dev/binderfs", "./binderfs" [pid 8589] <... mprotect resumed>) = 0 [pid 8585] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8584] exit_group(0 [pid 8590] <... symlink resumed>) = 0 [pid 8586] <... mount resumed>) = 0 [pid 8590] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8589] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8585] <... futex resumed>) = ? [pid 8584] <... exit_group resumed>) = ? [pid 8590] <... futex resumed>) = 0 [pid 8590] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8589] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8590] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8586] <... openat resumed>) = 3 [pid 8590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8586] chdir("./file0" [pid 8590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8586] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 8591 attached [pid 8590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8586] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8591] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8590] <... mmap resumed>) = 0x7f6713892000 [pid 8589] <... clone3 resumed> => {parent_tid=[8591]}, 88) = 8591 [pid 8586] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8590] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8586] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8591] <... rseq resumed>) = 0 [pid 8589] rt_sigprocmask(SIG_SETMASK, [], [pid 8591] set_robust_list(0x7f67138b29a0, 24 [pid 8590] <... mprotect resumed>) = 0 [pid 8589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8586] <... futex resumed>) = 1 [pid 8585] +++ exited with 0 +++ [pid 8584] +++ exited with 0 +++ [pid 8583] <... futex resumed>) = 0 [pid 8591] <... set_robust_list resumed>) = 0 [pid 8590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8589] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8583] exit_group(0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8584, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8591] rt_sigprocmask(SIG_SETMASK, [], [pid 8590] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8589] <... futex resumed>) = 0 [pid 8583] <... exit_group resumed>) = ? [pid 8591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8589] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8586] +++ exited with 0 +++ ./strace-static-x86_64: Process 8592 attached [pid 8583] +++ exited with 0 +++ [pid 8592] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8590] <... clone3 resumed> => {parent_tid=[8592]}, 88) = 8592 [pid 8592] <... rseq resumed>) = 0 [pid 8591] memfd_create("syzkaller", 0 [pid 8590] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8583, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 8591] <... memfd_create resumed>) = 3 [pid 8590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8592] set_robust_list(0x7f67138b29a0, 24 [pid 8591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8590] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8592] <... set_robust_list resumed>) = 0 [pid 8591] <... mmap resumed>) = 0x7f670b400000 [pid 8588] <... write resumed>) = 2097152 [pid 5065] openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8592] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 8592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8590] <... futex resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 5062] newfstatat(3, "", [pid 8592] memfd_create("syzkaller", 0 [pid 8590] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5062] getdents64(3, [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8588] munmap(0x7f670b400000, 138412032 [pid 5065] umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./349/binderfs", [pid 5062] newfstatat(AT_FDCWD, "./346/binderfs", [pid 8592] <... memfd_create resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] unlink("./349/binderfs" [pid 8592] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8588] <... munmap resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5062] unlink("./346/binderfs" [pid 5065] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 8588] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8588] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./346/file0", [pid 8588] ioctl(4, LOOP_SET_FD, 3 [pid 5065] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./346/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(AT_FDCWD, "./349/file0", [pid 5062] close(3 [pid 8588] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... close resumed>) = 0 [pid 8588] close(3 [pid 5065] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] rmdir("./346" [pid 8591] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... rmdir resumed>) = 0 [pid 8588] <... close resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] mkdir("./347", 0777 [pid 8588] close(4 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8588] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... openat resumed>) = 3 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8588] mkdir("./file0", 0777 [pid 5065] close(4 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8592] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8588] <... mkdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./349/file0") = 0 [pid 8588] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./349" [pid 8591] <... write resumed>) = 2097152 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./350", 0777) = 0 [ 293.979680][ T8588] loop2: detected capacity change from 0 to 4096 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8591] munmap(0x7f670b400000, 138412032 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8592] <... write resumed>) = 2097152 [pid 8591] <... munmap resumed>) = 0 [pid 8588] <... mount resumed>) = 0 [pid 8592] munmap(0x7f670b400000, 138412032 [pid 8588] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8591] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8588] chdir("./file0") = 0 [pid 8592] <... munmap resumed>) = 0 [pid 8591] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... ioctl resumed>) = 0 [pid 8592] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8588] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] close(3 [pid 8592] <... openat resumed>) = 4 [pid 5062] <... close resumed>) = 0 [pid 8592] ioctl(4, LOOP_SET_FD, 3 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8588] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8588] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8587] <... futex resumed>) = 0 [pid 8588] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8587] exit_group(0 [pid 8588] <... futex resumed>) = ? [pid 8587] <... exit_group resumed>) = ? [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8593 [pid 8591] <... ioctl resumed>) = 0 [pid 8591] close(3) = 0 [pid 8591] close(4) = 0 [pid 8591] mkdir("./file0", 0777./strace-static-x86_64: Process 8593 attached ) = 0 [pid 8588] +++ exited with 0 +++ [pid 8593] set_robust_list(0x5555569076a0, 24) = 0 [pid 8593] chdir("./347") = 0 [pid 8591] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8593] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8587] +++ exited with 0 +++ [pid 8593] <... prctl resumed>) = 0 [pid 8593] setpgid(0, 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8587, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5064] umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 8593] <... setpgid resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8593] <... openat resumed>) = 3 [pid 5064] umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8593] write(3, "1000", 4 [pid 8592] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8593] <... write resumed>) = 4 [pid 8592] close(3 [pid 5064] newfstatat(AT_FDCWD, "./351/binderfs", [pid 8593] close(3 [pid 8592] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8593] <... close resumed>) = 0 [pid 8592] close(4 [pid 5064] unlink("./351/binderfs" [pid 8593] symlink("/dev/binderfs", "./binderfs" [pid 8592] <... close resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8592] mkdir("./file0", 0777 [pid 5064] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8593] <... symlink resumed>) = 0 [ 294.092850][ T8591] loop1: detected capacity change from 0 to 4096 [ 294.103150][ T8592] loop4: detected capacity change from 0 to 4096 [pid 8593] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = 0 [pid 8592] <... mkdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 8593] <... futex resumed>) = 0 [pid 8592] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8591] <... mount resumed>) = 0 [pid 5065] close(3 [pid 5064] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8593] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8591] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8593] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8591] <... openat resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] newfstatat(AT_FDCWD, "./351/file0", [pid 8593] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8593] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8594 attached [pid 8593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8594] set_robust_list(0x5555569076a0, 24 [pid 8593] <... mmap resumed>) = 0x7f6713892000 [pid 8591] chdir("./file0" [pid 8594] <... set_robust_list resumed>) = 0 [pid 8593] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8591] <... chdir resumed>) = 0 [pid 5064] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8594] chdir("./350" [pid 8593] <... mprotect resumed>) = 0 [pid 8591] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8594 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8594] <... chdir resumed>) = 0 [pid 8593] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8591] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8594] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8593] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8591] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... openat resumed>) = 4 [pid 8594] <... prctl resumed>) = 0 [pid 8593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8591] <... futex resumed>) = 1 [pid 8589] <... futex resumed>) = 0 [pid 5064] newfstatat(4, "", ./strace-static-x86_64: Process 8595 attached [pid 8594] setpgid(0, 0 [pid 8591] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8589] exit_group(0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8595] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8589] <... exit_group resumed>) = ? [pid 8595] <... rseq resumed>) = 0 [pid 8594] <... setpgid resumed>) = 0 [pid 8593] <... clone3 resumed> => {parent_tid=[8595]}, 88) = 8595 [pid 8591] <... futex resumed>) = ? [pid 5064] getdents64(4, [pid 8595] set_robust_list(0x7f67138b29a0, 24 [pid 8594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8593] rt_sigprocmask(SIG_SETMASK, [], [pid 8591] +++ exited with 0 +++ [pid 8589] +++ exited with 0 +++ [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8595] <... set_robust_list resumed>) = 0 [pid 8593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] getdents64(4, [pid 8595] rt_sigprocmask(SIG_SETMASK, [], [pid 8594] <... openat resumed>) = 3 [pid 8593] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8589, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8594] write(3, "1000", 4 [pid 8593] <... futex resumed>) = 0 [pid 5064] close(4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8595] memfd_create("syzkaller", 0 [pid 8594] <... write resumed>) = 4 [pid 8593] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... close resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", [pid 8594] close(3 [pid 5064] rmdir("./351/file0" [pid 8594] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8595] <... memfd_create resumed>) = 3 [pid 8594] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 8595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8594] <... symlink resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8595] <... mmap resumed>) = 0x7f670b400000 [pid 5064] getdents64(3, [pid 5063] umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./354/binderfs", [pid 8594] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8594] <... futex resumed>) = 0 [pid 5064] close(3 [pid 5063] unlink("./354/binderfs" [pid 8594] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... close resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5063] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] rmdir("./351" [pid 8594] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] mkdir("./352", 0777 [pid 8594] <... mmap resumed>) = 0x7f6713892000 [pid 8592] <... mount resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 8594] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8592] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8594] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8592] chdir("./file0" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8594] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8592] <... chdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8592] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8592] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8594] <... clone3 resumed> => {parent_tid=[8596]}, 88) = 8596 [pid 8592] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8594] rt_sigprocmask(SIG_SETMASK, [], [pid 8592] <... futex resumed>) = 1 [pid 8590] <... futex resumed>) = 0 [pid 8594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8592] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8590] exit_group(0 [pid 8594] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8592] <... futex resumed>) = ? [pid 8590] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 8596 attached [pid 8594] <... futex resumed>) = 0 [pid 8592] +++ exited with 0 +++ [pid 8590] +++ exited with 0 +++ [pid 8596] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8594] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8590, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8596] <... rseq resumed>) = 0 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 8596] set_robust_list(0x7f67138b29a0, 24 [pid 5066] <... restart_syscall resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(AT_FDCWD, "./354/file0", [pid 5066] newfstatat(3, "", [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8596] <... set_robust_list resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8596] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] getdents64(3, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8596] memfd_create("syzkaller", 0 [pid 5066] umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(4, "", [pid 5066] newfstatat(AT_FDCWD, "./349/binderfs", [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] getdents64(4, [pid 5066] unlink("./349/binderfs" [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... unlink resumed>) = 0 [pid 5063] getdents64(4, [pid 5066] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 8596] <... memfd_create resumed>) = 3 [pid 8596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8595] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] rmdir("./354/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./354" [pid 5066] <... umount2 resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] mkdir("./355", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./349/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5066] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... ioctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] <... openat resumed>) = 3 [pid 5066] newfstatat(4, "", [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5064] close(3 [pid 5066] rmdir("./349/file0") = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./349") = 0 [pid 5066] mkdir("./350", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 8597 attached [pid 8596] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8597 [pid 8597] set_robust_list(0x5555569076a0, 24 [pid 8595] <... write resumed>) = 2097152 [pid 8597] <... set_robust_list resumed>) = 0 [pid 8597] chdir("./352" [pid 8595] munmap(0x7f670b400000, 138412032 [pid 8597] <... chdir resumed>) = 0 [pid 8595] <... munmap resumed>) = 0 [pid 8596] <... write resumed>) = 2097152 [pid 8597] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8595] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... ioctl resumed>) = 0 [pid 8597] <... prctl resumed>) = 0 [pid 8596] munmap(0x7f670b400000, 138412032 [pid 5063] close(3 [pid 8597] setpgid(0, 0) = 0 [pid 5063] <... close resumed>) = 0 [pid 8595] <... openat resumed>) = 4 [pid 8595] ioctl(4, LOOP_SET_FD, 3 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 8598 attached ) = 3 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8598 [pid 8598] set_robust_list(0x5555569076a0, 24 [pid 8597] write(3, "1000", 4 [pid 8598] <... set_robust_list resumed>) = 0 [pid 8597] <... write resumed>) = 4 [pid 8598] chdir("./355" [pid 8597] close(3 [pid 8596] <... munmap resumed>) = 0 [pid 8597] <... close resumed>) = 0 [pid 8597] symlink("/dev/binderfs", "./binderfs" [pid 8598] <... chdir resumed>) = 0 [pid 8597] <... symlink resumed>) = 0 [pid 8596] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8595] <... ioctl resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 8597] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8596] <... openat resumed>) = 4 [pid 8597] <... futex resumed>) = 0 [pid 8598] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8595] close(3 [pid 8597] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8598] <... prctl resumed>) = 0 [pid 8595] <... close resumed>) = 0 [pid 5066] close(3) = 0 [pid 8598] setpgid(0, 0 [pid 8597] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8596] ioctl(4, LOOP_SET_FD, 3 [pid 8595] close(4 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8595] <... close resumed>) = 0 ./strace-static-x86_64: Process 8599 attached [pid 8598] <... setpgid resumed>) = 0 [pid 8597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8595] mkdir("./file0", 0777 [pid 8599] set_robust_list(0x5555569076a0, 24 [pid 8598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8595] <... mkdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8599 [pid 8599] <... set_robust_list resumed>) = 0 [pid 8598] <... openat resumed>) = 3 [pid 8597] <... mmap resumed>) = 0x7f6713892000 [pid 8599] chdir("./350" [pid 8597] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8599] <... chdir resumed>) = 0 [pid 8598] write(3, "1000", 4 [pid 8597] <... mprotect resumed>) = 0 [pid 8595] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8599] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8598] <... write resumed>) = 4 [pid 8597] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8599] <... prctl resumed>) = 0 [pid 8598] close(3 [pid 8599] setpgid(0, 0 [pid 8598] <... close resumed>) = 0 [pid 8597] <... rt_sigprocmask resumed>[], 8) = 0 [ 294.395599][ T8595] loop0: detected capacity change from 0 to 4096 [pid 8599] <... setpgid resumed>) = 0 [pid 8598] symlink("/dev/binderfs", "./binderfs" [pid 8597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8597] <... clone3 resumed> => {parent_tid=[8600]}, 88) = 8600 ./strace-static-x86_64: Process 8600 attached [pid 8599] write(3, "1000", 4 [pid 8597] rt_sigprocmask(SIG_SETMASK, [], [pid 8600] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8600] <... rseq resumed>) = 0 [pid 8599] <... write resumed>) = 4 [pid 8597] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8600] set_robust_list(0x7f67138b29a0, 24 [pid 8599] close(3 [pid 8598] <... symlink resumed>) = 0 [pid 8597] <... futex resumed>) = 0 [pid 8600] <... set_robust_list resumed>) = 0 [pid 8599] <... close resumed>) = 0 [pid 8598] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8597] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8600] rt_sigprocmask(SIG_SETMASK, [], [pid 8599] symlink("/dev/binderfs", "./binderfs" [pid 8598] <... futex resumed>) = 0 [pid 8600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8599] <... symlink resumed>) = 0 [pid 8598] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8596] <... ioctl resumed>) = 0 [pid 8600] memfd_create("syzkaller", 0 [pid 8599] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8598] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8596] close(3 [pid 8600] <... memfd_create resumed>) = 3 [pid 8599] <... futex resumed>) = 0 [pid 8598] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8596] <... close resumed>) = 0 [pid 8600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8599] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8596] close(4 [pid 8599] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8600] <... mmap resumed>) = 0x7f670b400000 [pid 8598] <... mmap resumed>) = 0x7f6713892000 [pid 8596] <... close resumed>) = 0 [pid 8598] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8596] mkdir("./file0", 0777 [pid 8599] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8598] <... mprotect resumed>) = 0 [pid 8599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8598] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8596] <... mkdir resumed>) = 0 [pid 8599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8598] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8599] <... mmap resumed>) = 0x7f6713892000 [pid 8598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8599] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 8601 attached ) = 0 [pid 8596] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8601] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8599] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8598] <... clone3 resumed> => {parent_tid=[8601]}, 88) = 8601 [pid 8601] <... rseq resumed>) = 0 [pid 8599] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8598] rt_sigprocmask(SIG_SETMASK, [], [pid 8601] set_robust_list(0x7f67138b29a0, 24 [pid 8599] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8601] <... set_robust_list resumed>) = 0 [pid 8598] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8602 attached [pid 8601] rt_sigprocmask(SIG_SETMASK, [], [pid 8598] <... futex resumed>) = 0 [pid 8602] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8599] <... clone3 resumed> => {parent_tid=[8602]}, 88) = 8602 [pid 8598] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8602] <... rseq resumed>) = 0 [pid 8601] memfd_create("syzkaller", 0 [pid 8599] rt_sigprocmask(SIG_SETMASK, [], [pid 8602] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8602] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8599] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8602] <... futex resumed>) = 0 [ 294.445967][ T8596] loop3: detected capacity change from 0 to 4096 [pid 8599] <... futex resumed>) = 1 [pid 8602] memfd_create("syzkaller", 0 [pid 8601] <... memfd_create resumed>) = 3 [pid 8599] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8602] <... memfd_create resumed>) = 3 [pid 8602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8595] <... mount resumed>) = 0 [pid 8595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8595] chdir("./file0") = 0 [pid 8595] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8596] <... mount resumed>) = 0 [pid 8595] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8595] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8595] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8593] <... futex resumed>) = 0 [pid 8593] exit_group(0 [pid 8595] <... futex resumed>) = ? [pid 8593] <... exit_group resumed>) = ? [pid 8596] chdir("./file0") = 0 [pid 8596] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8596] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8595] +++ exited with 0 +++ [pid 8593] +++ exited with 0 +++ [pid 8596] <... futex resumed>) = 1 [pid 8594] <... futex resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8593, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 8596] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8594] exit_group(0 [pid 5062] umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8596] <... futex resumed>) = ? [pid 8594] <... exit_group resumed>) = ? [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8596] +++ exited with 0 +++ [pid 8594] +++ exited with 0 +++ [pid 5062] openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8594, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8600] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] newfstatat(AT_FDCWD, "./347/binderfs", [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./347/binderfs" [pid 5065] umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... unlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./350/binderfs") = 0 [pid 5065] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8601] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8600] <... write resumed>) = 2097152 [pid 5062] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5062] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8600] munmap(0x7f670b400000, 138412032 [pid 5065] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./347/file0", [pid 5065] newfstatat(AT_FDCWD, "./350/file0", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8602] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... openat resumed>) = 4 [pid 5062] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5062] newfstatat(4, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5062] getdents64(4, [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8600] <... munmap resumed>) = 0 [pid 5065] getdents64(4, [pid 5062] getdents64(4, [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8600] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8600] <... openat resumed>) = 4 [pid 5065] close(4) = 0 [pid 5062] close(4 [pid 5065] rmdir("./350/file0" [pid 5062] <... close resumed>) = 0 [pid 8600] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] rmdir("./347/file0") = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5062] getdents64(3, [pid 5065] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] rmdir("./350" [pid 5062] close(3 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./347" [pid 8600] <... ioctl resumed>) = 0 [pid 8600] close(3) = 0 [pid 8600] close(4 [pid 5065] mkdir("./351", 0777) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./348", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8600] <... close resumed>) = 0 [pid 8602] <... write resumed>) = 2097152 [pid 8600] mkdir("./file0", 0777) = 0 [pid 8600] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8602] munmap(0x7f670b400000, 138412032 [pid 8601] <... write resumed>) = 2097152 [pid 8602] <... munmap resumed>) = 0 [ 294.628879][ T8600] loop2: detected capacity change from 0 to 4096 [pid 8601] munmap(0x7f670b400000, 138412032) = 0 [pid 8602] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8600] <... mount resumed>) = 0 [pid 8602] close(3) = 0 [pid 8601] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8602] close(4 [pid 8601] ioctl(4, LOOP_SET_FD, 3 [pid 8600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8602] <... close resumed>) = 0 [pid 8601] <... ioctl resumed>) = 0 [pid 8602] mkdir("./file0", 0777 [pid 8600] <... openat resumed>) = 3 [pid 8602] <... mkdir resumed>) = 0 [pid 8601] close(3 [pid 8600] chdir("./file0" [pid 8602] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8600] <... chdir resumed>) = 0 [pid 8600] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8600] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... ioctl resumed>) = 0 [pid 8601] <... close resumed>) = 0 [pid 8600] <... futex resumed>) = 1 [pid 8597] <... futex resumed>) = 0 [pid 8601] close(4 [pid 8600] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8597] exit_group(0 [pid 8601] <... close resumed>) = 0 [pid 8600] <... futex resumed>) = ? [pid 8597] <... exit_group resumed>) = ? [pid 8600] +++ exited with 0 +++ [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8603 attached [pid 8601] mkdir("./file0", 0777 [pid 8597] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8597, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 8603] set_robust_list(0x5555569076a0, 24 [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 8603] <... set_robust_list resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... restart_syscall resumed>) = 0 [pid 8603] chdir("./348" [pid 5065] close(3 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8603 [pid 8603] <... chdir resumed>) = 0 [pid 8601] <... mkdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 8603] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8601] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8604 attached [pid 8603] <... prctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8603] setpgid(0, 0 [pid 5064] openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8604] set_robust_list(0x5555569076a0, 24 [pid 8603] <... setpgid resumed>) = 0 [ 294.699094][ T8602] loop4: detected capacity change from 0 to 4096 [ 294.728991][ T8601] loop1: detected capacity change from 0 to 4096 [pid 5064] <... openat resumed>) = 3 [pid 8604] <... set_robust_list resumed>) = 0 [pid 8603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8604 [pid 5064] newfstatat(3, "", [pid 8604] chdir("./351" [pid 8603] <... openat resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8603] write(3, "1000", 4) = 4 [pid 5064] getdents64(3, [pid 8603] close(3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8603] <... close resumed>) = 0 [pid 5064] umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8604] <... chdir resumed>) = 0 [pid 8603] symlink("/dev/binderfs", "./binderfs" [pid 8602] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8604] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] newfstatat(AT_FDCWD, "./352/binderfs", [pid 8604] <... prctl resumed>) = 0 [pid 8603] <... symlink resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8604] setpgid(0, 0 [pid 8603] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] unlink("./352/binderfs" [pid 8604] <... setpgid resumed>) = 0 [pid 8604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8604] write(3, "1000", 4) = 4 [pid 8604] close(3) = 0 [pid 8604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8602] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = 0 [pid 8602] chdir("./file0" [pid 8603] <... futex resumed>) = 0 [pid 8604] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8603] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8602] <... chdir resumed>) = 0 [pid 8604] <... futex resumed>) = 0 [pid 8603] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8602] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8604] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8602] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8604] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8602] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8602] <... futex resumed>) = 1 [pid 8599] <... futex resumed>) = 0 [pid 8604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8603] <... mmap resumed>) = 0x7f6713892000 [pid 8602] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8599] exit_group(0 [pid 8604] <... mmap resumed>) = 0x7f6713892000 [pid 8603] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8599] <... exit_group resumed>) = ? [pid 5064] newfstatat(AT_FDCWD, "./352/file0", [pid 8604] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8603] <... mprotect resumed>) = 0 [pid 8602] <... futex resumed>) = ? [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8604] <... mprotect resumed>) = 0 [pid 8603] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8604] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8602] +++ exited with 0 +++ [pid 8599] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8604] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8603] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8604] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8599, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- ./strace-static-x86_64: Process 8605 attached [pid 8603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5064] <... openat resumed>) = 4 [pid 8605] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8604] <... clone3 resumed> => {parent_tid=[8605]}, 88) = 8605 [pid 8601] <... mount resumed>) = 0 [pid 5066] <... restart_syscall resumed>) = 0 [pid 5064] newfstatat(4, "", ./strace-static-x86_64: Process 8606 attached [pid 8605] <... rseq resumed>) = 0 [pid 8604] rt_sigprocmask(SIG_SETMASK, [], [pid 8601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8606] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8605] set_robust_list(0x7f67138b29a0, 24 [pid 8604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8603] <... clone3 resumed> => {parent_tid=[8606]}, 88) = 8606 [pid 8601] <... openat resumed>) = 3 [pid 5064] getdents64(4, [pid 8606] <... rseq resumed>) = 0 [pid 8605] <... set_robust_list resumed>) = 0 [pid 8604] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8603] rt_sigprocmask(SIG_SETMASK, [], [pid 8601] chdir("./file0" [pid 5066] umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8606] set_robust_list(0x7f67138b29a0, 24 [pid 8605] rt_sigprocmask(SIG_SETMASK, [], [pid 8604] <... futex resumed>) = 0 [pid 8603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8601] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 8606] <... set_robust_list resumed>) = 0 [pid 8605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8604] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8603] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8601] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8606] rt_sigprocmask(SIG_SETMASK, [], [pid 8605] memfd_create("syzkaller", 0 [pid 8603] <... futex resumed>) = 0 [pid 8601] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... openat resumed>) = 3 [pid 5064] close(4 [pid 8606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8603] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8601] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... close resumed>) = 0 [pid 8606] memfd_create("syzkaller", 0 [pid 8601] <... futex resumed>) = 1 [pid 8598] <... futex resumed>) = 0 [pid 5066] getdents64(3, [pid 5064] rmdir("./352/file0" [pid 8605] <... memfd_create resumed>) = 3 [pid 8598] exit_group(0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... rmdir resumed>) = 0 [pid 8605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8598] <... exit_group resumed>) = ? [pid 5066] umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8605] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(3, [pid 5066] newfstatat(AT_FDCWD, "./350/binderfs", [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./350/binderfs" [pid 5064] close(3 [pid 8606] <... memfd_create resumed>) = 3 [pid 8601] +++ exited with 0 +++ [pid 8598] +++ exited with 0 +++ [pid 5066] <... unlink resumed>) = 0 [pid 8606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... close resumed>) = 0 [pid 8606] <... mmap resumed>) = 0x7f670b400000 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8598, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5064] rmdir("./352" [pid 5063] umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... rmdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] mkdir("./353", 0777 [pid 5063] <... openat resumed>) = 3 [pid 5064] <... mkdir resumed>) = 0 [pid 5063] newfstatat(3, "", [pid 5066] <... umount2 resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./355/binderfs", [pid 5066] newfstatat(AT_FDCWD, "./350/file0", [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./355/binderfs" [pid 5066] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... unlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8606] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 8605] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5063] <... umount2 resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./350/file0" [pid 5063] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... rmdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./355/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] getdents64(3, [pid 5063] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./350" [pid 5063] openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 5066] mkdir("./351", 0777 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8606] <... write resumed>) = 2097152 [pid 5066] <... mkdir resumed>) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./355/file0" [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... rmdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8606] munmap(0x7f670b400000, 138412032 [pid 8605] <... write resumed>) = 2097152 [pid 5063] getdents64(3, [pid 8606] <... munmap resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 8606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8605] munmap(0x7f670b400000, 138412032 [pid 5064] close(3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] close(3 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8606] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... close resumed>) = 0 ./strace-static-x86_64: Process 8607 attached [pid 5063] rmdir("./355" [pid 8607] set_robust_list(0x5555569076a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8607 [pid 5063] <... rmdir resumed>) = 0 [pid 8607] <... set_robust_list resumed>) = 0 [pid 8607] chdir("./353" [pid 5066] <... ioctl resumed>) = 0 [pid 5063] mkdir("./356", 0777 [pid 8605] <... munmap resumed>) = 0 [pid 8605] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8605] ioctl(4, LOOP_SET_FD, 3 [pid 8607] <... chdir resumed>) = 0 [pid 8605] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 5063] <... mkdir resumed>) = 0 [pid 8607] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8607] <... prctl resumed>) = 0 [pid 8606] <... ioctl resumed>) = 0 [pid 8607] setpgid(0, 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8608 attached [pid 8607] <... setpgid resumed>) = 0 [pid 8606] close(3 [pid 8605] close(3 [pid 8606] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8606] close(4 [pid 8605] <... close resumed>) = 0 [pid 8608] set_robust_list(0x5555569076a0, 24 [pid 8607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8606] <... close resumed>) = 0 [pid 8605] close(4 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8608 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8608] <... set_robust_list resumed>) = 0 [pid 8607] <... openat resumed>) = 3 [pid 8606] mkdir("./file0", 0777 [pid 8605] <... close resumed>) = 0 [pid 8608] chdir("./351") = 0 [pid 8607] write(3, "1000", 4 [pid 8606] <... mkdir resumed>) = 0 [pid 8605] mkdir("./file0", 0777 [pid 8608] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8607] <... write resumed>) = 4 [pid 8606] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8605] <... mkdir resumed>) = 0 [pid 8608] <... prctl resumed>) = 0 [pid 8607] close(3) = 0 [pid 8608] setpgid(0, 0 [pid 8607] symlink("/dev/binderfs", "./binderfs" [pid 8608] <... setpgid resumed>) = 0 [pid 8607] <... symlink resumed>) = 0 [pid 8608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8607] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8608] write(3, "1000", 4 [pid 8607] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8608] <... write resumed>) = 4 [pid 8607] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8608] close(3 [pid 8607] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8605] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8608] <... close resumed>) = 0 [ 294.972640][ T8606] loop0: detected capacity change from 0 to 4096 [ 294.988955][ T8605] loop3: detected capacity change from 0 to 4096 [pid 8607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8608] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8607] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8608] <... futex resumed>) = 0 [pid 8607] <... mprotect resumed>) = 0 [pid 8608] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8607] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8608] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8607] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 ./strace-static-x86_64: Process 8609 attached [pid 8609] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8608] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8609] <... rseq resumed>) = 0 [pid 8608] <... mprotect resumed>) = 0 [pid 8607] <... clone3 resumed> => {parent_tid=[8609]}, 88) = 8609 [pid 8609] set_robust_list(0x7f67138b29a0, 24 [pid 8608] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8607] rt_sigprocmask(SIG_SETMASK, [], [pid 8609] <... set_robust_list resumed>) = 0 [pid 8609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8609] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8608] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8607] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8610 attached [pid 8607] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8610] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8609] <... futex resumed>) = 0 [pid 8607] <... futex resumed>) = 1 [pid 8610] <... rseq resumed>) = 0 [pid 8608] <... clone3 resumed> => {parent_tid=[8610]}, 88) = 8610 [pid 8607] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8610] set_robust_list(0x7f67138b29a0, 24 [pid 8609] memfd_create("syzkaller", 0 [pid 8608] rt_sigprocmask(SIG_SETMASK, [], [pid 8610] <... set_robust_list resumed>) = 0 [pid 8608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8608] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8609] <... memfd_create resumed>) = 3 [pid 8606] <... mount resumed>) = 0 [pid 8609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8608] <... futex resumed>) = 0 [pid 8608] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8610] memfd_create("syzkaller", 0 [pid 8606] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8610] <... memfd_create resumed>) = 3 [pid 8610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8606] <... openat resumed>) = 3 [pid 8606] chdir("./file0" [pid 5063] <... ioctl resumed>) = 0 [pid 8606] <... chdir resumed>) = 0 [pid 8606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8606] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8605] <... mount resumed>) = 0 [pid 8606] <... futex resumed>) = 1 [pid 8605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8603] <... futex resumed>) = 0 [pid 8606] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8603] exit_group(0 [pid 8605] <... openat resumed>) = 3 [pid 8606] <... futex resumed>) = ? [pid 8605] chdir("./file0" [pid 8603] <... exit_group resumed>) = ? [pid 8606] +++ exited with 0 +++ [pid 8603] +++ exited with 0 +++ [pid 8605] <... chdir resumed>) = 0 [pid 8605] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5063] close(3 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8603, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8605] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... close resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 8605] <... futex resumed>) = 1 [pid 8604] <... futex resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, [pid 8605] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8604] exit_group(0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8604] <... exit_group resumed>) = ? [pid 5062] newfstatat(AT_FDCWD, "./348/binderfs", [pid 8605] <... futex resumed>) = ? [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8611 attached [pid 5062] unlink("./348/binderfs" [pid 8611] set_robust_list(0x5555569076a0, 24) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8611] chdir("./356" [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8611 [pid 8611] <... chdir resumed>) = 0 [pid 8611] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8611] <... prctl resumed>) = 0 [pid 8611] setpgid(0, 0) = 0 [pid 8605] +++ exited with 0 +++ [pid 8604] +++ exited with 0 +++ [pid 5062] <... umount2 resumed>) = 0 [pid 8611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8604, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5062] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8610] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8611] write(3, "1000", 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8611] <... write resumed>) = 4 [pid 5065] openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] newfstatat(AT_FDCWD, "./348/file0", [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8611] close(3 [pid 5065] getdents64(3, [pid 5062] umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8611] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8611] symlink("/dev/binderfs", "./binderfs" [pid 5065] umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./351/binderfs", [pid 5062] newfstatat(4, "", [pid 8611] <... symlink resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] getdents64(4, [pid 5065] unlink("./351/binderfs" [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8609] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8611] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... unlink resumed>) = 0 [pid 5062] getdents64(4, [pid 8611] <... futex resumed>) = 0 [pid 5065] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8611] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] <... umount2 resumed>) = 0 [pid 5062] close(4 [pid 8611] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./348/file0" [pid 8611] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... rmdir resumed>) = 0 [pid 8611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] getdents64(3, [pid 8611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8611] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] close(3 [pid 8611] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] newfstatat(AT_FDCWD, "./351/file0", [pid 5062] <... close resumed>) = 0 [pid 8611] <... mprotect resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8611] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] rmdir("./348" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... rmdir resumed>) = 0 [pid 8611] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8609] <... write resumed>) = 2097152 [pid 5065] openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] mkdir("./349", 0777 [pid 8611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... openat resumed>) = 4 [pid 5062] <... mkdir resumed>) = 0 [pid 8609] munmap(0x7f670b400000, 138412032 [pid 5065] newfstatat(4, "", [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 8612 attached [pid 8611] <... clone3 resumed> => {parent_tid=[8612]}, 88) = 8612 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8612] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8611] rt_sigprocmask(SIG_SETMASK, [], [pid 8609] <... munmap resumed>) = 0 [pid 8609] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8609] ioctl(4, LOOP_SET_FD, 3 [pid 8612] <... rseq resumed>) = 0 [pid 8611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8610] <... write resumed>) = 2097152 [pid 5065] getdents64(4, [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8612] set_robust_list(0x7f67138b29a0, 24 [pid 8611] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8612] <... set_robust_list resumed>) = 0 [pid 8611] <... futex resumed>) = 0 [pid 8612] rt_sigprocmask(SIG_SETMASK, [], [pid 8611] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] getdents64(4, [pid 8612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8612] memfd_create("syzkaller", 0 [pid 5065] close(4 [pid 8610] munmap(0x7f670b400000, 138412032 [pid 8609] <... ioctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./351/file0") = 0 [pid 5065] getdents64(3, [pid 8612] <... memfd_create resumed>) = 3 [pid 8610] <... munmap resumed>) = 0 [pid 8609] close(3 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8610] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8609] <... close resumed>) = 0 [pid 8612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8609] close(4 [pid 5065] close(3 [pid 8612] <... mmap resumed>) = 0x7f670b400000 [pid 8610] <... openat resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./351" [pid 8610] ioctl(4, LOOP_SET_FD, 3 [pid 8609] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./352", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 8610] <... ioctl resumed>) = 0 [pid 8609] mkdir("./file0", 0777 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8609] <... mkdir resumed>) = 0 [ 295.222747][ T8609] loop2: detected capacity change from 0 to 4096 [ 295.249862][ T8610] loop4: detected capacity change from 0 to 4096 [pid 8609] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] <... ioctl resumed>) = 0 [pid 8610] close(3) = 0 [pid 8610] close(4 [pid 8612] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8610] <... close resumed>) = 0 [pid 8610] mkdir("./file0", 0777) = 0 [pid 8610] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8609] <... mount resumed>) = 0 [pid 5062] close(3 [pid 8609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] <... close resumed>) = 0 [pid 8609] chdir("./file0" [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8609] <... chdir resumed>) = 0 [pid 8609] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8613 [pid 8609] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8613 attached ) = 1 [pid 8607] <... futex resumed>) = 0 [pid 8613] set_robust_list(0x5555569076a0, 24 [pid 8607] exit_group(0) = ? [pid 8613] <... set_robust_list resumed>) = 0 [pid 8613] chdir("./349") = 0 [pid 8613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8613] setpgid(0, 0) = 0 [pid 8613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8613] write(3, "1000", 4 [pid 5065] <... ioctl resumed>) = 0 [pid 8613] <... write resumed>) = 4 [pid 8613] close(3) = 0 [pid 8613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8613] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8613] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8613] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8609] +++ exited with 0 +++ [pid 8607] +++ exited with 0 +++ [pid 8613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8607, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8613] <... mmap resumed>) = 0x7f6713892000 [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 8613] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... restart_syscall resumed>) = 0 [pid 8613] <... mprotect resumed>) = 0 [pid 8613] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8610] <... mount resumed>) = 0 [pid 5065] close(3 [pid 8610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8613] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8610] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 8613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... openat resumed>) = 3 [pid 8610] chdir("./file0" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 8613] <... clone3 resumed> => {parent_tid=[8614]}, 88) = 8614 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8613] rt_sigprocmask(SIG_SETMASK, [], [pid 8610] <... chdir resumed>) = 0 [pid 5064] umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8615 attached [pid 8613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8610] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8615 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8614 attached [pid 8615] set_robust_list(0x5555569076a0, 24 [pid 8613] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8610] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] newfstatat(AT_FDCWD, "./353/binderfs", [pid 8615] <... set_robust_list resumed>) = 0 [pid 8614] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8613] <... futex resumed>) = 0 [pid 8610] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8615] chdir("./352" [pid 8614] <... rseq resumed>) = 0 [pid 8613] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8610] <... futex resumed>) = 1 [pid 5064] unlink("./353/binderfs" [pid 8615] <... chdir resumed>) = 0 [pid 8614] set_robust_list(0x7f67138b29a0, 24 [pid 8610] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8615] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8614] <... set_robust_list resumed>) = 0 [pid 8615] <... prctl resumed>) = 0 [pid 8614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8615] setpgid(0, 0) = 0 [pid 8608] <... futex resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8608] exit_group(0 [pid 5064] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8610] <... futex resumed>) = ? [pid 8608] <... exit_group resumed>) = ? [pid 5064] <... umount2 resumed>) = 0 [pid 8615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8614] memfd_create("syzkaller", 0 [pid 8610] +++ exited with 0 +++ [pid 8608] +++ exited with 0 +++ [pid 5064] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8608, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8614] <... memfd_create resumed>) = 3 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5064] newfstatat(AT_FDCWD, "./353/file0", [pid 8615] <... openat resumed>) = 3 [pid 8614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... restart_syscall resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8615] write(3, "1000", 4 [pid 8614] <... mmap resumed>) = 0x7f670b400000 [pid 5064] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8612] <... write resumed>) = 2097152 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", [pid 5064] openat(AT_FDCWD, "./353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8615] <... write resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8615] close(3 [pid 5066] getdents64(3, [pid 5064] <... openat resumed>) = 4 [pid 8615] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] newfstatat(4, "", [pid 8615] symlink("/dev/binderfs", "./binderfs" [pid 5066] umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8615] <... symlink resumed>) = 0 [pid 8615] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(AT_FDCWD, "./351/binderfs", [pid 5064] getdents64(4, [pid 8615] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8615] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] unlink("./351/binderfs" [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8615] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8612] munmap(0x7f670b400000, 138412032 [pid 5066] <... unlink resumed>) = 0 [pid 5064] getdents64(4, [pid 8615] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8612] <... munmap resumed>) = 0 [pid 5066] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] close(4 [pid 8615] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8614] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8612] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8615] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./353/file0" [pid 8612] <... openat resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8612] ioctl(4, LOOP_SET_FD, 3 [pid 5066] newfstatat(AT_FDCWD, "./351/file0", [pid 8615] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8612] <... ioctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] getdents64(3, [pid 5066] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8616 attached [pid 8615] <... clone3 resumed> => {parent_tid=[8616]}, 88) = 8616 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 8616] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8615] rt_sigprocmask(SIG_SETMASK, [], [pid 8616] <... rseq resumed>) = 0 [pid 8615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 8616] set_robust_list(0x7f67138b29a0, 24 [pid 8615] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8616] <... set_robust_list resumed>) = 0 [pid 8615] <... futex resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5064] rmdir("./353" [pid 8616] rt_sigprocmask(SIG_SETMASK, [], [pid 8615] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] newfstatat(4, "", [pid 8616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./351/file0" [pid 8616] memfd_create("syzkaller", 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./354", 0777 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./351" [pid 8616] <... memfd_create resumed>) = 3 [pid 8616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8616] <... mmap resumed>) = 0x7f670b400000 [pid 8614] <... write resumed>) = 2097152 [pid 8612] close(3 [pid 5066] mkdir("./352", 0777 [pid 5064] <... mkdir resumed>) = 0 [pid 8614] munmap(0x7f670b400000, 138412032 [pid 8612] <... close resumed>) = 0 [pid 8614] <... munmap resumed>) = 0 [pid 8612] close(4 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8612] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... openat resumed>) = 3 [pid 8612] mkdir("./file0", 0777 [pid 5066] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8612] <... mkdir resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8612] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 295.458649][ T8612] loop1: detected capacity change from 0 to 4096 [pid 8614] ioctl(4, LOOP_SET_FD, 3 [pid 8616] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8614] <... ioctl resumed>) = 0 [pid 8614] close(3) = 0 [pid 8614] close(4) = 0 [pid 8614] mkdir("./file0", 0777) = 0 [ 295.511480][ T8614] loop0: detected capacity change from 0 to 4096 [pid 8614] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8616] <... write resumed>) = 2097152 [pid 5064] <... ioctl resumed>) = 0 [pid 8616] munmap(0x7f670b400000, 138412032) = 0 [pid 5064] close(3 [pid 8612] <... mount resumed>) = 0 [pid 8616] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8617 attached [pid 8616] <... openat resumed>) = 4 [pid 8612] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8617 [pid 5066] close(3 [pid 8617] set_robust_list(0x5555569076a0, 24 [pid 8614] <... mount resumed>) = 0 [pid 8617] <... set_robust_list resumed>) = 0 [pid 8617] chdir("./354") = 0 [pid 8617] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 8617] <... prctl resumed>) = 0 [pid 8614] <... openat resumed>) = 3 [pid 8612] <... openat resumed>) = 3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8612] chdir("./file0" [pid 8617] setpgid(0, 0 [pid 8614] chdir("./file0" [pid 8617] <... setpgid resumed>) = 0 [pid 8614] <... chdir resumed>) = 0 [pid 8617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8614] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8612] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 8618 attached [pid 8617] <... openat resumed>) = 3 [pid 8616] ioctl(4, LOOP_SET_FD, 3 [pid 8614] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8612] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8618 [pid 8617] write(3, "1000", 4 [pid 8614] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8617] <... write resumed>) = 4 [pid 8612] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8617] close(3) = 0 [pid 8617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8614] <... futex resumed>) = 1 [pid 8614] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8617] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8617] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8613] <... futex resumed>) = 0 [pid 8612] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8618] set_robust_list(0x5555569076a0, 24 [pid 8617] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8613] exit_group(0 [pid 8612] <... futex resumed>) = 1 [pid 8611] <... futex resumed>) = 0 [pid 8618] <... set_robust_list resumed>) = 0 [pid 8612] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8611] exit_group(0 [pid 8617] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8618] chdir("./352" [pid 8612] <... futex resumed>) = ? [pid 8611] <... exit_group resumed>) = ? [pid 8618] <... chdir resumed>) = 0 [pid 8617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8617] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8617] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8618] setpgid(0, 0 [pid 8617] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8618] <... setpgid resumed>) = 0 [pid 8618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8612] +++ exited with 0 +++ [pid 8611] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8611, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5063] umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8614] <... futex resumed>) = ? [pid 8613] <... exit_group resumed>) = ? [pid 5063] <... openat resumed>) = 3 [pid 8614] +++ exited with 0 +++ [pid 5063] newfstatat(3, "", ./strace-static-x86_64: Process 8619 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8619] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8617] <... clone3 resumed> => {parent_tid=[8619]}, 88) = 8619 [pid 5063] getdents64(3, [pid 8619] <... rseq resumed>) = 0 [pid 8617] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8619] set_robust_list(0x7f67138b29a0, 24 [pid 8617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8618] <... openat resumed>) = 3 [pid 8619] <... set_robust_list resumed>) = 0 [pid 8617] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8619] rt_sigprocmask(SIG_SETMASK, [], [pid 8617] <... futex resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./356/binderfs", [pid 8619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8618] write(3, "1000", 4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8619] memfd_create("syzkaller", 0 [pid 8618] <... write resumed>) = 4 [pid 8617] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8616] <... ioctl resumed>) = 0 [pid 8613] +++ exited with 0 +++ [pid 5063] unlink("./356/binderfs" [pid 8618] close(3 [pid 8616] close(3 [pid 5063] <... unlink resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8613, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8618] <... close resumed>) = 0 [pid 8616] <... close resumed>) = 0 [pid 5063] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8619] <... memfd_create resumed>) = 3 [pid 8618] symlink("/dev/binderfs", "./binderfs" [pid 8616] close(4 [pid 5062] <... restart_syscall resumed>) = 0 [pid 8619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8618] <... symlink resumed>) = 0 [pid 5062] umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8618] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8616] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [ 295.623709][ T8616] loop3: detected capacity change from 0 to 4096 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8618] <... futex resumed>) = 0 [pid 8616] mkdir("./file0", 0777 [pid 5063] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8618] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... openat resumed>) = 3 [pid 8618] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] newfstatat(3, "", [pid 8618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] getdents64(3, [pid 8618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8618] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8618] <... mprotect resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8618] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] newfstatat(AT_FDCWD, "./356/file0", [pid 8618] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] newfstatat(AT_FDCWD, "./349/binderfs", [pid 8618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8618] <... clone3 resumed> => {parent_tid=[8620]}, 88) = 8620 [pid 5063] openat(AT_FDCWD, "./356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] unlink("./349/binderfs"./strace-static-x86_64: Process 8620 attached [pid 8618] rt_sigprocmask(SIG_SETMASK, [], [pid 8616] <... mkdir resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 8620] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8616] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] newfstatat(4, "", [pid 5062] <... unlink resumed>) = 0 [pid 8620] <... rseq resumed>) = 0 [pid 8618] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8618] <... futex resumed>) = 0 [pid 5063] getdents64(4, [pid 8620] set_robust_list(0x7f67138b29a0, 24 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8620] <... set_robust_list resumed>) = 0 [pid 5063] getdents64(4, [pid 8620] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8618] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8619] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] close(4 [pid 5062] <... umount2 resumed>) = 0 [pid 8620] memfd_create("syzkaller", 0 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./356/file0" [pid 5062] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8620] <... memfd_create resumed>) = 3 [pid 8620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./349/file0", [pid 8616] <... mount resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./356" [pid 8616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] <... rmdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8616] <... openat resumed>) = 3 [pid 8616] chdir("./file0" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] mkdir("./357", 0777) = 0 [pid 5062] openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... openat resumed>) = 4 [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8616] <... chdir resumed>) = 0 [pid 8616] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] getdents64(4, [pid 8616] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8616] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 8615] <... futex resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8615] exit_group(0 [pid 5062] rmdir("./349/file0" [pid 8615] <... exit_group resumed>) = ? [pid 5062] <... rmdir resumed>) = 0 [pid 8616] <... futex resumed>) = ? [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8619] <... write resumed>) = 2097152 [pid 8616] +++ exited with 0 +++ [pid 8615] +++ exited with 0 +++ [pid 5062] close(3 [pid 8619] munmap(0x7f670b400000, 138412032 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8615, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./349") = 0 [pid 8620] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8619] <... munmap resumed>) = 0 [pid 5065] umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] mkdir("./350", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8619] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] newfstatat(3, "", [pid 5063] <... ioctl resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8619] close(3) = 0 [pid 8619] close(4 [pid 5065] getdents64(3, [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8619] <... close resumed>) = 0 [pid 8619] mkdir("./file0", 0777 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] close(3 [pid 5062] <... openat resumed>) = 3 [pid 8620] <... write resumed>) = 2097152 [pid 8619] <... mkdir resumed>) = 0 [pid 5065] umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8620] munmap(0x7f670b400000, 138412032 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] newfstatat(AT_FDCWD, "./352/binderfs", [pid 8619] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./352/binderfs") = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8621 [pid 5065] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8621 attached [pid 8621] set_robust_list(0x5555569076a0, 24 [pid 5065] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8621] <... set_robust_list resumed>) = 0 [pid 8620] <... munmap resumed>) = 0 [pid 8621] chdir("./357") = 0 [ 295.800700][ T8619] loop2: detected capacity change from 0 to 4096 [pid 8621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8621] setpgid(0, 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./352/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8620] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8621] <... setpgid resumed>) = 0 [pid 8620] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8620] ioctl(4, LOOP_SET_FD, 3 [pid 5065] openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8621] <... openat resumed>) = 3 [pid 8621] write(3, "1000", 4) = 4 [pid 8621] close(3) = 0 [pid 8621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8621] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8620] <... ioctl resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8621] <... futex resumed>) = 0 [pid 5065] getdents64(4, [pid 8621] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8620] close(3 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 8620] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8620] close(4 [pid 8621] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8620] <... close resumed>) = 0 [pid 5065] close(4 [pid 8621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] <... close resumed>) = 0 [pid 8621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8620] mkdir("./file0", 0777 [pid 5065] rmdir("./352/file0" [pid 8621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8621] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 8621] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8620] <... mkdir resumed>) = 0 [pid 8621] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] getdents64(3, [pid 8620] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8622 attached [pid 8622] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8621] <... clone3 resumed> => {parent_tid=[8622]}, 88) = 8622 [pid 8622] <... rseq resumed>) = 0 [pid 8621] rt_sigprocmask(SIG_SETMASK, [], [pid 8622] set_robust_list(0x7f67138b29a0, 24 [pid 8621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8622] <... set_robust_list resumed>) = 0 [pid 8621] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8622] rt_sigprocmask(SIG_SETMASK, [], [pid 8621] <... futex resumed>) = 0 [pid 8622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8621] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] close(3 [pid 8622] memfd_create("syzkaller", 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3 [pid 5065] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5065] rmdir("./352" [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8622] <... memfd_create resumed>) = 3 [pid 8622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 ./strace-static-x86_64: Process 8623 attached [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8623 [ 295.868449][ T8620] loop4: detected capacity change from 0 to 4096 [pid 8623] set_robust_list(0x5555569076a0, 24 [pid 8619] <... mount resumed>) = 0 [pid 5065] mkdir("./353", 0777 [pid 8623] <... set_robust_list resumed>) = 0 [pid 8619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8623] chdir("./350" [pid 8620] <... mount resumed>) = 0 [pid 8619] <... openat resumed>) = 3 [pid 5065] <... mkdir resumed>) = 0 [pid 8623] <... chdir resumed>) = 0 [pid 8620] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8619] chdir("./file0" [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8623] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8619] <... chdir resumed>) = 0 [pid 8620] <... openat resumed>) = 3 [pid 8619] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8623] <... prctl resumed>) = 0 [pid 8620] chdir("./file0" [pid 8619] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8619] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8623] setpgid(0, 0 [pid 8620] <... chdir resumed>) = 0 [pid 8619] <... futex resumed>) = 1 [pid 8617] <... futex resumed>) = 0 [pid 8623] <... setpgid resumed>) = 0 [pid 8620] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8619] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8620] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8617] exit_group(0) = ? [pid 8619] <... futex resumed>) = ? [pid 8623] <... openat resumed>) = 3 [pid 8620] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8619] +++ exited with 0 +++ [pid 8617] +++ exited with 0 +++ [pid 8623] write(3, "1000", 4 [pid 8620] <... futex resumed>) = 1 [pid 8618] <... futex resumed>) = 0 [pid 8623] <... write resumed>) = 4 [pid 8620] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8623] close(3 [pid 8618] exit_group(0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8617, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8622] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8620] <... futex resumed>) = ? [pid 8618] <... exit_group resumed>) = ? [pid 5064] umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8620] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8623] <... close resumed>) = 0 [pid 8618] +++ exited with 0 +++ [pid 5064] newfstatat(3, "", [pid 8623] symlink("/dev/binderfs", "./binderfs" [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8618, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 8623] <... symlink resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8623] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8623] <... futex resumed>) = 0 [pid 8623] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8623] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(AT_FDCWD, "./354/binderfs", [pid 8623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8623] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... openat resumed>) = 3 [pid 8623] <... mprotect resumed>) = 0 [pid 8623] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] newfstatat(3, "", [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8623] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] unlink("./354/binderfs" [pid 8623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8624]}, 88) = 8624 [pid 5064] <... unlink resumed>) = 0 [pid 8623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8623] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 8623] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] close(3 [pid 5066] getdents64(3, [pid 5065] <... close resumed>) = 0 ./strace-static-x86_64: Process 8624 attached [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8624] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5066] umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8624] <... rseq resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./352/binderfs", [pid 8624] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8624] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] unlink("./352/binderfs" [pid 8624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8624] memfd_create("syzkaller", 0 [pid 5066] <... unlink resumed>) = 0 [pid 8624] <... memfd_create resumed>) = 3 [pid 8622] <... write resumed>) = 2097152 [pid 5066] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... umount2 resumed>) = 0 [pid 8624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 ./strace-static-x86_64: Process 8625 attached [pid 8622] munmap(0x7f670b400000, 138412032 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8625] set_robust_list(0x5555569076a0, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8625 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./354/file0", [pid 8625] <... set_robust_list resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8625] chdir("./353" [pid 5064] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8625] <... chdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8625] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8625] <... prctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 4 [pid 8625] setpgid(0, 0) = 0 [pid 5066] newfstatat(AT_FDCWD, "./352/file0", [pid 5064] newfstatat(4, "", [pid 8625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8625] <... openat resumed>) = 3 [pid 8624] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8622] <... munmap resumed>) = 0 [pid 5066] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, [pid 8625] write(3, "1000", 4 [pid 8622] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8625] <... write resumed>) = 4 [pid 8622] <... openat resumed>) = 4 [pid 5066] openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8625] close(3 [pid 8622] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... openat resumed>) = 4 [pid 5064] close(4 [pid 8625] <... close resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5064] <... close resumed>) = 0 [pid 8625] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] rmdir("./354/file0" [pid 8625] <... symlink resumed>) = 0 [pid 5066] getdents64(4, [pid 5064] <... rmdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8625] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] getdents64(4, [pid 8625] <... futex resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8625] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] close(4 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] <... close resumed>) = 0 [pid 8625] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] rmdir("./352/file0" [pid 5064] close(3 [pid 8625] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8622] <... ioctl resumed>) = 0 [pid 5064] rmdir("./354" [pid 8625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8622] close(3 [pid 5066] getdents64(3, [pid 5064] <... rmdir resumed>) = 0 [pid 8625] <... mmap resumed>) = 0x7f6713892000 [pid 8622] <... close resumed>) = 0 [pid 8625] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8622] close(4 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8625] <... mprotect resumed>) = 0 [pid 8622] <... close resumed>) = 0 [pid 5066] close(3 [pid 5064] mkdir("./355", 0777 [pid 8622] mkdir("./file0", 0777 [pid 5066] <... close resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 8625] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] rmdir("./352" [pid 8622] <... mkdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8622] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8625] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] mkdir("./353", 0777 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8626 attached [pid 5064] <... openat resumed>) = 3 [pid 8626] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8625] <... clone3 resumed> => {parent_tid=[8626]}, 88) = 8626 [pid 8624] <... write resumed>) = 2097152 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8626] <... rseq resumed>) = 0 [pid 8625] rt_sigprocmask(SIG_SETMASK, [], [pid 8624] munmap(0x7f670b400000, 138412032 [pid 5066] <... openat resumed>) = 3 [pid 8626] set_robust_list(0x7f67138b29a0, 24 [pid 8625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8625] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8625] <... futex resumed>) = 0 [pid 8625] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8626] <... set_robust_list resumed>) = 0 [pid 8626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8626] memfd_create("syzkaller", 0) = 3 [pid 8624] <... munmap resumed>) = 0 [pid 8626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [ 296.084719][ T8622] loop1: detected capacity change from 0 to 4096 [pid 8624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8624] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8624] close(3) = 0 [pid 8624] close(4) = 0 [pid 8624] mkdir("./file0", 0777) = 0 [pid 8624] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8622] <... mount resumed>) = 0 [ 296.138574][ T8624] loop0: detected capacity change from 0 to 4096 [pid 8622] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8626] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8624] <... mount resumed>) = 0 [pid 8622] <... openat resumed>) = 3 [pid 8624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8622] chdir("./file0" [pid 8624] <... openat resumed>) = 3 [pid 8624] chdir("./file0") = 0 [pid 8624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8624] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8624] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8623] <... futex resumed>) = 0 [pid 8622] <... chdir resumed>) = 0 [pid 8622] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8623] exit_group(0 [pid 8622] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8624] <... futex resumed>) = ? [pid 8623] <... exit_group resumed>) = ? [pid 8622] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... ioctl resumed>) = 0 [pid 8622] <... futex resumed>) = 1 [pid 8624] +++ exited with 0 +++ [pid 8623] +++ exited with 0 +++ [pid 8622] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8621] <... futex resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 8621] exit_group(0 [pid 8622] <... futex resumed>) = ? [pid 8621] <... exit_group resumed>) = ? [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8623, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8622] +++ exited with 0 +++ [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 5064] close(3 [pid 8621] +++ exited with 0 +++ [pid 5062] <... restart_syscall resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8621, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] close(3 [pid 5063] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 5062] newfstatat(3, "", [pid 5066] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8627 [pid 5062] getdents64(3, ./strace-static-x86_64: Process 8628 attached [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8628] set_robust_list(0x5555569076a0, 24 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8628] <... set_robust_list resumed>) = 0 [pid 8628] chdir("./353" [pid 5063] newfstatat(AT_FDCWD, "./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./357/binderfs" [pid 5062] umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8627 attached [pid 8628] <... chdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8628 [pid 5063] <... unlink resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./350/binderfs", [pid 8628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8628] setpgid(0, 0 [pid 8627] set_robust_list(0x5555569076a0, 24 [pid 5063] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8627] <... set_robust_list resumed>) = 0 [pid 8627] chdir("./355" [pid 8626] <... write resumed>) = 2097152 [pid 5062] unlink("./350/binderfs" [pid 8628] <... setpgid resumed>) = 0 [pid 8628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] <... unlink resumed>) = 0 [pid 8628] write(3, "1000", 4) = 4 [pid 8628] close(3 [pid 5063] <... umount2 resumed>) = 0 [pid 8627] <... chdir resumed>) = 0 [pid 5062] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8628] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8628] symlink("/dev/binderfs", "./binderfs" [pid 5063] newfstatat(AT_FDCWD, "./357/file0", [pid 8628] <... symlink resumed>) = 0 [pid 8627] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8628] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8627] <... prctl resumed>) = 0 [pid 5063] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8628] <... futex resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8628] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8627] setpgid(0, 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8628] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8627] <... setpgid resumed>) = 0 [pid 8626] munmap(0x7f670b400000, 138412032 [pid 5063] openat(AT_FDCWD, "./357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8628] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8628] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] newfstatat(4, "", [pid 5062] newfstatat(AT_FDCWD, "./350/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8628] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] getdents64(4, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8627] <... openat resumed>) = 3 [pid 8628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8627] write(3, "1000", 4 [pid 5063] getdents64(4, [pid 8628] <... clone3 resumed> => {parent_tid=[8629]}, 88) = 8629 [pid 8627] <... write resumed>) = 4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8628] rt_sigprocmask(SIG_SETMASK, [], [pid 8627] close(3 [pid 5063] close(4 [pid 5062] newfstatat(4, "", ./strace-static-x86_64: Process 8629 attached [pid 8628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8627] <... close resumed>) = 0 [pid 8629] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8628] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8627] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8629] <... rseq resumed>) = 0 [pid 8628] <... futex resumed>) = 0 [pid 8626] <... munmap resumed>) = 0 [pid 8629] set_robust_list(0x7f67138b29a0, 24 [pid 8628] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8627] <... symlink resumed>) = 0 [pid 8626] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] rmdir("./357/file0" [pid 5062] getdents64(4, [pid 8629] <... set_robust_list resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8626] <... openat resumed>) = 4 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] getdents64(4, [pid 8626] ioctl(4, LOOP_SET_FD, 3 [pid 5063] getdents64(3, [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8627] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8629] rt_sigprocmask(SIG_SETMASK, [], [pid 8626] <... ioctl resumed>) = 0 [pid 8627] <... futex resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 8629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8626] close(3 [pid 8627] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] close(3 [pid 5062] <... close resumed>) = 0 [pid 8629] memfd_create("syzkaller", 0 [pid 8627] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8626] <... close resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5062] rmdir("./350/file0" [pid 8629] <... memfd_create resumed>) = 3 [pid 8627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8626] close(4 [pid 5063] rmdir("./357" [pid 8629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] <... rmdir resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./358", 0777) = 0 [pid 8626] <... close resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8626] mkdir("./file0", 0777 [pid 8627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8626] <... mkdir resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5062] getdents64(3, [pid 8627] <... mmap resumed>) = 0x7f6713892000 [pid 8627] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5062] close(3 [pid 8627] <... mprotect resumed>) = 0 [pid 8626] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./350") = 0 [pid 5062] mkdir("./351", 0777 [pid 8627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8627] <... clone3 resumed> => {parent_tid=[8630]}, 88) = 8630 [pid 5062] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8630 attached [pid 8627] rt_sigprocmask(SIG_SETMASK, [], [pid 8630] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8627] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8630] <... rseq resumed>) = 0 [pid 8627] <... futex resumed>) = 0 [pid 8627] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8630] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8630] memfd_create("syzkaller", 0 [pid 8626] <... mount resumed>) = 0 [pid 8630] <... memfd_create resumed>) = 3 [ 296.300123][ T8626] loop3: detected capacity change from 0 to 4096 [pid 8626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8629] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8626] <... openat resumed>) = 3 [pid 8630] <... mmap resumed>) = 0x7f670b400000 [pid 8626] chdir("./file0") = 0 [pid 8626] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8626] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8626] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8625] <... futex resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8625] exit_group(0 [pid 5063] close(3 [pid 8626] <... futex resumed>) = ? [pid 8625] <... exit_group resumed>) = ? [pid 5063] <... close resumed>) = 0 [pid 8626] +++ exited with 0 +++ [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8631 attached [pid 8629] <... write resumed>) = 2097152 [pid 8625] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8625, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8631 [pid 8631] set_robust_list(0x5555569076a0, 24) = 0 [pid 5065] umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8631] chdir("./358" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... ioctl resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5062] close(3 [pid 8631] <... chdir resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 8631] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... close resumed>) = 0 [pid 8631] <... prctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8629] munmap(0x7f670b400000, 138412032./strace-static-x86_64: Process 8632 attached [pid 8631] setpgid(0, 0 [pid 8629] <... munmap resumed>) = 0 [pid 5065] getdents64(3, [pid 8631] <... setpgid resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8632 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8632] set_robust_list(0x5555569076a0, 24) = 0 [pid 8631] <... openat resumed>) = 3 [pid 8630] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8632] chdir("./351" [pid 8631] write(3, "1000", 4 [pid 5065] umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./353/binderfs", [pid 8632] <... chdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8632] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8631] <... write resumed>) = 4 [pid 8632] <... prctl resumed>) = 0 [pid 8631] close(3 [pid 8632] setpgid(0, 0 [pid 8631] <... close resumed>) = 0 [pid 8632] <... setpgid resumed>) = 0 [pid 8631] symlink("/dev/binderfs", "./binderfs" [pid 5065] unlink("./353/binderfs" [pid 8632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8629] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... unlink resumed>) = 0 [pid 8632] <... openat resumed>) = 3 [pid 8631] <... symlink resumed>) = 0 [pid 8629] <... openat resumed>) = 4 [pid 5065] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8632] write(3, "1000", 4 [pid 8631] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8629] ioctl(4, LOOP_SET_FD, 3 [pid 8632] <... write resumed>) = 4 [pid 8631] <... futex resumed>) = 0 [pid 8629] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 8632] close(3 [pid 8631] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8632] <... close resumed>) = 0 [pid 8632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8631] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8632] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8631] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8632] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8632] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8630] <... write resumed>) = 2097152 [pid 8629] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8631] <... mmap resumed>) = 0x7f6713892000 [pid 8630] munmap(0x7f670b400000, 138412032 [pid 8629] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./353/file0", [pid 8632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8631] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8629] close(4 [pid 8631] <... mprotect resumed>) = 0 [pid 8629] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 296.467842][ T8629] loop4: detected capacity change from 0 to 4096 [pid 8631] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8631] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8630] <... munmap resumed>) = 0 [pid 8629] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8629] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8632] <... mmap resumed>) = 0x7f6713892000 [pid 8630] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... openat resumed>) = 4 [pid 8632] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8631] <... clone3 resumed> => {parent_tid=[8633]}, 88) = 8633 [pid 8630] <... openat resumed>) = 4 [pid 8629] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5065] newfstatat(4, "", [pid 8632] <... mprotect resumed>) = 0 [pid 8631] rt_sigprocmask(SIG_SETMASK, [], [pid 8630] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] getdents64(4, [pid 8632] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8631] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8631] <... futex resumed>) = 0 [pid 5065] getdents64(4, [pid 8631] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./353/file0") = 0 ./strace-static-x86_64: Process 8633 attached [pid 8632] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8633] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] getdents64(3, [pid 8633] set_robust_list(0x7f67138b29a0, 24./strace-static-x86_64: Process 8634 attached [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8633] <... set_robust_list resumed>) = 0 [pid 8634] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8633] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] close(3 [pid 8632] <... clone3 resumed> => {parent_tid=[8634]}, 88) = 8634 [pid 8634] <... rseq resumed>) = 0 [pid 8633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8632] rt_sigprocmask(SIG_SETMASK, [], [pid 8630] <... ioctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 8634] set_robust_list(0x7f67138b29a0, 24 [pid 5065] rmdir("./353" [pid 8634] <... set_robust_list resumed>) = 0 [pid 8633] memfd_create("syzkaller", 0 [pid 8632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8630] close(3 [pid 5065] <... rmdir resumed>) = 0 [pid 8634] rt_sigprocmask(SIG_SETMASK, [], [pid 8633] <... memfd_create resumed>) = 3 [pid 8632] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8630] <... close resumed>) = 0 [pid 8634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8632] <... futex resumed>) = 0 [pid 8630] close(4 [pid 5065] mkdir("./354", 0777 [pid 8634] memfd_create("syzkaller", 0 [pid 8633] <... mmap resumed>) = 0x7f670b400000 [pid 8632] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8630] <... close resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 8630] mkdir("./file0", 0777) = 0 [pid 8634] <... memfd_create resumed>) = 3 [pid 8630] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 8629] <... mount resumed>) = 0 [pid 8629] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8629] chdir("./file0") = 0 [pid 8629] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8629] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8628] <... futex resumed>) = 0 [ 296.515805][ T8630] loop2: detected capacity change from 0 to 4096 [pid 8629] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8628] exit_group(0) = ? [pid 8629] <... futex resumed>) = ? [pid 8629] +++ exited with 0 +++ [pid 8628] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8628, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5066] umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./353/binderfs") = 0 [pid 5066] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8634] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8633] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8630] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8630] chdir("./file0") = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./353/file0", [pid 8630] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8630] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8630] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8630] <... futex resumed>) = 1 [pid 8627] <... futex resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 8630] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8627] exit_group(0 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8627] <... exit_group resumed>) = ? [pid 5066] getdents64(4, [pid 8630] <... futex resumed>) = ? [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./353/file0" [pid 8630] +++ exited with 0 +++ [pid 8627] +++ exited with 0 +++ [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./353" [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8627, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5066] <... rmdir resumed>) = 0 [pid 5065] close(3 [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] mkdir("./354", 0777 [pid 5065] <... close resumed>) = 0 [pid 8633] <... write resumed>) = 2097152 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8635 attached [pid 8633] munmap(0x7f670b400000, 138412032 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8635 [pid 5064] <... openat resumed>) = 3 [pid 8635] set_robust_list(0x5555569076a0, 24 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] newfstatat(3, "", [pid 8635] <... set_robust_list resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 8635] chdir("./354" [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8635] <... chdir resumed>) = 0 [pid 5064] umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8635] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8633] <... munmap resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8635] <... prctl resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./355/binderfs", [pid 8635] setpgid(0, 0 [pid 8633] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8635] <... setpgid resumed>) = 0 [pid 8633] <... openat resumed>) = 4 [pid 5064] unlink("./355/binderfs" [pid 8635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8633] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... unlink resumed>) = 0 [pid 8635] <... openat resumed>) = 3 [pid 5064] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8635] write(3, "1000", 4) = 4 [pid 8635] close(3 [pid 8633] <... ioctl resumed>) = 0 [pid 8635] <... close resumed>) = 0 [pid 8635] symlink("/dev/binderfs", "./binderfs" [pid 8633] close(3 [pid 8635] <... symlink resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8635] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8633] <... close resumed>) = 0 [pid 5064] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8635] <... futex resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8635] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8633] close(4 [pid 5064] newfstatat(AT_FDCWD, "./355/file0", [pid 8635] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8634] <... write resumed>) = 2097152 [pid 8633] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8635] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8633] mkdir("./file0", 0777 [pid 5064] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8634] munmap(0x7f670b400000, 138412032 [pid 8633] <... mkdir resumed>) = 0 [pid 8635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8635] <... mmap resumed>) = 0x7f6713892000 [pid 5064] openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8633] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... openat resumed>) = 4 [pid 8635] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] newfstatat(4, "", [pid 8635] <... mprotect resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8635] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8634] <... munmap resumed>) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8635] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8634] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... ioctl resumed>) = 0 [pid 5064] getdents64(4, [pid 8635] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8634] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8636 attached [ 296.699993][ T8633] loop1: detected capacity change from 0 to 4096 [pid 8634] ioctl(4, LOOP_SET_FD, 3 [pid 5064] close(4 [pid 8636] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8635] <... clone3 resumed> => {parent_tid=[8636]}, 88) = 8636 [pid 5066] close(3 [pid 8635] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... close resumed>) = 0 [pid 8636] <... rseq resumed>) = 0 [pid 8635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] rmdir("./355/file0" [pid 8636] set_robust_list(0x7f67138b29a0, 24 [pid 8635] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... rmdir resumed>) = 0 [pid 8636] <... set_robust_list resumed>) = 0 [pid 8635] <... futex resumed>) = 0 [pid 5064] getdents64(3, [pid 8636] rt_sigprocmask(SIG_SETMASK, [], [pid 8635] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8637 attached [pid 8636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] close(3 [pid 8637] set_robust_list(0x5555569076a0, 24) = 0 [pid 8636] memfd_create("syzkaller", 0 [pid 5064] <... close resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8637 [pid 8637] chdir("./354") = 0 [pid 8637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8637] setpgid(0, 0) = 0 [pid 8637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] rmdir("./355" [pid 8636] <... memfd_create resumed>) = 3 [pid 8634] <... ioctl resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8634] close(3 [pid 8636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8637] write(3, "1000", 4) = 4 [pid 8637] close(3 [pid 8636] <... mmap resumed>) = 0x7f670b400000 [pid 8634] <... close resumed>) = 0 [pid 5064] mkdir("./356", 0777 [pid 8637] <... close resumed>) = 0 [pid 8637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8637] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8634] close(4 [pid 5064] <... mkdir resumed>) = 0 [pid 8637] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8634] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8637] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8634] mkdir("./file0", 0777 [pid 8637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... openat resumed>) = 3 [pid 8634] <... mkdir resumed>) = 0 [pid 8637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8634] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8633] <... mount resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8637] <... mmap resumed>) = 0x7f6713892000 [pid 8633] <... openat resumed>) = 3 [pid 8637] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8633] chdir("./file0" [pid 8637] <... mprotect resumed>) = 0 [pid 8633] <... chdir resumed>) = 0 [ 296.751607][ T8634] loop0: detected capacity change from 0 to 4096 [pid 8637] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8633] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8637] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8633] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8631] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8638 attached [pid 8637] <... clone3 resumed> => {parent_tid=[8638]}, 88) = 8638 [pid 8633] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8631] exit_group(0 [pid 8638] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8637] rt_sigprocmask(SIG_SETMASK, [], [pid 8633] <... futex resumed>) = ? [pid 8631] <... exit_group resumed>) = ? [pid 8638] <... rseq resumed>) = 0 [pid 8638] set_robust_list(0x7f67138b29a0, 24 [pid 8637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8633] +++ exited with 0 +++ [pid 8631] +++ exited with 0 +++ [pid 8638] <... set_robust_list resumed>) = 0 [pid 8637] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8638] rt_sigprocmask(SIG_SETMASK, [], [pid 8637] <... futex resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8631, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8637] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8638] memfd_create("syzkaller", 0 [pid 5063] umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8638] <... memfd_create resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] unlink("./358/binderfs") = 0 [pid 5063] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5063] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./358/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8636] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./358/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./358") = 0 [pid 5063] mkdir("./359", 0777) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] close(3 [pid 5063] <... openat resumed>) = 3 [pid 8638] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8634] <... mount resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8634] chdir("./file0") = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8634] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 8639 attached ) = -1 EBUSY (Device or resource busy) [pid 8634] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8639] set_robust_list(0x5555569076a0, 24) = 0 [pid 8639] chdir("./356") = 0 [pid 8639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8639] setpgid(0, 0 [pid 8634] <... futex resumed>) = 1 [pid 8632] <... futex resumed>) = 0 [pid 8639] <... setpgid resumed>) = 0 [pid 8634] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8632] exit_group(0 [pid 8639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8634] <... futex resumed>) = ? [pid 8632] <... exit_group resumed>) = ? [pid 8639] <... openat resumed>) = 3 [pid 8634] +++ exited with 0 +++ [pid 8639] write(3, "1000", 4) = 4 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8639 [pid 8639] close(3) = 0 [pid 8639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8632] +++ exited with 0 +++ [pid 8639] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8632, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8639] <... futex resumed>) = 0 [pid 5062] umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8639] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8639] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8639] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... openat resumed>) = 3 [pid 8639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] newfstatat(3, "", [pid 8639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8639] <... mmap resumed>) = 0x7f6713892000 [pid 5062] getdents64(3, [pid 8639] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8639] <... mprotect resumed>) = 0 [pid 5062] umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8639] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8639] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8640]}, 88) = 8640 [pid 8636] <... write resumed>) = 2097152 [pid 5062] newfstatat(AT_FDCWD, "./351/binderfs", ./strace-static-x86_64: Process 8640 attached [pid 8639] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8639] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] unlink("./351/binderfs" [pid 8639] <... futex resumed>) = 0 [pid 8640] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8639] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... unlink resumed>) = 0 [pid 8640] <... rseq resumed>) = 0 [pid 8640] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8640] memfd_create("syzkaller", 0) = 3 [pid 5062] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8636] munmap(0x7f670b400000, 138412032 [pid 5063] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5063] close(3 [pid 5062] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./351/file0", [pid 5063] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8636] <... munmap resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 8641 attached [pid 8636] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] newfstatat(4, "", [pid 8641] set_robust_list(0x5555569076a0, 24 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8641 [pid 8641] <... set_robust_list resumed>) = 0 [pid 8636] <... openat resumed>) = 4 [pid 8641] chdir("./359" [pid 8636] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8641] <... chdir resumed>) = 0 [pid 8641] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8638] <... write resumed>) = 2097152 [pid 8636] <... ioctl resumed>) = 0 [pid 5062] getdents64(4, [pid 8641] <... prctl resumed>) = 0 [pid 8638] munmap(0x7f670b400000, 138412032 [pid 8636] close(3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8641] setpgid(0, 0 [pid 8640] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8636] <... close resumed>) = 0 [pid 8641] <... setpgid resumed>) = 0 [pid 8636] close(4 [pid 5062] getdents64(4, [pid 8641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8636] <... close resumed>) = 0 [pid 5062] close(4) = 0 [pid 8636] mkdir("./file0", 0777 [pid 5062] rmdir("./351/file0" [pid 8641] <... openat resumed>) = 3 [pid 8638] <... munmap resumed>) = 0 [pid 8636] <... mkdir resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8641] write(3, "1000", 4 [pid 8636] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8641] <... write resumed>) = 4 [pid 8641] close(3 [pid 5062] getdents64(3, [pid 8641] <... close resumed>) = 0 [pid 8641] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8641] <... symlink resumed>) = 0 [pid 8638] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] close(3 [pid 8641] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8638] <... openat resumed>) = 4 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./351") = 0 [pid 5062] mkdir("./352", 0777) = 0 [pid 8641] <... futex resumed>) = 0 [pid 8638] ioctl(4, LOOP_SET_FD, 3 [ 297.005482][ T8636] loop3: detected capacity change from 0 to 4096 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 8640] <... write resumed>) = 2097152 [pid 8641] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8636] <... mount resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8641] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8641] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8638] <... ioctl resumed>) = 0 [pid 8636] <... openat resumed>) = 3 [pid 8640] munmap(0x7f670b400000, 138412032 [pid 8641] <... mmap resumed>) = 0x7f6713892000 [pid 8641] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8640] <... munmap resumed>) = 0 [pid 8638] close(3 [pid 8636] chdir("./file0" [pid 8641] <... mprotect resumed>) = 0 [pid 8636] <... chdir resumed>) = 0 [pid 8638] <... close resumed>) = 0 [pid 8641] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8640] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8638] close(4 [pid 8636] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8641] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8640] <... openat resumed>) = 4 [pid 8638] <... close resumed>) = 0 [pid 8636] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8641] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8638] mkdir("./file0", 0777 [pid 8636] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8642 attached [ 297.057544][ T8638] loop4: detected capacity change from 0 to 4096 [pid 8640] ioctl(4, LOOP_SET_FD, 3 [pid 8638] <... mkdir resumed>) = 0 [pid 8636] <... futex resumed>) = 1 [pid 8635] <... futex resumed>) = 0 [pid 8642] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8641] <... clone3 resumed> => {parent_tid=[8642]}, 88) = 8642 [pid 8635] exit_group(0 [pid 8642] <... rseq resumed>) = 0 [pid 8635] <... exit_group resumed>) = ? [pid 8642] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8642] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8641] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8641] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8642] <... futex resumed>) = 0 [pid 8641] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8638] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8636] +++ exited with 0 +++ [pid 8635] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8635, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 8640] <... ioctl resumed>) = 0 [pid 8642] memfd_create("syzkaller", 0 [pid 5065] <... restart_syscall resumed>) = 0 [pid 5065] umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8642] <... memfd_create resumed>) = 3 [pid 8640] close(3 [pid 5065] umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8640] <... close resumed>) = 0 [pid 8642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8642] <... mmap resumed>) = 0x7f670b400000 [pid 8640] close(4 [pid 5065] newfstatat(AT_FDCWD, "./354/binderfs", [pid 8640] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8640] mkdir("./file0", 0777 [pid 5065] unlink("./354/binderfs" [pid 8640] <... mkdir resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5065] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] close(3 [pid 8640] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [ 297.103091][ T8640] loop2: detected capacity change from 0 to 4096 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8643 attached [pid 8638] <... mount resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8643 [pid 8643] set_robust_list(0x5555569076a0, 24 [pid 5065] newfstatat(AT_FDCWD, "./354/file0", [pid 8643] <... set_robust_list resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8643] chdir("./352" [pid 8638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8638] <... openat resumed>) = 3 [pid 8643] <... chdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8643] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8638] chdir("./file0" [pid 5065] openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8643] <... prctl resumed>) = 0 [pid 8638] <... chdir resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 8643] setpgid(0, 0 [pid 8638] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] newfstatat(4, "", [pid 8643] <... setpgid resumed>) = 0 [pid 8638] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] getdents64(4, [pid 8638] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8643] <... openat resumed>) = 3 [pid 8638] <... futex resumed>) = 1 [pid 8637] <... futex resumed>) = 0 [pid 5065] getdents64(4, [pid 8638] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8637] exit_group(0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8638] <... futex resumed>) = ? [pid 8637] <... exit_group resumed>) = ? [pid 5065] close(4) = 0 [pid 5065] rmdir("./354/file0" [pid 8643] write(3, "1000", 4 [pid 5065] <... rmdir resumed>) = 0 [pid 8643] <... write resumed>) = 4 [pid 8638] +++ exited with 0 +++ [pid 8637] +++ exited with 0 +++ [pid 8643] close(3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8637, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8643] <... close resumed>) = 0 [pid 8643] symlink("/dev/binderfs", "./binderfs" [pid 5065] getdents64(3, [pid 8643] <... symlink resumed>) = 0 [pid 8642] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8643] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] close(3) = 0 [pid 8643] <... futex resumed>) = 0 [pid 5066] umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./354" [pid 8643] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... rmdir resumed>) = 0 [pid 8643] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... openat resumed>) = 3 [pid 8643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] newfstatat(3, "", [pid 5065] mkdir("./355", 0777 [pid 8643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 8643] <... mmap resumed>) = 0x7f6713892000 [pid 5066] getdents64(3, [pid 8643] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8643] <... mprotect resumed>) = 0 [pid 5066] umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8643] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./354/binderfs", [pid 8643] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8644 attached [pid 5066] unlink("./354/binderfs" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8644] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8643] <... clone3 resumed> => {parent_tid=[8644]}, 88) = 8644 [pid 5066] <... unlink resumed>) = 0 [pid 8644] set_robust_list(0x7f67138b29a0, 24 [pid 8643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8640] <... mount resumed>) = 0 [pid 8643] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8644] <... set_robust_list resumed>) = 0 [pid 5066] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8644] rt_sigprocmask(SIG_SETMASK, [], [pid 8643] <... futex resumed>) = 0 [pid 8644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8643] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8640] chdir("./file0") = 0 [pid 8640] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8640] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8639] <... futex resumed>) = 0 [pid 8639] exit_group(0) = ? [pid 5066] <... umount2 resumed>) = 0 [pid 8644] memfd_create("syzkaller", 0 [pid 8640] +++ exited with 0 +++ [pid 8639] +++ exited with 0 +++ [pid 5066] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8644] <... memfd_create resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] newfstatat(AT_FDCWD, "./354/file0", [pid 8644] <... mmap resumed>) = 0x7f670b400000 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8639, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... openat resumed>) = 3 [pid 5066] <... openat resumed>) = 4 [pid 5064] newfstatat(3, "", [pid 5066] newfstatat(4, "", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 5066] getdents64(4, [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./356/binderfs", [pid 8642] <... write resumed>) = 2097152 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(4) = 0 [pid 5064] unlink("./356/binderfs") = 0 [pid 5064] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] rmdir("./354/file0" [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8644] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8642] munmap(0x7f670b400000, 138412032 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8642] <... munmap resumed>) = 0 [pid 5066] close(3 [pid 8642] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./354" [pid 8642] <... openat resumed>) = 4 [pid 8642] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./355", 0777 [pid 5064] newfstatat(AT_FDCWD, "./356/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./356/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 8642] <... ioctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 8642] close(3 [pid 5065] close(3 [pid 8642] <... close resumed>) = 0 [pid 5064] rmdir("./356" [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8645 attached [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./357", 0777 [pid 8642] close(4) = 0 [pid 8645] set_robust_list(0x5555569076a0, 24 [pid 8644] <... write resumed>) = 2097152 [pid 5064] <... mkdir resumed>) = 0 [pid 8645] <... set_robust_list resumed>) = 0 [pid 8642] mkdir("./file0", 0777 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8645 [pid 8645] chdir("./355" [pid 8644] munmap(0x7f670b400000, 138412032 [pid 8642] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8642] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... openat resumed>) = 3 [pid 8645] <... chdir resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8645] setpgid(0, 0) = 0 [pid 8645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8644] <... munmap resumed>) = 0 [pid 8645] <... openat resumed>) = 3 [pid 8644] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8645] write(3, "1000", 4) = 4 [pid 8644] <... openat resumed>) = 4 [pid 8645] close(3 [pid 8644] ioctl(4, LOOP_SET_FD, 3 [pid 8645] <... close resumed>) = 0 [ 297.321676][ T8642] loop1: detected capacity change from 0 to 4096 [pid 8645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8644] <... ioctl resumed>) = 0 [pid 8645] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8644] close(3 [pid 8645] <... futex resumed>) = 0 [pid 8644] <... close resumed>) = 0 [pid 8645] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8644] close(4 [pid 8645] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8644] <... close resumed>) = 0 [pid 8645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8644] mkdir("./file0", 0777 [pid 8645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8645] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8644] <... mkdir resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 8642] <... mount resumed>) = 0 [pid 8642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8642] chdir("./file0") = 0 [pid 8642] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8642] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8642] <... futex resumed>) = 1 [pid 8641] <... futex resumed>) = 0 [pid 8642] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8641] exit_group(0 [pid 8645] <... clone3 resumed> => {parent_tid=[8646]}, 88) = 8646 [pid 8645] rt_sigprocmask(SIG_SETMASK, [], [pid 8642] <... futex resumed>) = ? [pid 8641] <... exit_group resumed>) = ? [pid 8642] +++ exited with 0 +++ [pid 5066] close(3./strace-static-x86_64: Process 8646 attached [pid 8645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... close resumed>) = 0 [ 297.379400][ T8644] loop0: detected capacity change from 0 to 4096 [pid 8646] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8645] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8644] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8641] +++ exited with 0 +++ [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8646] <... rseq resumed>) = 0 [pid 8645] <... futex resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8641, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- ./strace-static-x86_64: Process 8647 attached [pid 8646] set_robust_list(0x7f67138b29a0, 24 [pid 8645] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 8647] set_robust_list(0x5555569076a0, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8647 [pid 8647] <... set_robust_list resumed>) = 0 [pid 8647] chdir("./355" [pid 5063] umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8646] <... set_robust_list resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 8647] <... chdir resumed>) = 0 [pid 8646] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8647] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8647] <... prctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8647] setpgid(0, 0 [pid 5063] newfstatat(AT_FDCWD, "./359/binderfs", [pid 8647] <... setpgid resumed>) = 0 [pid 8646] memfd_create("syzkaller", 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] unlink("./359/binderfs" [pid 8647] <... openat resumed>) = 3 [pid 8646] <... memfd_create resumed>) = 3 [pid 8646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] close(3 [pid 8646] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... close resumed>) = 0 [pid 8647] write(3, "1000", 4 [pid 5063] <... unlink resumed>) = 0 [pid 8647] <... write resumed>) = 4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8647] close(3 [pid 5063] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8647] <... close resumed>) = 0 [pid 8647] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 8648 attached ) = 0 [pid 8648] set_robust_list(0x5555569076a0, 24) = 0 [pid 8648] chdir("./357" [pid 8647] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8648] <... chdir resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8648 [pid 8648] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8647] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8648] <... prctl resumed>) = 0 [pid 8647] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8648] setpgid(0, 0 [pid 8647] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] newfstatat(AT_FDCWD, "./359/file0", [pid 8648] <... setpgid resumed>) = 0 [pid 8647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8648] <... openat resumed>) = 3 [pid 8647] <... mmap resumed>) = 0x7f6713892000 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8647] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] openat(AT_FDCWD, "./359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8647] <... mprotect resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 8648] write(3, "1000", 4) = 4 [pid 5063] newfstatat(4, "", [pid 8648] close(3) = 0 [pid 8647] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 8648] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 8648] <... symlink resumed>) = 0 [pid 8647] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8646] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8644] <... mount resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8648] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] close(4 [pid 8644] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 ./strace-static-x86_64: Process 8649 attached [pid 8648] <... futex resumed>) = 0 [pid 8647] <... clone3 resumed> => {parent_tid=[8649]}, 88) = 8649 [pid 8644] chdir("./file0" [pid 8649] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8648] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8647] rt_sigprocmask(SIG_SETMASK, [], [pid 8644] <... chdir resumed>) = 0 [pid 5063] rmdir("./359/file0" [pid 8649] <... rseq resumed>) = 0 [pid 8648] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8644] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... rmdir resumed>) = 0 [pid 8649] set_robust_list(0x7f67138b29a0, 24 [pid 8648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8647] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8644] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] getdents64(3, [pid 8649] <... set_robust_list resumed>) = 0 [pid 8648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8647] <... futex resumed>) = 0 [pid 8644] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8649] rt_sigprocmask(SIG_SETMASK, [], [pid 8648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8647] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8644] <... futex resumed>) = 1 [pid 8643] <... futex resumed>) = 0 [pid 5063] close(3 [pid 8649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8648] <... mmap resumed>) = 0x7f6713892000 [pid 8644] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8643] exit_group(0 [pid 5063] <... close resumed>) = 0 [pid 8648] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8643] <... exit_group resumed>) = ? [pid 5063] rmdir("./359" [pid 8648] <... mprotect resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8649] memfd_create("syzkaller", 0 [pid 8648] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8644] <... futex resumed>) = ? [pid 5063] mkdir("./360", 0777 [pid 8648] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8650 attached [pid 8648] <... clone3 resumed> => {parent_tid=[8650]}, 88) = 8650 [pid 5063] <... openat resumed>) = 3 [pid 8650] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8648] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8650] <... rseq resumed>) = 0 [pid 8648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8650] set_robust_list(0x7f67138b29a0, 24 [pid 8648] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8650] <... set_robust_list resumed>) = 0 [pid 8648] <... futex resumed>) = 0 [pid 8650] rt_sigprocmask(SIG_SETMASK, [], [pid 8648] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8649] <... memfd_create resumed>) = 3 [pid 8644] +++ exited with 0 +++ [pid 8643] +++ exited with 0 +++ [pid 8649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8643, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8650] memfd_create("syzkaller", 0 [pid 8649] <... mmap resumed>) = 0x7f670b400000 [pid 5062] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8650] <... memfd_create resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 8650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8650] <... mmap resumed>) = 0x7f670b400000 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8646] <... write resumed>) = 2097152 [pid 5062] unlink("./352/binderfs") = 0 [pid 8646] munmap(0x7f670b400000, 138412032 [pid 5062] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5062] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./352/file0", [pid 8649] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8646] <... munmap resumed>) = 0 [pid 8646] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8646] <... openat resumed>) = 4 [pid 8646] ioctl(4, LOOP_SET_FD, 3 [pid 5062] umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8650] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8646] <... ioctl resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5062] getdents64(4, [pid 8646] close(3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8646] <... close resumed>) = 0 [pid 8646] close(4) = 0 [pid 5063] close(3 [pid 5062] getdents64(4, [pid 5063] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] close(4) = 0 [pid 8649] <... write resumed>) = 2097152 [pid 8646] mkdir("./file0", 0777 [pid 5062] rmdir("./352/file0" [pid 8646] <... mkdir resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8651 [pid 5062] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8651 attached [pid 5062] getdents64(3, [pid 8651] set_robust_list(0x5555569076a0, 24 [pid 8646] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8651] <... set_robust_list resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 8649] munmap(0x7f670b400000, 138412032 [pid 8650] <... write resumed>) = 2097152 [pid 5062] <... close resumed>) = 0 [ 297.620289][ T8646] loop3: detected capacity change from 0 to 4096 [pid 8651] chdir("./360" [pid 5062] rmdir("./352" [pid 8651] <... chdir resumed>) = 0 [pid 8649] <... munmap resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./353", 0777 [pid 8650] munmap(0x7f670b400000, 138412032 [pid 8651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8651] setpgid(0, 0) = 0 [pid 8651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8651] write(3, "1000", 4 [pid 8649] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8651] <... write resumed>) = 4 [pid 8649] ioctl(4, LOOP_SET_FD, 3 [pid 8651] close(3 [pid 8650] <... munmap resumed>) = 0 [pid 8649] <... ioctl resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8651] <... close resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8651] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... openat resumed>) = 3 [pid 8651] <... symlink resumed>) = 0 [pid 8650] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8651] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8650] <... openat resumed>) = 4 [pid 8649] close(3 [pid 8651] <... futex resumed>) = 0 [pid 8650] ioctl(4, LOOP_SET_FD, 3 [pid 8649] <... close resumed>) = 0 [pid 8651] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8649] close(4) = 0 [pid 8651] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8649] mkdir("./file0", 0777 [pid 8646] <... mount resumed>) = 0 [pid 8649] <... mkdir resumed>) = 0 [pid 8646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8646] <... openat resumed>) = 3 [pid 8646] chdir("./file0" [pid 8651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8650] <... ioctl resumed>) = 0 [pid 8649] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8646] <... chdir resumed>) = 0 [pid 8646] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8646] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8645] <... futex resumed>) = 0 [pid 8651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8646] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8645] exit_group(0 [pid 8651] <... mmap resumed>) = 0x7f6713892000 [pid 8646] <... futex resumed>) = ? [pid 8651] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8645] <... exit_group resumed>) = ? [pid 8651] <... mprotect resumed>) = 0 [pid 8650] close(3 [pid 8646] +++ exited with 0 +++ [pid 8651] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8645] +++ exited with 0 +++ [pid 8651] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8650] <... close resumed>) = 0 [pid 8651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8650] close(4 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8645, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8650] <... close resumed>) = 0 [pid 8651] <... clone3 resumed> => {parent_tid=[8652]}, 88) = 8652 [pid 8650] mkdir("./file0", 0777./strace-static-x86_64: Process 8652 attached [pid 8651] rt_sigprocmask(SIG_SETMASK, [], [pid 8650] <... mkdir resumed>) = 0 [pid 8651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8651] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8651] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8651] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... openat resumed>) = 3 [pid 8652] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5065] newfstatat(3, "", [pid 8652] <... rseq resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8652] set_robust_list(0x7f67138b29a0, 24 [pid 8650] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [ 297.690598][ T8649] loop4: detected capacity change from 0 to 4096 [ 297.711738][ T8650] loop2: detected capacity change from 0 to 4096 [pid 5065] getdents64(3, [pid 8652] <... set_robust_list resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8652] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... ioctl resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./355/binderfs" [pid 8652] memfd_create("syzkaller", 0 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8652] <... memfd_create resumed>) = 3 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8653 attached [pid 8652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8653] set_robust_list(0x5555569076a0, 24 [pid 8652] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8653 [pid 8653] <... set_robust_list resumed>) = 0 [pid 8653] chdir("./353" [pid 8649] <... mount resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 8653] <... chdir resumed>) = 0 [pid 8649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8649] <... openat resumed>) = 3 [pid 8653] setpgid(0, 0 [pid 8649] chdir("./file0") = 0 [pid 8653] <... setpgid resumed>) = 0 [pid 8649] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./355/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8653] <... openat resumed>) = 3 [pid 8649] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./355/file0") = 0 [pid 5065] getdents64(3, [pid 8653] write(3, "1000", 4 [pid 8649] <... futex resumed>) = 1 [pid 8647] <... futex resumed>) = 0 [pid 8653] <... write resumed>) = 4 [pid 8649] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8647] exit_group(0 [pid 8653] close(3 [pid 8649] <... futex resumed>) = ? [pid 8647] <... exit_group resumed>) = ? [pid 8653] <... close resumed>) = 0 [pid 8649] +++ exited with 0 +++ [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8653] symlink("/dev/binderfs", "./binderfs" [pid 8647] +++ exited with 0 +++ [pid 5065] close(3 [pid 8653] <... symlink resumed>) = 0 [pid 8650] <... mount resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8647, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8653] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8653] <... futex resumed>) = 0 [pid 8653] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8650] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 8653] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8650] chdir("./file0" [pid 5065] rmdir("./355" [pid 8653] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8650] <... chdir resumed>) = 0 [pid 5066] umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... rmdir resumed>) = 0 [pid 8653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8650] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] mkdir("./356", 0777 [pid 8653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8650] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... mkdir resumed>) = 0 [pid 8653] <... mmap resumed>) = 0x7f6713892000 [pid 8650] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... openat resumed>) = 3 [pid 8653] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8650] <... futex resumed>) = 1 [pid 8648] <... futex resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 8653] <... mprotect resumed>) = 0 [pid 8650] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8648] exit_group(0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8653] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8650] <... futex resumed>) = ? [pid 8648] <... exit_group resumed>) = ? [pid 8653] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8650] +++ exited with 0 +++ [pid 8653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8654 attached [pid 8648] +++ exited with 0 +++ [pid 5066] getdents64(3, [pid 5065] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8648, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 8654] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8653] <... clone3 resumed> => {parent_tid=[8654]}, 88) = 8654 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8654] <... rseq resumed>) = 0 [pid 8653] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] newfstatat(AT_FDCWD, "./355/binderfs", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8654] set_robust_list(0x7f67138b29a0, 24 [pid 8653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8654] <... set_robust_list resumed>) = 0 [pid 8653] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] unlink("./355/binderfs" [pid 5064] <... openat resumed>) = 3 [pid 8654] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... unlink resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 8654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8653] <... futex resumed>) = 0 [pid 8652] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] getdents64(3, [pid 8653] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8654] memfd_create("syzkaller", 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8654] <... memfd_create resumed>) = 3 [pid 5066] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./357/binderfs", [pid 8654] <... mmap resumed>) = 0x7f670b400000 [pid 5066] newfstatat(AT_FDCWD, "./355/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./357/binderfs") = 0 [pid 5066] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 4 [pid 5064] <... umount2 resumed>) = 0 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 8652] <... write resumed>) = 2097152 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(4) = 0 [pid 5066] rmdir("./355/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./355") = 0 [pid 5066] mkdir("./356", 0777 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./357/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8652] munmap(0x7f670b400000, 138412032 [pid 5064] openat(AT_FDCWD, "./357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... mkdir resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./357/file0" [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8652] <... munmap resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8652] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] getdents64(3, [pid 8652] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8652] ioctl(4, LOOP_SET_FD, 3 [pid 5064] close(3) = 0 [pid 5064] rmdir("./357" [pid 5065] close(3 [pid 8654] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8652] <... ioctl resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8652] close(3 [pid 5065] <... close resumed>) = 0 [pid 8652] <... close resumed>) = 0 [pid 8652] close(4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] mkdir("./358", 0777) = 0 [pid 8652] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 8655 attached [pid 8655] set_robust_list(0x5555569076a0, 24 [pid 8652] mkdir("./file0", 0777 [pid 5064] <... openat resumed>) = 3 [pid 8655] <... set_robust_list resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8655 [pid 8655] chdir("./356" [pid 8652] <... mkdir resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8655] <... chdir resumed>) = 0 [pid 8652] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [ 297.958985][ T8652] loop1: detected capacity change from 0 to 4096 [pid 5066] close(3 [pid 8655] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8655] <... prctl resumed>) = 0 [pid 8655] setpgid(0, 0) = 0 [pid 8655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8656 [pid 8655] write(3, "1000", 4./strace-static-x86_64: Process 8656 attached ) = 4 [pid 8656] set_robust_list(0x5555569076a0, 24 [pid 8655] close(3 [pid 8656] <... set_robust_list resumed>) = 0 [pid 8656] chdir("./356" [pid 8655] <... close resumed>) = 0 [pid 8656] <... chdir resumed>) = 0 [pid 8656] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8655] symlink("/dev/binderfs", "./binderfs" [pid 8656] <... prctl resumed>) = 0 [pid 8655] <... symlink resumed>) = 0 [pid 8656] setpgid(0, 0) = 0 [pid 8656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8655] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8656] <... openat resumed>) = 3 [pid 8655] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8656] write(3, "1000", 4 [pid 8655] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8656] <... write resumed>) = 4 [pid 8655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8656] close(3 [pid 8654] <... write resumed>) = 2097152 [pid 8656] <... close resumed>) = 0 [pid 8656] symlink("/dev/binderfs", "./binderfs" [pid 8655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8656] <... symlink resumed>) = 0 [pid 8655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8655] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8655] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8656] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8655] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8656] <... futex resumed>) = 0 [pid 8655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8656] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8655] <... clone3 resumed> => {parent_tid=[8657]}, 88) = 8657 ./strace-static-x86_64: Process 8657 attached [pid 8656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8655] rt_sigprocmask(SIG_SETMASK, [], [pid 8657] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8654] munmap(0x7f670b400000, 138412032 [pid 8657] <... rseq resumed>) = 0 [pid 8656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8655] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8657] set_robust_list(0x7f67138b29a0, 24 [pid 8656] <... mmap resumed>) = 0x7f6713892000 [pid 8655] <... futex resumed>) = 0 [pid 8654] <... munmap resumed>) = 0 [pid 8657] <... set_robust_list resumed>) = 0 [pid 8655] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8657] rt_sigprocmask(SIG_SETMASK, [], [pid 8656] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8652] <... mount resumed>) = 0 [pid 8657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8656] <... mprotect resumed>) = 0 [pid 8657] memfd_create("syzkaller", 0 [pid 8656] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8656] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8657] <... memfd_create resumed>) = 3 [pid 8656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8652] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8658 attached [pid 8657] <... mmap resumed>) = 0x7f670b400000 [pid 8656] <... clone3 resumed> => {parent_tid=[8658]}, 88) = 8658 [pid 8652] chdir("./file0" [pid 8658] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8654] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8656] rt_sigprocmask(SIG_SETMASK, [], [pid 8654] <... openat resumed>) = 4 [pid 8656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8654] ioctl(4, LOOP_SET_FD, 3 [pid 8656] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8656] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8654] <... ioctl resumed>) = 0 [pid 8658] <... rseq resumed>) = 0 [pid 8652] <... chdir resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 8652] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8658] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8652] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8658] rt_sigprocmask(SIG_SETMASK, [], [pid 8652] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] close(3 [pid 8658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8654] close(3) = 0 [pid 8658] memfd_create("syzkaller", 0) = 3 [pid 5064] <... close resumed>) = 0 [pid 8658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8654] close(4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8654] <... close resumed>) = 0 [pid 8657] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8654] mkdir("./file0", 0777./strace-static-x86_64: Process 8659 attached [pid 8659] set_robust_list(0x5555569076a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8659 [pid 8658] <... mmap resumed>) = 0x7f670b400000 [pid 8654] <... mkdir resumed>) = 0 [ 298.081105][ T8654] loop0: detected capacity change from 0 to 4096 [pid 8659] <... set_robust_list resumed>) = 0 [pid 8654] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8659] chdir("./358" [pid 8652] <... futex resumed>) = 1 [pid 8652] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8659] <... chdir resumed>) = 0 [pid 8651] <... futex resumed>) = 0 [pid 8651] exit_group(0 [pid 8659] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8652] <... futex resumed>) = ? [pid 8651] <... exit_group resumed>) = ? [pid 8659] <... prctl resumed>) = 0 [pid 8652] +++ exited with 0 +++ [pid 8651] +++ exited with 0 +++ [pid 8659] setpgid(0, 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8651, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 8659] <... setpgid resumed>) = 0 [pid 8659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8659] write(3, "1000", 4 [pid 5063] umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8659] <... write resumed>) = 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8659] close(3 [pid 5063] openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8659] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8659] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(3, [pid 8659] <... futex resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8659] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8659] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8659] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] newfstatat(AT_FDCWD, "./360/binderfs", [pid 8659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] unlink("./360/binderfs" [pid 8659] <... mmap resumed>) = 0x7f6713892000 [pid 5063] <... unlink resumed>) = 0 [pid 8659] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8659] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8659] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8660 attached [pid 8660] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8659] <... clone3 resumed> => {parent_tid=[8660]}, 88) = 8660 [pid 8660] <... rseq resumed>) = 0 [pid 8660] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8659] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... umount2 resumed>) = 0 [pid 8660] rt_sigprocmask(SIG_SETMASK, [], [pid 8659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8659] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8660] memfd_create("syzkaller", 0 [pid 8659] <... futex resumed>) = 0 [pid 8659] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8654] <... mount resumed>) = 0 [pid 8660] <... memfd_create resumed>) = 3 [pid 5063] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] newfstatat(AT_FDCWD, "./360/file0", [pid 8660] <... mmap resumed>) = 0x7f670b400000 [pid 8654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8657] <... write resumed>) = 2097152 [pid 8654] <... openat resumed>) = 3 [pid 8654] chdir("./file0" [pid 5063] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8654] <... chdir resumed>) = 0 [pid 8654] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8654] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] openat(AT_FDCWD, "./360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8654] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8653] <... futex resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 8654] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8653] exit_group(0 [pid 5063] newfstatat(4, "", [pid 8654] <... futex resumed>) = ? [pid 8653] <... exit_group resumed>) = ? [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8654] +++ exited with 0 +++ [pid 5063] close(4) = 0 [pid 5063] rmdir("./360/file0") = 0 [pid 8657] munmap(0x7f670b400000, 138412032 [pid 5063] getdents64(3, [pid 8658] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8653] +++ exited with 0 +++ [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8653, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5063] close(3 [pid 5062] umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8657] <... munmap resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 5063] rmdir("./360" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] mkdir("./361", 0777 [pid 5062] umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5062] unlink("./353/binderfs" [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8657] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8657] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... openat resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5062] <... umount2 resumed>) = 0 [pid 8658] <... write resumed>) = 2097152 [pid 8657] <... ioctl resumed>) = 0 [pid 8658] munmap(0x7f670b400000, 138412032 [pid 8657] close(3 [pid 5062] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8660] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8658] <... munmap resumed>) = 0 [pid 8657] <... close resumed>) = 0 [pid 8658] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8657] close(4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8657] <... close resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./353/file0", [pid 8658] <... openat resumed>) = 4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8658] ioctl(4, LOOP_SET_FD, 3 [pid 8657] mkdir("./file0", 0777) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", [pid 8660] <... write resumed>) = 2097152 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8660] munmap(0x7f670b400000, 138412032 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8657] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8660] <... munmap resumed>) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 8658] <... ioctl resumed>) = 0 [pid 5062] rmdir("./353/file0" [pid 8658] close(3) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, [pid 8658] close(4) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [ 298.255084][ T8657] loop3: detected capacity change from 0 to 4096 [ 298.292378][ T8658] loop4: detected capacity change from 0 to 4096 [pid 8660] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8658] mkdir("./file0", 0777 [pid 5062] close(3) = 0 [pid 8660] <... openat resumed>) = 4 [pid 8658] <... mkdir resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8660] ioctl(4, LOOP_SET_FD, 3 [pid 8658] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5062] rmdir("./353") = 0 [pid 5062] mkdir("./354", 0777 [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... mkdir resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8661 ./strace-static-x86_64: Process 8661 attached [pid 8661] set_robust_list(0x5555569076a0, 24) = 0 [pid 8661] chdir("./361") = 0 [pid 8661] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8657] <... mount resumed>) = 0 [pid 8661] <... prctl resumed>) = 0 [pid 8661] setpgid(0, 0 [pid 8657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8661] <... setpgid resumed>) = 0 [pid 8657] <... openat resumed>) = 3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8657] chdir("./file0" [pid 5062] <... openat resumed>) = 3 [pid 8657] <... chdir resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8661] <... openat resumed>) = 3 [pid 8657] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8661] write(3, "1000", 4) = 4 [pid 8660] <... ioctl resumed>) = 0 [pid 8657] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8661] close(3 [pid 8657] <... futex resumed>) = 1 [pid 8660] close(3 [pid 8655] <... futex resumed>) = 0 [pid 8661] <... close resumed>) = 0 [pid 8657] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8660] <... close resumed>) = 0 [pid 8655] exit_group(0 [pid 8661] symlink("/dev/binderfs", "./binderfs" [pid 8660] close(4 [pid 8657] <... futex resumed>) = ? [pid 8655] <... exit_group resumed>) = ? [pid 8661] <... symlink resumed>) = 0 [pid 8660] <... close resumed>) = 0 [pid 8661] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8660] mkdir("./file0", 0777 [pid 8657] +++ exited with 0 +++ [pid 8655] +++ exited with 0 +++ [pid 8661] <... futex resumed>) = 0 [pid 8661] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8660] <... mkdir resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8655, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 8661] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 8661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8660] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] <... restart_syscall resumed>) = 0 [pid 8661] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 298.355909][ T8660] loop2: detected capacity change from 0 to 4096 [pid 8661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8661] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8661] <... mprotect resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8661] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... openat resumed>) = 3 [pid 8661] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] newfstatat(3, "", [pid 8661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8662 attached [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8662] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8661] <... clone3 resumed> => {parent_tid=[8662]}, 88) = 8662 [pid 8661] rt_sigprocmask(SIG_SETMASK, [], [pid 8662] <... rseq resumed>) = 0 [pid 8661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8662] set_robust_list(0x7f67138b29a0, 24 [pid 8661] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8662] <... set_robust_list resumed>) = 0 [pid 8661] <... futex resumed>) = 0 [pid 8662] rt_sigprocmask(SIG_SETMASK, [], [pid 8661] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8662] memfd_create("syzkaller", 0 [pid 5065] umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8662] <... memfd_create resumed>) = 3 [pid 8662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] newfstatat(AT_FDCWD, "./356/binderfs", [pid 8662] <... mmap resumed>) = 0x7f670b400000 [pid 8658] <... mount resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5065] unlink("./356/binderfs") = 0 [pid 5065] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8658] chdir("./file0") = 0 [pid 8658] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] close(3 [pid 8658] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8658] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... close resumed>) = 0 [pid 8658] <... futex resumed>) = 1 [pid 8656] <... futex resumed>) = 0 [pid 8658] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8656] exit_group(0 [pid 8658] <... futex resumed>) = ? [pid 8656] <... exit_group resumed>) = ? [pid 8658] +++ exited with 0 +++ [pid 8656] +++ exited with 0 +++ [pid 8660] <... mount resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8656, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8663 attached [pid 8660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... umount2 resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8663 [pid 8663] set_robust_list(0x5555569076a0, 24 [pid 8660] <... openat resumed>) = 3 [pid 8663] <... set_robust_list resumed>) = 0 [pid 8660] chdir("./file0" [pid 5066] umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8663] chdir("./354" [pid 8660] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8663] <... chdir resumed>) = 0 [pid 8660] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8663] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8660] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8663] <... prctl resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 8663] setpgid(0, 0 [pid 8660] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(3, "", [pid 8663] <... setpgid resumed>) = 0 [pid 8660] <... futex resumed>) = 1 [pid 8659] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8660] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8659] exit_group(0 [pid 5066] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8663] <... openat resumed>) = 3 [pid 8660] <... futex resumed>) = ? [pid 8659] <... exit_group resumed>) = ? [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8663] write(3, "1000", 4 [pid 8662] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8660] +++ exited with 0 +++ [pid 8659] +++ exited with 0 +++ [pid 5066] umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./356/file0", [pid 8663] <... write resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8663] close(3 [pid 5066] newfstatat(AT_FDCWD, "./356/binderfs", [pid 5065] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8663] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8663] symlink("/dev/binderfs", "./binderfs" [pid 5066] unlink("./356/binderfs" [pid 5065] openat(AT_FDCWD, "./356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8659, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8663] <... symlink resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5064] umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8663] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... unlink resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8663] <... futex resumed>) = 0 [pid 5066] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8663] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... umount2 resumed>) = 0 [pid 8663] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8663] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] newfstatat(AT_FDCWD, "./356/file0", [pid 8663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8663] <... mmap resumed>) = 0x7f6713892000 [pid 5066] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8663] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8663] <... mprotect resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8663] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... openat resumed>) = 4 [pid 8663] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] newfstatat(4, "", [pid 8663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8663] <... clone3 resumed> => {parent_tid=[8664]}, 88) = 8664 [pid 5066] getdents64(4, [pid 5065] getdents64(4, [pid 5064] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8664 attached [pid 8663] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] newfstatat(3, "", [pid 8664] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] getdents64(4, [pid 8664] <... rseq resumed>) = 0 [pid 8663] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8664] set_robust_list(0x7f67138b29a0, 24 [pid 8663] <... futex resumed>) = 0 [pid 5066] close(4 [pid 8664] <... set_robust_list resumed>) = 0 [pid 8663] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 8664] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] getdents64(4, [pid 5066] rmdir("./356/file0") = 0 [pid 8664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(3, [pid 8664] memfd_create("syzkaller", 0 [pid 5065] close(4 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8664] <... memfd_create resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./356/file0" [pid 8664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8662] <... write resumed>) = 2097152 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3 [pid 5065] getdents64(3, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8664] <... mmap resumed>) = 0x7f670b400000 [pid 8662] munmap(0x7f670b400000, 138412032 [pid 5066] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./358/binderfs", [pid 8662] <... munmap resumed>) = 0 [pid 5066] rmdir("./356" [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] close(3 [pid 8662] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... rmdir resumed>) = 0 [pid 5064] unlink("./358/binderfs" [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./356" [pid 5066] mkdir("./357", 0777 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5065] mkdir("./357", 0777 [pid 5064] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8664] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8662] <... openat resumed>) = 4 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 8662] ioctl(4, LOOP_SET_FD, 3 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... umount2 resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8662] <... ioctl resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8662] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8662] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./358/file0", [pid 8662] close(4) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8662] mkdir("./file0", 0777) = 0 [pid 8662] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8664] <... write resumed>) = 2097152 [pid 5064] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8664] munmap(0x7f670b400000, 138412032 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./358/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 8664] <... munmap resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./358" [pid 8664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5064] <... rmdir resumed>) = 0 [ 298.585842][ T8662] loop1: detected capacity change from 0 to 4096 [pid 8664] ioctl(4, LOOP_SET_FD, 3 [pid 5064] mkdir("./359", 0777 [pid 8664] <... ioctl resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8662] <... mount resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 8664] close(3 [pid 8662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8664] <... close resumed>) = 0 [pid 8664] close(4 [pid 8662] <... openat resumed>) = 3 [pid 8664] <... close resumed>) = 0 [pid 8662] chdir("./file0") = 0 [pid 8662] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8664] mkdir("./file0", 0777) = 0 [pid 8662] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 8664] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] <... close resumed>) = 0 [ 298.649466][ T8664] loop0: detected capacity change from 0 to 4096 [pid 8662] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] close(3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8661] <... futex resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8665 [pid 8661] exit_group(0./strace-static-x86_64: Process 8665 attached ) = ? [pid 8665] set_robust_list(0x5555569076a0, 24) = 0 [pid 8665] chdir("./357") = 0 [pid 8665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8665] setpgid(0, 0) = 0 [pid 8665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8665] write(3, "1000", 4) = 4 [pid 8665] close(3 [pid 5066] <... close resumed>) = 0 [pid 8665] <... close resumed>) = 0 [pid 8665] symlink("/dev/binderfs", "./binderfs" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8666 attached [pid 8662] +++ exited with 0 +++ [pid 8661] +++ exited with 0 +++ [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8666 [pid 8666] set_robust_list(0x5555569076a0, 24 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8661, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8666] <... set_robust_list resumed>) = 0 [pid 5063] umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8666] chdir("./357" [pid 5063] openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8666] <... chdir resumed>) = 0 [pid 8665] <... symlink resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8666] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] newfstatat(3, "", [pid 8666] <... prctl resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8665] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] newfstatat(AT_FDCWD, "./361/binderfs", [pid 8665] <... futex resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8666] setpgid(0, 0 [pid 5063] unlink("./361/binderfs" [pid 8665] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] <... unlink resumed>) = 0 [pid 8665] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8665] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8666] <... setpgid resumed>) = 0 [pid 8666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8665] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... umount2 resumed>) = 0 [pid 8665] <... mprotect resumed>) = 0 [pid 5063] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8666] <... openat resumed>) = 3 [pid 8665] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8666] write(3, "1000", 4 [pid 8665] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] newfstatat(AT_FDCWD, "./361/file0", [pid 8666] <... write resumed>) = 4 [pid 8665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8667 attached [pid 8666] close(3 [pid 5063] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8667] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8666] <... close resumed>) = 0 [pid 8665] <... clone3 resumed> => {parent_tid=[8667]}, 88) = 8667 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8667] <... rseq resumed>) = 0 [pid 8666] symlink("/dev/binderfs", "./binderfs" [pid 8665] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] openat(AT_FDCWD, "./361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8667] set_robust_list(0x7f67138b29a0, 24 [pid 8665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8667] <... set_robust_list resumed>) = 0 [pid 8665] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... openat resumed>) = 4 [pid 8666] <... symlink resumed>) = 0 [pid 8667] rt_sigprocmask(SIG_SETMASK, [], [pid 8666] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8665] <... futex resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 8667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8666] <... futex resumed>) = 0 [pid 8665] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8667] memfd_create("syzkaller", 0 [pid 8666] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] getdents64(4, [pid 8667] <... memfd_create resumed>) = 3 [pid 8666] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8666] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8667] <... mmap resumed>) = 0x7f670b400000 [pid 8666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] getdents64(4, [pid 8666] <... mmap resumed>) = 0x7f6713892000 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5063] close(4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8668 attached , child_tidptr=0x555556907690) = 8668 [pid 8668] set_robust_list(0x5555569076a0, 24 [pid 5063] <... close resumed>) = 0 [pid 8668] <... set_robust_list resumed>) = 0 [pid 8668] chdir("./359" [pid 8666] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] rmdir("./361/file0" [pid 8668] <... chdir resumed>) = 0 [pid 8666] <... mprotect resumed>) = 0 [pid 8666] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8664] <... mount resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8666] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] getdents64(3, [pid 8668] setpgid(0, 0 [pid 8666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8664] <... openat resumed>) = 3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8669 attached [pid 8668] <... setpgid resumed>) = 0 [pid 8664] chdir("./file0" [pid 5063] close(3 [pid 8669] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8666] <... clone3 resumed> => {parent_tid=[8669]}, 88) = 8669 [pid 8664] <... chdir resumed>) = 0 [pid 8669] <... rseq resumed>) = 0 [pid 8668] <... openat resumed>) = 3 [pid 8666] rt_sigprocmask(SIG_SETMASK, [], [pid 8664] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... close resumed>) = 0 [pid 8669] set_robust_list(0x7f67138b29a0, 24 [pid 8666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8664] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] rmdir("./361" [pid 8669] <... set_robust_list resumed>) = 0 [pid 8668] write(3, "1000", 4 [pid 8666] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8664] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8669] rt_sigprocmask(SIG_SETMASK, [], [pid 8668] <... write resumed>) = 4 [pid 8666] <... futex resumed>) = 0 [pid 8664] <... futex resumed>) = 1 [pid 8663] <... futex resumed>) = 0 [pid 8669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8668] close(3 [pid 8666] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8664] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8663] exit_group(0 [pid 5063] <... rmdir resumed>) = 0 [pid 8668] <... close resumed>) = 0 [pid 8664] <... futex resumed>) = ? [pid 8663] <... exit_group resumed>) = ? [pid 8668] symlink("/dev/binderfs", "./binderfs" [pid 8669] memfd_create("syzkaller", 0 [pid 8668] <... symlink resumed>) = 0 [pid 5063] mkdir("./362", 0777 [pid 8668] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8664] +++ exited with 0 +++ [pid 8663] +++ exited with 0 +++ [pid 8668] <... futex resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8663, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8668] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8669] <... memfd_create resumed>) = 3 [pid 8668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8669] <... mmap resumed>) = 0x7f670b400000 [pid 8668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8667] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... openat resumed>) = 3 [pid 8668] <... mmap resumed>) = 0x7f6713892000 [pid 8668] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8668] <... mprotect resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8668] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", [pid 8668] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, [pid 8668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8670 attached [pid 5062] umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8670] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8668] <... clone3 resumed> => {parent_tid=[8670]}, 88) = 8670 [pid 8670] <... rseq resumed>) = 0 [pid 8668] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8670] set_robust_list(0x7f67138b29a0, 24 [pid 8668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] newfstatat(AT_FDCWD, "./354/binderfs", [pid 8670] <... set_robust_list resumed>) = 0 [pid 8669] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8668] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8670] rt_sigprocmask(SIG_SETMASK, [], [pid 8668] <... futex resumed>) = 0 [pid 8670] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8668] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8670] memfd_create("syzkaller", 0 [pid 5062] unlink("./354/binderfs" [pid 8670] <... memfd_create resumed>) = 3 [pid 5062] <... unlink resumed>) = 0 [pid 8670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8670] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./354/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] rmdir("./354/file0" [pid 8667] <... write resumed>) = 2097152 [pid 8667] munmap(0x7f670b400000, 138412032 [pid 5062] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8671 attached [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8671 [pid 5062] getdents64(3, [pid 8671] set_robust_list(0x5555569076a0, 24 [pid 8667] <... munmap resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8671] <... set_robust_list resumed>) = 0 [pid 8671] chdir("./362") = 0 [pid 8669] <... write resumed>) = 2097152 [pid 5062] close(3 [pid 8671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8671] setpgid(0, 0) = 0 [pid 8671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8670] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8669] munmap(0x7f670b400000, 138412032 [pid 8667] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... close resumed>) = 0 [pid 8671] <... openat resumed>) = 3 [pid 5062] rmdir("./354" [pid 8671] write(3, "1000", 4) = 4 [pid 8671] close(3) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8671] symlink("/dev/binderfs", "./binderfs" [pid 5062] mkdir("./355", 0777 [pid 8671] <... symlink resumed>) = 0 [pid 8671] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8669] <... munmap resumed>) = 0 [pid 8667] <... openat resumed>) = 4 [pid 5062] <... mkdir resumed>) = 0 [pid 8671] <... futex resumed>) = 0 [pid 8667] ioctl(4, LOOP_SET_FD, 3 [pid 8670] <... write resumed>) = 2097152 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8669] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8671] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8671] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8671] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8670] munmap(0x7f670b400000, 138412032 [pid 8669] <... openat resumed>) = 4 [pid 8667] <... ioctl resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8667] close(3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8669] ioctl(4, LOOP_SET_FD, 3 [pid 8667] <... close resumed>) = 0 [pid 8667] close(4) = 0 ./strace-static-x86_64: Process 8672 attached [pid 8672] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8672] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8667] mkdir("./file0", 0777 [pid 8672] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8667] <... mkdir resumed>) = 0 [pid 8667] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8671] <... clone3 resumed> => {parent_tid=[8672]}, 88) = 8672 [pid 8670] <... munmap resumed>) = 0 [pid 8669] <... ioctl resumed>) = 0 [pid 8671] rt_sigprocmask(SIG_SETMASK, [], [pid 8669] close(3 [pid 8671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8669] <... close resumed>) = 0 [pid 8671] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8670] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8669] close(4 [pid 8671] <... futex resumed>) = 1 [pid 8671] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8670] <... openat resumed>) = 4 [pid 8669] <... close resumed>) = 0 [pid 8672] <... futex resumed>) = 0 [pid 8670] ioctl(4, LOOP_SET_FD, 3 [ 298.969061][ T8667] loop3: detected capacity change from 0 to 4096 [ 298.986007][ T8669] loop4: detected capacity change from 0 to 4096 [pid 8669] mkdir("./file0", 0777 [pid 8672] memfd_create("syzkaller", 0 [pid 8670] <... ioctl resumed>) = 0 [pid 8669] <... mkdir resumed>) = 0 [pid 8672] <... memfd_create resumed>) = 3 [pid 8669] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8670] close(3) = 0 [pid 8670] close(4) = 0 [pid 8670] mkdir("./file0", 0777) = 0 [pid 8670] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8669] <... mount resumed>) = 0 [ 299.019231][ T8670] loop2: detected capacity change from 0 to 4096 [pid 8669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8669] chdir("./file0") = 0 [pid 8669] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8669] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8666] <... futex resumed>) = 0 [pid 8669] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8666] exit_group(0 [pid 8672] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8669] <... futex resumed>) = ? [pid 8667] <... mount resumed>) = 0 [pid 8666] <... exit_group resumed>) = ? [pid 5062] <... ioctl resumed>) = 0 [pid 8669] +++ exited with 0 +++ [pid 8667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8666] +++ exited with 0 +++ [pid 5062] close(3 [pid 8667] <... openat resumed>) = 3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8666, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5062] <... close resumed>) = 0 [pid 8667] chdir("./file0" [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8673 attached [pid 8670] <... mount resumed>) = 0 [pid 8667] <... chdir resumed>) = 0 [pid 8673] set_robust_list(0x5555569076a0, 24 [pid 8667] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8673 [pid 8673] <... set_robust_list resumed>) = 0 [pid 8667] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8673] chdir("./355" [pid 5066] umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8673] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8673] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8673] <... prctl resumed>) = 0 [pid 8673] setpgid(0, 0 [pid 5066] <... openat resumed>) = 3 [pid 8673] <... setpgid resumed>) = 0 [pid 8673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8673] <... openat resumed>) = 3 [pid 5066] umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8673] write(3, "1000", 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8673] <... write resumed>) = 4 [pid 5066] newfstatat(AT_FDCWD, "./357/binderfs", [pid 8673] close(3) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] unlink("./357/binderfs" [pid 8670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8667] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8673] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8670] <... openat resumed>) = 3 [pid 8667] <... futex resumed>) = 1 [pid 8665] <... futex resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 8667] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8665] exit_group(0 [pid 8667] <... futex resumed>) = ? [pid 8665] <... exit_group resumed>) = ? [pid 8673] <... futex resumed>) = 0 [pid 8670] chdir("./file0" [pid 8667] +++ exited with 0 +++ [pid 8670] <... chdir resumed>) = 0 [pid 8670] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8673] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8670] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8673] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8670] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8673] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8670] <... futex resumed>) = 1 [pid 8668] <... futex resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8672] <... write resumed>) = 2097152 [pid 8670] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8668] exit_group(0) = ? [pid 8673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8665] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8665, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 8673] <... mmap resumed>) = 0x7f6713892000 [pid 8673] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8670] <... futex resumed>) = ? [pid 8673] <... mprotect resumed>) = 0 [pid 8672] munmap(0x7f670b400000, 138412032 [pid 5065] umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8673] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8670] +++ exited with 0 +++ [pid 8668] +++ exited with 0 +++ [pid 5066] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8673] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8672] <... munmap resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8668, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8672] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... openat resumed>) = 3 [pid 8672] <... openat resumed>) = 4 [pid 5065] newfstatat(3, "", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8674 attached [pid 8673] <... clone3 resumed> => {parent_tid=[8674]}, 88) = 8674 [pid 8672] ioctl(4, LOOP_SET_FD, 3 [pid 5066] newfstatat(AT_FDCWD, "./357/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8674] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8673] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8674] <... rseq resumed>) = 0 [pid 5066] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8674] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] openat(AT_FDCWD, "./357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8674] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [pid 8673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8672] <... ioctl resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8672] close(3 [pid 8673] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8672] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8674] <... futex resumed>) = 0 [pid 8673] <... futex resumed>) = 1 [pid 8672] close(4 [pid 5064] <... openat resumed>) = 3 [pid 8673] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8672] <... close resumed>) = 0 [pid 8672] mkdir("./file0", 0777 [pid 5066] getdents64(4, [pid 8672] <... mkdir resumed>) = 0 [pid 8674] memfd_create("syzkaller", 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(3, "", [pid 8672] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8674] <... memfd_create resumed>) = 3 [pid 5066] getdents64(4, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(AT_FDCWD, "./357/binderfs", [pid 5064] getdents64(3, [pid 8674] <... mmap resumed>) = 0x7f670b400000 [pid 5066] close(4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] <... close resumed>) = 0 [pid 5065] unlink("./357/binderfs" [pid 5064] umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] rmdir("./357/file0" [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... rmdir resumed>) = 0 [ 299.191323][ T8672] loop1: detected capacity change from 0 to 4096 [pid 5064] unlink("./359/binderfs") = 0 [pid 5066] getdents64(3, [pid 5065] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./357") = 0 [pid 5066] mkdir("./358", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8674] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] newfstatat(AT_FDCWD, "./357/file0", [pid 5064] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./359/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5064] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, [pid 5064] openat(AT_FDCWD, "./359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... openat resumed>) = 4 [pid 5065] getdents64(4, [pid 5064] newfstatat(4, "", [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8672] <... mount resumed>) = 0 [pid 5065] close(4 [pid 5064] getdents64(4, [pid 5065] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] getdents64(4, [pid 5065] rmdir("./357/file0" [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./359/file0" [pid 8672] <... openat resumed>) = 3 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8672] chdir("./file0" [pid 5065] getdents64(3, [pid 8672] <... chdir resumed>) = 0 [pid 8672] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8672] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] close(3 [pid 8672] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... close resumed>) = 0 [pid 8672] <... futex resumed>) = 1 [pid 8671] <... futex resumed>) = 0 [pid 5064] getdents64(3, [pid 8672] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 8671] exit_group(0 [pid 5065] rmdir("./357" [pid 8672] <... futex resumed>) = ? [pid 8671] <... exit_group resumed>) = ? [pid 5064] rmdir("./359" [pid 5065] <... rmdir resumed>) = 0 [pid 8672] +++ exited with 0 +++ [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./360", 0777 [pid 8671] +++ exited with 0 +++ [pid 5065] mkdir("./358", 0777) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8671, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5063] umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8674] <... write resumed>) = 2097152 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8674] munmap(0x7f670b400000, 138412032 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 8674] <... munmap resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5063] openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8674] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] close(3 [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./362/binderfs", [pid 8674] <... openat resumed>) = 4 [pid 5066] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8674] ioctl(4, LOOP_SET_FD, 3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] unlink("./362/binderfs") = 0 [pid 5063] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8675 attached [pid 8674] <... ioctl resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8675 [pid 8675] set_robust_list(0x5555569076a0, 24 [pid 8674] close(3 [pid 5063] <... umount2 resumed>) = 0 [pid 8675] <... set_robust_list resumed>) = 0 [pid 8674] <... close resumed>) = 0 [pid 8675] chdir("./358" [pid 8674] close(4 [pid 8675] <... chdir resumed>) = 0 [pid 5063] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8675] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8674] <... close resumed>) = 0 [pid 8675] <... prctl resumed>) = 0 [pid 8675] setpgid(0, 0 [pid 8674] mkdir("./file0", 0777 [pid 8675] <... setpgid resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8674] <... mkdir resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./362/file0", [pid 8675] <... openat resumed>) = 3 [pid 8675] write(3, "1000", 4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8675] <... write resumed>) = 4 [pid 8675] close(3 [pid 5063] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8675] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8675] symlink("/dev/binderfs", "./binderfs" [pid 8674] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5063] openat(AT_FDCWD, "./362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8675] <... symlink resumed>) = 0 [pid 8675] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8675] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5063] <... openat resumed>) = 4 [pid 8675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5063] newfstatat(4, "", [pid 8675] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8676 attached [pid 8676] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8676] set_robust_list(0x7f67138b29a0, 24 [pid 8675] <... clone3 resumed> => {parent_tid=[8676]}, 88) = 8676 [pid 8676] <... set_robust_list resumed>) = 0 [pid 8676] rt_sigprocmask(SIG_SETMASK, [], [pid 8675] rt_sigprocmask(SIG_SETMASK, [], [pid 8676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8676] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8675] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8675] <... futex resumed>) = 0 [pid 8676] memfd_create("syzkaller", 0 [pid 8675] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8676] <... memfd_create resumed>) = 3 [pid 5063] getdents64(4, [pid 8676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4 [pid 8676] <... mmap resumed>) = 0x7f670b400000 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./362/file0") = 0 [ 299.339937][ T8674] loop0: detected capacity change from 0 to 4096 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8674] <... mount resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 5063] rmdir("./362" [pid 8674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] close(3 [pid 5064] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8674] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] mkdir("./363", 0777) = 0 [pid 8676] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8674] chdir("./file0" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8677 attached [pid 8677] set_robust_list(0x5555569076a0, 24) = 0 [pid 8677] chdir("./360") = 0 [pid 8677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8677] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 8678 attached [pid 8678] set_robust_list(0x5555569076a0, 24 [pid 8677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8674] <... chdir resumed>) = 0 [pid 8678] <... set_robust_list resumed>) = 0 [pid 8674] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8678 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8677 [pid 8678] chdir("./358") = 0 [pid 8677] <... openat resumed>) = 3 [pid 8678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8677] write(3, "1000", 4 [pid 8678] setpgid(0, 0 [pid 8677] <... write resumed>) = 4 [pid 8678] <... setpgid resumed>) = 0 [pid 8677] close(3 [pid 8674] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8677] <... close resumed>) = 0 [pid 8674] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8674] <... futex resumed>) = 1 [pid 8678] <... openat resumed>) = 3 [pid 8673] <... futex resumed>) = 0 [pid 8674] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... openat resumed>) = 3 [pid 8678] write(3, "1000", 4 [pid 8677] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8678] <... write resumed>) = 4 [pid 8678] close(3 [pid 8677] <... futex resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8678] <... close resumed>) = 0 [pid 8678] symlink("/dev/binderfs", "./binderfs" [pid 8677] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8678] <... symlink resumed>) = 0 [pid 8677] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8677] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8673] exit_group(0 [pid 8677] <... mmap resumed>) = 0x7f6713892000 [pid 8678] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8677] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8676] <... write resumed>) = 2097152 [pid 8674] <... futex resumed>) = ? [pid 8673] <... exit_group resumed>) = ? [pid 8674] +++ exited with 0 +++ [pid 8677] <... mprotect resumed>) = 0 [pid 8677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8676] munmap(0x7f670b400000, 138412032 [pid 8678] <... futex resumed>) = 0 [pid 8677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8678] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8677] <... clone3 resumed> => {parent_tid=[8679]}, 88) = 8679 [pid 8678] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8679 attached [pid 8678] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8677] rt_sigprocmask(SIG_SETMASK, [], [pid 8679] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8677] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8679] <... rseq resumed>) = 0 [pid 8678] <... mmap resumed>) = 0x7f6713892000 [pid 8677] <... futex resumed>) = 0 [pid 8678] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8677] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8678] <... mprotect resumed>) = 0 [pid 8679] set_robust_list(0x7f67138b29a0, 24 [pid 8678] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8679] <... set_robust_list resumed>) = 0 [pid 8679] rt_sigprocmask(SIG_SETMASK, [], [pid 8678] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8678] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8680 attached [pid 8680] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8678] <... clone3 resumed> => {parent_tid=[8680]}, 88) = 8680 [pid 8680] <... rseq resumed>) = 0 [pid 8678] rt_sigprocmask(SIG_SETMASK, [], [pid 8680] set_robust_list(0x7f67138b29a0, 24 [pid 8678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8680] <... set_robust_list resumed>) = 0 [pid 8678] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8678] <... futex resumed>) = 0 [pid 8680] memfd_create("syzkaller", 0 [pid 8678] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8680] <... memfd_create resumed>) = 3 [pid 8679] memfd_create("syzkaller", 0 [pid 8676] <... munmap resumed>) = 0 [pid 8673] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8673, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8676] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8680] <... mmap resumed>) = 0x7f670b400000 [pid 8679] <... memfd_create resumed>) = 3 [pid 8676] <... openat resumed>) = 4 [pid 8679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5062] umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8679] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8676] ioctl(4, LOOP_SET_FD, 3 [pid 5063] close(3 [pid 5062] openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... close resumed>) = 0 [pid 5062] umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./355/binderfs") = 0 [pid 5062] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8681 ./strace-static-x86_64: Process 8681 attached [pid 8681] set_robust_list(0x5555569076a0, 24) = 0 [pid 8681] chdir("./363") = 0 [pid 8681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8681] setpgid(0, 0) = 0 [pid 8681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8681] write(3, "1000", 4) = 4 [pid 8681] close(3) = 0 [pid 8681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8676] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8681] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8681] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8676] close(3 [pid 8681] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8676] <... close resumed>) = 0 [pid 8681] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8676] close(4 [pid 5062] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8676] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8680] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8676] mkdir("./file0", 0777 [pid 8681] <... mmap resumed>) = 0x7f6713892000 [pid 8681] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8676] <... mkdir resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./355/file0", [pid 8681] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8681] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8676] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5062] umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8681] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8681] <... clone3 resumed> => {parent_tid=[8682]}, 88) = 8682 [pid 5062] openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8681] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] newfstatat(4, "", ./strace-static-x86_64: Process 8682 attached [pid 8681] <... futex resumed>) = 0 [pid 8679] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8681] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8682] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5062] getdents64(4, [pid 8682] <... rseq resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./355/file0") = 0 [ 299.552940][ T8676] loop4: detected capacity change from 0 to 4096 [pid 8682] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8682] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] getdents64(3, [pid 8682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./355") = 0 [pid 8682] memfd_create("syzkaller", 0 [pid 5062] mkdir("./356", 0777) = 0 [pid 8682] <... memfd_create resumed>) = 3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 8682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8680] <... write resumed>) = 2097152 [pid 8680] munmap(0x7f670b400000, 138412032 [pid 8679] <... write resumed>) = 2097152 [pid 8676] <... mount resumed>) = 0 [pid 8676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8676] chdir("./file0") = 0 [pid 8676] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8679] munmap(0x7f670b400000, 138412032 [pid 8676] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8679] <... munmap resumed>) = 0 [pid 8679] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8680] <... munmap resumed>) = 0 [pid 8676] <... futex resumed>) = 1 [pid 8675] <... futex resumed>) = 0 [pid 8682] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8680] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8679] <... openat resumed>) = 4 [pid 5062] <... ioctl resumed>) = 0 [pid 8680] <... openat resumed>) = 4 [pid 8679] ioctl(4, LOOP_SET_FD, 3 [pid 8676] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8675] exit_group(0 [pid 8680] ioctl(4, LOOP_SET_FD, 3 [pid 8676] <... futex resumed>) = ? [pid 8675] <... exit_group resumed>) = ? [pid 8676] +++ exited with 0 +++ [pid 8679] <... ioctl resumed>) = 0 [pid 8679] close(3) = 0 [pid 8679] close(4) = 0 [pid 8680] <... ioctl resumed>) = 0 [pid 8679] mkdir("./file0", 0777 [pid 8675] +++ exited with 0 +++ [pid 5062] close(3 [pid 8680] close(3 [pid 8679] <... mkdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8680] <... close resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8675, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8680] close(4 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 8679] mount("/dev/loop2", "./file0", "ntfs3", 0, ""./strace-static-x86_64: Process 8683 attached [pid 8680] <... close resumed>) = 0 [pid 5066] <... restart_syscall resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8683 [pid 8683] set_robust_list(0x5555569076a0, 24 [pid 8680] mkdir("./file0", 0777 [pid 8683] <... set_robust_list resumed>) = 0 [pid 8683] chdir("./356" [pid 8680] <... mkdir resumed>) = 0 [pid 8683] <... chdir resumed>) = 0 [pid 5066] umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8680] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8683] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8683] <... prctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8683] setpgid(0, 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8683] <... setpgid resumed>) = 0 [pid 5066] getdents64(3, [pid 8683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8682] <... write resumed>) = 2097152 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8683] <... openat resumed>) = 3 [pid 5066] umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./358/binderfs") = 0 [ 299.711095][ T8679] loop2: detected capacity change from 0 to 4096 [ 299.718363][ T8680] loop3: detected capacity change from 0 to 4096 [pid 8683] write(3, "1000", 4) = 4 [pid 5066] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8683] close(3 [pid 8679] <... mount resumed>) = 0 [pid 8683] <... close resumed>) = 0 [pid 8682] munmap(0x7f670b400000, 138412032 [pid 8679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8682] <... munmap resumed>) = 0 [pid 8679] <... openat resumed>) = 3 [pid 8679] chdir("./file0") = 0 [pid 8679] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... umount2 resumed>) = 0 [pid 8683] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8683] <... futex resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8683] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] newfstatat(AT_FDCWD, "./358/file0", [pid 8683] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8679] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8679] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8683] <... mmap resumed>) = 0x7f6713892000 [pid 8679] <... futex resumed>) = 1 [pid 8677] <... futex resumed>) = 0 [pid 8683] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8682] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8679] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8677] exit_group(0 [pid 8683] <... mprotect resumed>) = 0 [pid 8682] <... openat resumed>) = 4 [pid 8679] <... futex resumed>) = ? [pid 8677] <... exit_group resumed>) = ? [pid 5066] openat(AT_FDCWD, "./358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8679] +++ exited with 0 +++ [pid 8682] ioctl(4, LOOP_SET_FD, 3 [pid 8683] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8677] +++ exited with 0 +++ [pid 5066] <... openat resumed>) = 4 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8677, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5066] newfstatat(4, "", [pid 8682] <... ioctl resumed>) = 0 [pid 8683] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] getdents64(4, ./strace-static-x86_64: Process 8684 attached [pid 8682] close(3 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8684] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8683] <... clone3 resumed> => {parent_tid=[8684]}, 88) = 8684 [pid 8682] <... close resumed>) = 0 [pid 5064] umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8682] close(4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8683] rt_sigprocmask(SIG_SETMASK, [], [pid 8682] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8684] <... rseq resumed>) = 0 [pid 5066] getdents64(4, [pid 8682] mkdir("./file0", 0777 [pid 5064] <... openat resumed>) = 3 [pid 8683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(3, "", [pid 8684] set_robust_list(0x7f67138b29a0, 24 [pid 8683] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8684] <... set_robust_list resumed>) = 0 [pid 8683] <... futex resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 8684] rt_sigprocmask(SIG_SETMASK, [], [pid 8683] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8682] <... mkdir resumed>) = 0 [pid 8680] <... mount resumed>) = 0 [pid 5066] rmdir("./358/file0" [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8684] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8682] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8680] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8684] memfd_create("syzkaller", 0 [pid 5066] getdents64(3, [pid 5064] newfstatat(AT_FDCWD, "./360/binderfs", [pid 8684] <... memfd_create resumed>) = 3 [pid 8680] chdir("./file0" [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8680] <... chdir resumed>) = 0 [pid 5064] unlink("./360/binderfs" [pid 5066] close(3 [pid 8684] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... close resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [ 299.791839][ T8682] loop1: detected capacity change from 0 to 4096 [pid 5064] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8680] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] rmdir("./358" [pid 5064] <... umount2 resumed>) = 0 [pid 8680] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8680] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... rmdir resumed>) = 0 [pid 8680] <... futex resumed>) = 1 [pid 5066] mkdir("./359", 0777 [pid 8680] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... mkdir resumed>) = 0 [pid 8678] <... futex resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8678] exit_group(0 [pid 5066] <... openat resumed>) = 3 [pid 8680] <... futex resumed>) = ? [pid 8678] <... exit_group resumed>) = ? [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8680] +++ exited with 0 +++ [pid 5064] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./360/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8678] +++ exited with 0 +++ [pid 5064] <... openat resumed>) = 4 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8678, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5064] newfstatat(4, "", [pid 5065] umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 5065] openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5064] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8682] <... mount resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] close(4 [pid 5065] umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 8682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./360/file0" [pid 8682] <... openat resumed>) = 3 [pid 5065] newfstatat(AT_FDCWD, "./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8682] chdir("./file0" [pid 5065] unlink("./358/binderfs" [pid 8682] <... chdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8682] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... unlink resumed>) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8682] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8682] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8681] <... futex resumed>) = 0 [pid 8682] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8681] exit_group(0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] close(3 [pid 8682] <... futex resumed>) = ? [pid 8681] <... exit_group resumed>) = ? [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./360" [pid 8684] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./358/file0", [pid 5064] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] mkdir("./361", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8682] +++ exited with 0 +++ [pid 8681] +++ exited with 0 +++ [pid 5065] <... openat resumed>) = 4 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8681, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] getdents64(4, [pid 5063] <... openat resumed>) = 3 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5063] newfstatat(3, "", [pid 5065] rmdir("./358/file0" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5064] <... mkdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(3 [pid 5063] newfstatat(AT_FDCWD, "./363/binderfs", [pid 5065] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] rmdir("./358" [pid 5063] unlink("./363/binderfs" [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5065] mkdir("./359", 0777 [pid 5063] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./363/file0", [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8684] <... write resumed>) = 2097152 [pid 5066] close(3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5066] <... close resumed>) = 0 [pid 5063] rmdir("./363/file0" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 8684] munmap(0x7f670b400000, 138412032 [pid 5063] <... close resumed>) = 0 [pid 8684] <... munmap resumed>) = 0 [pid 5063] rmdir("./363"./strace-static-x86_64: Process 8685 attached [pid 8685] set_robust_list(0x5555569076a0, 24) = 0 [pid 8685] chdir("./359" [pid 5063] <... rmdir resumed>) = 0 [pid 8685] <... chdir resumed>) = 0 [pid 8685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8685] setpgid(0, 0) = 0 [pid 8685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8685 [pid 8685] <... openat resumed>) = 3 [pid 5063] mkdir("./364", 0777) = 0 [pid 8685] write(3, "1000", 4) = 4 [pid 8685] close(3) = 0 [pid 8685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8685] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8685] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8685] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8685] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8684] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8684] <... openat resumed>) = 4 [pid 8685] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8684] ioctl(4, LOOP_SET_FD, 3 [pid 8685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8684] <... ioctl resumed>) = 0 [pid 8684] close(3./strace-static-x86_64: Process 8686 attached ) = 0 [pid 8686] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8685] <... clone3 resumed> => {parent_tid=[8686]}, 88) = 8686 [pid 8684] close(4 [pid 8686] <... rseq resumed>) = 0 [pid 8685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8685] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8686] set_robust_list(0x7f67138b29a0, 24 [pid 8684] <... close resumed>) = 0 [pid 8685] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8686] <... set_robust_list resumed>) = 0 [pid 8684] mkdir("./file0", 0777 [pid 5064] <... ioctl resumed>) = 0 [pid 8686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8684] <... mkdir resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8686] memfd_create("syzkaller", 0 [ 299.977589][ T8684] loop0: detected capacity change from 0 to 4096 [pid 8684] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8686] <... memfd_create resumed>) = 3 [pid 8686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8687 ./strace-static-x86_64: Process 8687 attached [pid 5065] <... ioctl resumed>) = 0 [pid 8687] set_robust_list(0x5555569076a0, 24 [pid 5065] close(3 [pid 8687] <... set_robust_list resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 8687] chdir("./361" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8688 [pid 8687] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 8688 attached [pid 8687] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8688] set_robust_list(0x5555569076a0, 24 [pid 8687] <... prctl resumed>) = 0 [pid 8688] <... set_robust_list resumed>) = 0 [pid 8687] setpgid(0, 0 [pid 8688] chdir("./359" [pid 8687] <... setpgid resumed>) = 0 [pid 8688] <... chdir resumed>) = 0 [pid 8687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8687] <... openat resumed>) = 3 [pid 8688] setpgid(0, 0 [pid 8687] write(3, "1000", 4) = 4 [pid 8688] <... setpgid resumed>) = 0 [pid 8687] close(3) = 0 [pid 8687] symlink("/dev/binderfs", "./binderfs" [pid 8688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8687] <... symlink resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5063] close(3 [pid 8688] <... openat resumed>) = 3 [pid 8687] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... close resumed>) = 0 [pid 8687] <... futex resumed>) = 0 [pid 8688] write(3, "1000", 4 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8688] <... write resumed>) = 4 [pid 8684] <... mount resumed>) = 0 [pid 8688] close(3 [pid 8687] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8688] <... close resumed>) = 0 [pid 8687] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8688] symlink("/dev/binderfs", "./binderfs" [pid 8687] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 8689 attached [pid 8688] <... symlink resumed>) = 0 [pid 8687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8684] <... openat resumed>) = 3 [pid 8689] set_robust_list(0x5555569076a0, 24 [pid 8688] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8684] chdir("./file0" [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8689 [pid 8689] <... set_robust_list resumed>) = 0 [pid 8688] <... futex resumed>) = 0 [pid 8687] <... mmap resumed>) = 0x7f6713892000 [pid 8684] <... chdir resumed>) = 0 [pid 8689] chdir("./364") = 0 [pid 8688] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8687] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8684] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8689] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8688] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8687] <... mprotect resumed>) = 0 [pid 8689] <... prctl resumed>) = 0 [pid 8688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8684] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8689] setpgid(0, 0 [pid 8688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8687] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8689] <... setpgid resumed>) = 0 [pid 8688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8687] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8684] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8686] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8688] <... mmap resumed>) = 0x7f6713892000 [pid 8687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8684] <... futex resumed>) = 1 [pid 8683] <... futex resumed>) = 0 [pid 8683] exit_group(0) = ? [pid 8684] +++ exited with 0 +++ [pid 8683] +++ exited with 0 +++ ./strace-static-x86_64: Process 8690 attached [pid 8688] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8683, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 8689] <... openat resumed>) = 3 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8690] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8689] write(3, "1000", 4 [pid 8690] <... rseq resumed>) = 0 [pid 8688] <... mprotect resumed>) = 0 [pid 8687] <... clone3 resumed> => {parent_tid=[8690]}, 88) = 8690 [pid 5062] <... restart_syscall resumed>) = 0 [pid 8690] set_robust_list(0x7f67138b29a0, 24 [pid 8689] <... write resumed>) = 4 [pid 8690] <... set_robust_list resumed>) = 0 [pid 8689] close(3 [pid 8688] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8687] rt_sigprocmask(SIG_SETMASK, [], [pid 8690] rt_sigprocmask(SIG_SETMASK, [], [pid 8689] <... close resumed>) = 0 [pid 8688] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8689] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8689] <... symlink resumed>) = 0 [pid 8690] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... openat resumed>) = 3 [pid 8689] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8687] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] newfstatat(3, "", ./strace-static-x86_64: Process 8691 attached [pid 8690] <... futex resumed>) = 0 [pid 8689] <... futex resumed>) = 0 [pid 8687] <... futex resumed>) = 1 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8691] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8689] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8687] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] getdents64(3, [pid 8689] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8688] <... clone3 resumed> => {parent_tid=[8691]}, 88) = 8691 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8691] <... rseq resumed>) = 0 [pid 8689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8688] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8691] set_robust_list(0x7f67138b29a0, 24 [pid 8690] memfd_create("syzkaller", 0 [pid 8689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8691] <... set_robust_list resumed>) = 0 [pid 8689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8688] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] newfstatat(AT_FDCWD, "./356/binderfs", [pid 8691] rt_sigprocmask(SIG_SETMASK, [], [pid 8690] <... memfd_create resumed>) = 3 [pid 8689] <... mmap resumed>) = 0x7f6713892000 [pid 8688] <... futex resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8689] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8688] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] unlink("./356/binderfs" [pid 8690] <... mmap resumed>) = 0x7f670b400000 [pid 8689] <... mprotect resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8689] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... umount2 resumed>) = 0 [pid 8691] memfd_create("syzkaller", 0 [pid 8689] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8686] <... write resumed>) = 2097152 [pid 8691] <... memfd_create resumed>) = 3 [pid 8689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8686] munmap(0x7f670b400000, 138412032 [pid 5062] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8692 attached [pid 8689] <... clone3 resumed> => {parent_tid=[8692]}, 88) = 8692 [pid 8692] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8689] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] newfstatat(AT_FDCWD, "./356/file0", [pid 8689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8689] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8692] <... rseq resumed>) = 0 [pid 8689] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8692] set_robust_list(0x7f67138b29a0, 24 [pid 8691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8692] <... set_robust_list resumed>) = 0 [pid 8691] <... mmap resumed>) = 0x7f670b400000 [pid 5062] umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8692] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] openat(AT_FDCWD, "./356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8692] memfd_create("syzkaller", 0 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 8692] <... memfd_create resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] getdents64(4, [pid 8692] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8686] <... munmap resumed>) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./356/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 8690] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8686] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] <... close resumed>) = 0 [pid 8686] <... openat resumed>) = 4 [pid 5062] rmdir("./356" [pid 8686] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./357", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8686] <... ioctl resumed>) = 0 [pid 8686] close(3 [pid 8691] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8686] <... close resumed>) = 0 [pid 8686] close(4) = 0 [pid 8686] mkdir("./file0", 0777) = 0 [pid 8686] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [ 300.196212][ T8686] loop4: detected capacity change from 0 to 4096 [pid 8692] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8690] <... write resumed>) = 2097152 [pid 8690] munmap(0x7f670b400000, 138412032 [pid 8686] <... mount resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8691] <... write resumed>) = 2097152 [pid 8690] <... munmap resumed>) = 0 [pid 8686] <... openat resumed>) = 3 [pid 8686] chdir("./file0" [pid 8691] munmap(0x7f670b400000, 138412032 [pid 8686] <... chdir resumed>) = 0 [pid 8686] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] close(3 [pid 8690] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8691] <... munmap resumed>) = 0 [pid 8690] <... openat resumed>) = 4 [pid 8686] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8691] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8690] ioctl(4, LOOP_SET_FD, 3 [pid 8686] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8691] <... openat resumed>) = 4 [pid 5062] <... close resumed>) = 0 [pid 8686] <... futex resumed>) = 1 [pid 8691] ioctl(4, LOOP_SET_FD, 3 [pid 8686] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8685] <... futex resumed>) = 0 [pid 8685] exit_group(0) = ? [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8693 attached [pid 8692] <... write resumed>) = 2097152 [pid 8693] set_robust_list(0x5555569076a0, 24 [pid 8692] munmap(0x7f670b400000, 138412032 [pid 8693] <... set_robust_list resumed>) = 0 [pid 8686] <... futex resumed>) = ? [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8693 [pid 8693] chdir("./357") = 0 [pid 8693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8692] <... munmap resumed>) = 0 [pid 8686] +++ exited with 0 +++ [pid 8685] +++ exited with 0 +++ [pid 8693] setpgid(0, 0) = 0 [pid 8691] <... ioctl resumed>) = 0 [pid 8690] <... ioctl resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8685, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 8693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8692] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8691] close(3 [pid 8690] close(3 [pid 5066] umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8693] <... openat resumed>) = 3 [pid 8692] <... openat resumed>) = 4 [pid 8691] <... close resumed>) = 0 [pid 8690] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8693] write(3, "1000", 4 [pid 8692] ioctl(4, LOOP_SET_FD, 3 [pid 8691] close(4 [pid 8690] close(4 [ 300.305828][ T8690] loop2: detected capacity change from 0 to 4096 [ 300.313690][ T8691] loop3: detected capacity change from 0 to 4096 [pid 5066] openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8693] <... write resumed>) = 4 [pid 8690] <... close resumed>) = 0 [pid 8690] mkdir("./file0", 0777) = 0 [pid 8691] <... close resumed>) = 0 [pid 8691] mkdir("./file0", 0777) = 0 [pid 8690] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8693] close(3 [pid 5066] <... openat resumed>) = 3 [pid 8693] <... close resumed>) = 0 [pid 8691] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5066] newfstatat(3, "", [pid 8693] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 8693] <... symlink resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8693] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(AT_FDCWD, "./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8693] <... futex resumed>) = 0 [pid 5066] unlink("./359/binderfs") = 0 [pid 5066] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8693] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8692] <... ioctl resumed>) = 0 [pid 8693] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8692] close(3 [pid 8690] <... mount resumed>) = 0 [pid 8692] <... close resumed>) = 0 [pid 8693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8692] close(4 [pid 8693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8692] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8693] <... mmap resumed>) = 0x7f6713892000 [pid 8692] mkdir("./file0", 0777 [pid 8690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8693] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8692] <... mkdir resumed>) = 0 [pid 8690] <... openat resumed>) = 3 [pid 5066] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8693] <... mprotect resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8693] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8690] chdir("./file0" [pid 5066] newfstatat(AT_FDCWD, "./359/file0", [pid 8693] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8690] <... chdir resumed>) = 0 [pid 8693] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8692] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8690] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8694 attached [pid 8691] <... mount resumed>) = 0 [pid 8690] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 300.354331][ T8692] loop1: detected capacity change from 0 to 4096 [pid 5066] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8694] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8693] <... clone3 resumed> => {parent_tid=[8694]}, 88) = 8694 [pid 8694] <... rseq resumed>) = 0 [pid 8693] rt_sigprocmask(SIG_SETMASK, [], [pid 8690] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8694] set_robust_list(0x7f67138b29a0, 24 [pid 8693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8690] <... futex resumed>) = 1 [pid 8687] <... futex resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8694] <... set_robust_list resumed>) = 0 [pid 8693] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8691] <... openat resumed>) = 3 [pid 8690] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8687] exit_group(0 [pid 5066] <... openat resumed>) = 4 [pid 8694] rt_sigprocmask(SIG_SETMASK, [], [pid 8693] <... futex resumed>) = 0 [pid 8690] <... futex resumed>) = ? [pid 8687] <... exit_group resumed>) = ? [pid 5066] newfstatat(4, "", [pid 8694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8693] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8691] chdir("./file0" [pid 8690] +++ exited with 0 +++ [pid 8687] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8691] <... chdir resumed>) = 0 [pid 5066] getdents64(4, [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8687, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8691] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8694] memfd_create("syzkaller", 0 [pid 8691] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 8694] <... memfd_create resumed>) = 3 [pid 8691] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... restart_syscall resumed>) = 0 [pid 8691] <... futex resumed>) = 1 [pid 8688] <... futex resumed>) = 0 [pid 5066] getdents64(4, [pid 8694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8691] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8688] exit_group(0 [pid 8694] <... mmap resumed>) = 0x7f670b400000 [pid 8691] <... futex resumed>) = ? [pid 8688] <... exit_group resumed>) = ? [pid 8691] +++ exited with 0 +++ [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8688] +++ exited with 0 +++ [pid 5066] close(4 [pid 5064] <... openat resumed>) = 3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8688, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5066] <... close resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 5065] umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] rmdir("./359/file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] getdents64(3, [pid 5065] newfstatat(3, "", [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 5065] getdents64(3, [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] close(3 [pid 5065] umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./359/binderfs", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./359/binderfs" [pid 5066] rmdir("./359" [pid 5065] <... unlink resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./361/binderfs", [pid 5065] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8692] <... mount resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] mkdir("./360", 0777 [pid 5064] unlink("./361/binderfs" [pid 8692] <... openat resumed>) = 3 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8692] chdir("./file0") = 0 [pid 8692] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... umount2 resumed>) = 0 [pid 5064] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8692] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8692] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] newfstatat(AT_FDCWD, "./361/file0", [pid 8692] <... futex resumed>) = 1 [pid 8689] <... futex resumed>) = 0 [pid 8692] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8689] exit_group(0 [pid 5065] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8689] <... exit_group resumed>) = ? [pid 5064] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./359/file0", [pid 5064] openat(AT_FDCWD, "./361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8692] <... futex resumed>) = ? [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8692] +++ exited with 0 +++ [pid 8689] +++ exited with 0 +++ [pid 5065] openat(AT_FDCWD, "./359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8689, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(4, [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 5065] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(4, "", [pid 5063] getdents64(3, [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] close(4 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 5063] umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] rmdir("./361/file0" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, [pid 5063] newfstatat(AT_FDCWD, "./364/binderfs", [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] close(4 [pid 5063] unlink("./364/binderfs" [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 5063] <... unlink resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./359/file0") = 0 [pid 5063] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5063] <... umount2 resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./359") = 0 [pid 5065] mkdir("./360", 0777) = 0 [pid 5063] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./364/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 5063] newfstatat(4, "", [pid 5064] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] rmdir("./361" [pid 5063] getdents64(4, [pid 5064] <... rmdir resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] mkdir("./362", 0777 [pid 5063] getdents64(4, [pid 5064] <... mkdir resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./364/file0" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] <... rmdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./364" [pid 8694] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... ioctl resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] mkdir("./365", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8695 ./strace-static-x86_64: Process 8695 attached [pid 8695] set_robust_list(0x5555569076a0, 24) = 0 [pid 8695] chdir("./360") = 0 [pid 8695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8695] setpgid(0, 0 [pid 5064] <... ioctl resumed>) = 0 [pid 8695] <... setpgid resumed>) = 0 [pid 8694] <... write resumed>) = 2097152 [pid 5065] <... ioctl resumed>) = 0 [pid 8695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] close(3 [pid 8695] <... openat resumed>) = 3 [pid 5064] <... close resumed>) = 0 [pid 8695] write(3, "1000", 4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8695] <... write resumed>) = 4 [pid 8695] close(3 [pid 8694] munmap(0x7f670b400000, 138412032 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8696 ./strace-static-x86_64: Process 8696 attached [pid 8695] <... close resumed>) = 0 [pid 8696] set_robust_list(0x5555569076a0, 24 [pid 8695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8696] <... set_robust_list resumed>) = 0 [pid 8695] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8696] chdir("./362" [pid 8695] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8696] <... chdir resumed>) = 0 [pid 8696] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8695] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8696] <... prctl resumed>) = 0 [pid 8695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8696] setpgid(0, 0 [pid 8695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8696] <... setpgid resumed>) = 0 [pid 8695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8695] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8694] <... munmap resumed>) = 0 [pid 8696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8695] <... mprotect resumed>) = 0 [pid 8695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8697]}, 88) = 8697 [pid 8694] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] close(3 [pid 8696] <... openat resumed>) = 3 [pid 8695] rt_sigprocmask(SIG_SETMASK, [], [pid 8694] <... openat resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 8695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8694] ioctl(4, LOOP_SET_FD, 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8696] write(3, "1000", 4 [pid 8695] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8695] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8697 attached [pid 8696] <... write resumed>) = 4 [pid 8697] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8696] close(3 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8698 [pid 8697] <... rseq resumed>) = 0 [pid 8696] <... close resumed>) = 0 [pid 8697] set_robust_list(0x7f67138b29a0, 24 [pid 8696] symlink("/dev/binderfs", "./binderfs" [pid 8697] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 8698 attached [pid 8697] rt_sigprocmask(SIG_SETMASK, [], [pid 8696] <... symlink resumed>) = 0 [pid 8698] set_robust_list(0x5555569076a0, 24 [pid 8697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8698] <... set_robust_list resumed>) = 0 [pid 8694] <... ioctl resumed>) = 0 [pid 8698] chdir("./360" [pid 8694] close(3 [pid 8698] <... chdir resumed>) = 0 [pid 8694] <... close resumed>) = 0 [pid 8698] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8694] close(4 [pid 8698] <... prctl resumed>) = 0 [pid 8697] memfd_create("syzkaller", 0 [pid 8694] <... close resumed>) = 0 [pid 8698] setpgid(0, 0 [pid 8694] mkdir("./file0", 0777 [pid 8698] <... setpgid resumed>) = 0 [pid 8694] <... mkdir resumed>) = 0 [pid 8698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8697] <... memfd_create resumed>) = 3 [pid 8696] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8698] <... openat resumed>) = 3 [pid 8697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8696] <... futex resumed>) = 0 [pid 8694] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8698] write(3, "1000", 4 [pid 8697] <... mmap resumed>) = 0x7f670b400000 [pid 8696] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8698] <... write resumed>) = 4 [pid 8696] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8698] close(3 [pid 8696] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8698] <... close resumed>) = 0 [pid 8696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8698] symlink("/dev/binderfs", "./binderfs" [pid 8696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8698] <... symlink resumed>) = 0 [pid 8696] <... mmap resumed>) = 0x7f6713892000 [pid 8698] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8696] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] close(3 [pid 8698] <... futex resumed>) = 0 [pid 8698] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8696] <... mprotect resumed>) = 0 [pid 8698] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8696] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... close resumed>) = 0 [pid 8698] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8698] <... mprotect resumed>) = 0 [pid 8696] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8698] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8698] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8700 attached ./strace-static-x86_64: Process 8699 attached [pid 8696] <... clone3 resumed> => {parent_tid=[8699]}, 88) = 8699 [pid 8700] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8699] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8700] <... rseq resumed>) = 0 [pid 8699] <... rseq resumed>) = 0 [pid 8698] <... clone3 resumed> => {parent_tid=[8700]}, 88) = 8700 [pid 8696] rt_sigprocmask(SIG_SETMASK, [], [pid 8700] set_robust_list(0x7f67138b29a0, 24 [pid 8699] set_robust_list(0x7f67138b29a0, 24 [pid 8698] rt_sigprocmask(SIG_SETMASK, [], [pid 8696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8700] <... set_robust_list resumed>) = 0 [pid 8699] <... set_robust_list resumed>) = 0 [pid 8698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8700] rt_sigprocmask(SIG_SETMASK, [], [pid 8699] rt_sigprocmask(SIG_SETMASK, [], [pid 8698] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8696] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8700] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8699] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8698] <... futex resumed>) = 0 [pid 8696] <... futex resumed>) = 0 [pid 8700] memfd_create("syzkaller", 0 [pid 8699] memfd_create("syzkaller", 0 [pid 8698] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 300.650099][ T8694] loop0: detected capacity change from 0 to 4096 [pid 8696] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8700] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 8701 attached [pid 8699] <... memfd_create resumed>) = 3 [pid 8694] <... mount resumed>) = 0 [pid 8701] set_robust_list(0x5555569076a0, 24 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8701 [pid 8701] <... set_robust_list resumed>) = 0 [pid 8701] chdir("./365" [pid 8694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8701] <... chdir resumed>) = 0 [pid 8694] <... openat resumed>) = 3 [pid 8701] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8694] chdir("./file0" [pid 8701] <... prctl resumed>) = 0 [pid 8701] setpgid(0, 0 [pid 8699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8701] <... setpgid resumed>) = 0 [pid 8699] <... mmap resumed>) = 0x7f670b400000 [pid 8701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8701] write(3, "1000", 4) = 4 [pid 8701] close(3) = 0 [pid 8701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8701] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8701] <... futex resumed>) = 0 [pid 8700] <... mmap resumed>) = 0x7f670b400000 [pid 8701] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8694] <... chdir resumed>) = 0 [pid 8701] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8701] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8694] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8701] <... mmap resumed>) = 0x7f6713892000 [pid 8697] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8694] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8701] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8694] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8693] <... futex resumed>) = 0 [pid 8701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8694] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8693] exit_group(0) = ? [pid 8701] <... clone3 resumed> => {parent_tid=[8702]}, 88) = 8702 [pid 8701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8701] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8694] <... futex resumed>) = ? [pid 8701] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8702 attached [pid 8702] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8702] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8694] +++ exited with 0 +++ [pid 8693] +++ exited with 0 +++ [pid 8702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8693, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8702] memfd_create("syzkaller", 0) = 3 [pid 8702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8700] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./357/binderfs", [pid 8697] <... write resumed>) = 2097152 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8697] munmap(0x7f670b400000, 138412032 [pid 5062] unlink("./357/binderfs") = 0 [pid 8699] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 8697] <... munmap resumed>) = 0 [pid 5062] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8702] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8697] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5062] newfstatat(AT_FDCWD, "./357/file0", [pid 8697] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8697] <... ioctl resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 8697] close(3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 8697] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8697] close(4 [pid 5062] rmdir("./357/file0" [pid 8697] <... close resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8697] mkdir("./file0", 0777) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./357" [pid 8697] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./358", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8699] <... write resumed>) = 2097152 [pid 8699] munmap(0x7f670b400000, 138412032 [pid 8702] <... write resumed>) = 2097152 [pid 8700] <... write resumed>) = 2097152 [ 300.848864][ T8697] loop4: detected capacity change from 0 to 4096 [pid 8702] munmap(0x7f670b400000, 138412032 [pid 8700] munmap(0x7f670b400000, 138412032) = 0 [pid 8699] <... munmap resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8703 attached [pid 8702] <... munmap resumed>) = 0 [pid 8700] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8703] set_robust_list(0x5555569076a0, 24) = 0 [pid 8699] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8703 [pid 8699] <... openat resumed>) = 4 [pid 8697] <... mount resumed>) = 0 [pid 8703] chdir("./358") = 0 [pid 8699] ioctl(4, LOOP_SET_FD, 3 [pid 8703] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8700] <... openat resumed>) = 4 [pid 8697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8703] <... prctl resumed>) = 0 [pid 8697] <... openat resumed>) = 3 [pid 8703] setpgid(0, 0 [pid 8697] chdir("./file0" [pid 8703] <... setpgid resumed>) = 0 [pid 8697] <... chdir resumed>) = 0 [pid 8702] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8700] ioctl(4, LOOP_SET_FD, 3 [pid 8697] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8702] <... openat resumed>) = 4 [pid 8697] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8702] ioctl(4, LOOP_SET_FD, 3 [pid 8697] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8703] <... openat resumed>) = 3 [pid 8702] <... ioctl resumed>) = 0 [pid 8697] <... futex resumed>) = 1 [pid 8695] <... futex resumed>) = 0 [pid 8697] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8703] write(3, "1000", 4 [pid 8695] exit_group(0 [pid 8703] <... write resumed>) = 4 [pid 8703] close(3 [pid 8697] <... futex resumed>) = ? [pid 8695] <... exit_group resumed>) = ? [pid 8703] <... close resumed>) = 0 [pid 8697] +++ exited with 0 +++ [pid 8703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8695] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8695, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8703] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8703] <... futex resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8699] <... ioctl resumed>) = 0 [pid 8703] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... openat resumed>) = 3 [pid 8699] close(3 [pid 8700] <... ioctl resumed>) = 0 [pid 8699] <... close resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 8699] close(4 [pid 8700] close(3 [pid 8699] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8700] <... close resumed>) = 0 [pid 8699] mkdir("./file0", 0777 [pid 5066] getdents64(3, [pid 8700] close(4 [pid 8699] <... mkdir resumed>) = 0 [pid 8700] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8700] mkdir("./file0", 0777 [pid 8703] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8700] <... mkdir resumed>) = 0 [pid 5066] umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8703] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8700] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8699] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5066] newfstatat(AT_FDCWD, "./360/binderfs", [pid 8703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8702] close(3) = 0 [pid 8702] close(4) = 0 [pid 8703] <... mmap resumed>) = 0x7f6713892000 [pid 8702] mkdir("./file0", 0777 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8703] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8702] <... mkdir resumed>) = 0 [pid 5066] unlink("./360/binderfs" [pid 8703] <... mprotect resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [ 300.953556][ T8699] loop2: detected capacity change from 0 to 4096 [ 300.961189][ T8700] loop3: detected capacity change from 0 to 4096 [ 300.969292][ T8702] loop1: detected capacity change from 0 to 4096 [pid 8702] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8703] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8703] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8704 attached => {parent_tid=[8704]}, 88) = 8704 [pid 8704] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8703] rt_sigprocmask(SIG_SETMASK, [], [pid 8704] <... rseq resumed>) = 0 [pid 8703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8704] set_robust_list(0x7f67138b29a0, 24 [pid 8703] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8704] <... set_robust_list resumed>) = 0 [pid 8703] <... futex resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8704] rt_sigprocmask(SIG_SETMASK, [], [pid 8703] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8699] <... mount resumed>) = 0 [pid 5066] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8699] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./360/file0", [pid 8699] chdir("./file0" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8704] memfd_create("syzkaller", 0 [pid 8700] <... mount resumed>) = 0 [pid 8699] <... chdir resumed>) = 0 [pid 5066] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8704] <... memfd_create resumed>) = 3 [pid 8699] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8699] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] openat(AT_FDCWD, "./360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8700] <... openat resumed>) = 3 [pid 8699] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... openat resumed>) = 4 [pid 8700] chdir("./file0" [pid 8699] <... futex resumed>) = 1 [pid 8696] <... futex resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8704] <... mmap resumed>) = 0x7f670b400000 [pid 8700] <... chdir resumed>) = 0 [pid 8699] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8696] exit_group(0 [pid 8700] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8699] <... futex resumed>) = ? [pid 8696] <... exit_group resumed>) = ? [pid 8700] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8699] +++ exited with 0 +++ [pid 5066] getdents64(4, [pid 8700] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8700] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8702] <... mount resumed>) = 0 [pid 8698] <... futex resumed>) = 0 [pid 8698] exit_group(0 [pid 5066] getdents64(4, [pid 8700] <... futex resumed>) = ? [pid 8698] <... exit_group resumed>) = ? [pid 8700] +++ exited with 0 +++ [pid 8696] +++ exited with 0 +++ [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8696, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 8702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] close(4 [pid 8702] <... openat resumed>) = 3 [pid 8702] chdir("./file0" [pid 5066] <... close resumed>) = 0 [pid 8702] <... chdir resumed>) = 0 [pid 8698] +++ exited with 0 +++ [pid 5066] rmdir("./360/file0" [pid 8702] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... rmdir resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8698, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8702] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] getdents64(3, [pid 5064] umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8702] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8702] <... futex resumed>) = 1 [pid 8701] <... futex resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8702] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8701] exit_group(0 [pid 5066] close(3 [pid 5064] <... openat resumed>) = 3 [pid 8702] <... futex resumed>) = ? [pid 8701] <... exit_group resumed>) = ? [pid 5066] <... close resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 8702] +++ exited with 0 +++ [pid 8701] +++ exited with 0 +++ [pid 5066] rmdir("./360" [pid 5065] umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8701, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8704] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 5065] openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5066] mkdir("./361", 0777 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./360/binderfs", [pid 5063] umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] unlink("./360/binderfs" [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... unlink resumed>) = 0 [pid 5064] umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 3 [pid 5065] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(3, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(AT_FDCWD, "./362/binderfs", [pid 5063] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] unlink("./362/binderfs" [pid 5063] newfstatat(AT_FDCWD, "./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./365/binderfs" [pid 5065] <... umount2 resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5063] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./360/file0", [pid 5064] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] newfstatat(AT_FDCWD, "./365/file0", [pid 5065] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./362/file0", [pid 5065] openat(AT_FDCWD, "./360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(4, "", [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] openat(AT_FDCWD, "./362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] openat(AT_FDCWD, "./365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] getdents64(4, [pid 5064] <... openat resumed>) = 4 [pid 5063] <... openat resumed>) = 4 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(4, "", [pid 5063] newfstatat(4, "", [pid 5065] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] getdents64(4, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] rmdir("./360/file0" [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] close(4 [pid 5063] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(3, [pid 5064] rmdir("./362/file0" [pid 5063] close(4) = 0 [pid 5063] rmdir("./365/file0" [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5065] close(3 [pid 5064] getdents64(3, [pid 5063] getdents64(3, [pid 5065] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] rmdir("./360" [pid 5064] close(3 [pid 5063] close(3 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./362" [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5065] mkdir("./361", 0777 [pid 5063] rmdir("./365" [pid 5064] <... rmdir resumed>) = 0 [pid 8704] <... write resumed>) = 2097152 [pid 5065] <... mkdir resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] mkdir("./366", 0777 [pid 8704] munmap(0x7f670b400000, 138412032 [pid 5064] mkdir("./363", 0777 [pid 5065] <... openat resumed>) = 3 [pid 5064] <... mkdir resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8704] <... munmap resumed>) = 0 [pid 8704] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... ioctl resumed>) = 0 [pid 8704] <... openat resumed>) = 4 [pid 5066] close(3) = 0 [pid 8704] ioctl(4, LOOP_SET_FD, 3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8705 ./strace-static-x86_64: Process 8705 attached [pid 8704] <... ioctl resumed>) = 0 [pid 8705] set_robust_list(0x5555569076a0, 24) = 0 [pid 8704] close(3 [pid 8705] chdir("./361" [pid 8704] <... close resumed>) = 0 [pid 8705] <... chdir resumed>) = 0 [ 301.226430][ T8704] loop0: detected capacity change from 0 to 4096 [pid 8704] close(4 [pid 5064] <... ioctl resumed>) = 0 [pid 8705] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8704] <... close resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8706 ./strace-static-x86_64: Process 8706 attached [pid 8705] <... prctl resumed>) = 0 [pid 8704] mkdir("./file0", 0777 [pid 8706] set_robust_list(0x5555569076a0, 24) = 0 [pid 8706] chdir("./363") = 0 [pid 8706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8706] setpgid(0, 0) = 0 [pid 8706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8704] <... mkdir resumed>) = 0 [pid 8705] setpgid(0, 0) = 0 [pid 8704] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8706] <... openat resumed>) = 3 [pid 8706] write(3, "1000", 4) = 4 [pid 8706] close(3) = 0 [pid 8706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8706] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8706] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8706] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8705] write(3, "1000", 4 [pid 8706] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8705] <... write resumed>) = 4 [pid 8706] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8705] close(3 [pid 8706] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8705] <... close resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8705] symlink("/dev/binderfs", "./binderfs" [pid 8706] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8705] <... symlink resumed>) = 0 [pid 5065] close(3 [pid 5063] close(3 [pid 8705] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... close resumed>) = 0 [pid 8705] <... futex resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8708 attached ./strace-static-x86_64: Process 8709 attached ./strace-static-x86_64: Process 8707 attached [pid 8705] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8708] set_robust_list(0x5555569076a0, 24 [pid 8709] set_robust_list(0x5555569076a0, 24 [pid 8706] <... clone3 resumed> => {parent_tid=[8707]}, 88) = 8707 [pid 8705] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8709 [pid 8708] <... set_robust_list resumed>) = 0 [pid 8709] <... set_robust_list resumed>) = 0 [pid 8706] rt_sigprocmask(SIG_SETMASK, [], [pid 8705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8708 [pid 8708] chdir("./366" [pid 8709] chdir("./361" [pid 8706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8708] <... chdir resumed>) = 0 [pid 8709] <... chdir resumed>) = 0 [pid 8706] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8704] <... mount resumed>) = 0 [pid 8708] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8709] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8706] <... futex resumed>) = 0 [pid 8705] <... mmap resumed>) = 0x7f6713892000 [pid 8708] <... prctl resumed>) = 0 [pid 8709] <... prctl resumed>) = 0 [pid 8707] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8706] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8705] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8708] setpgid(0, 0 [pid 8709] setpgid(0, 0 [pid 8707] <... rseq resumed>) = 0 [pid 8705] <... mprotect resumed>) = 0 [pid 8704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8708] <... setpgid resumed>) = 0 [pid 8709] <... setpgid resumed>) = 0 [pid 8707] set_robust_list(0x7f67138b29a0, 24 [pid 8704] <... openat resumed>) = 3 [pid 8708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8705] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8707] <... set_robust_list resumed>) = 0 [pid 8704] chdir("./file0" [pid 8709] <... openat resumed>) = 3 [pid 8705] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8708] <... openat resumed>) = 3 [pid 8709] write(3, "1000", 4 [pid 8707] rt_sigprocmask(SIG_SETMASK, [], [pid 8705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8704] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 8710 attached [pid 8708] write(3, "1000", 4 [pid 8709] <... write resumed>) = 4 [pid 8707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8704] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8710] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8708] <... write resumed>) = 4 [pid 8709] close(3 [pid 8705] <... clone3 resumed> => {parent_tid=[8710]}, 88) = 8710 [pid 8710] <... rseq resumed>) = 0 [pid 8708] close(3 [pid 8709] <... close resumed>) = 0 [pid 8707] memfd_create("syzkaller", 0 [pid 8705] rt_sigprocmask(SIG_SETMASK, [], [pid 8704] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8710] set_robust_list(0x7f67138b29a0, 24 [pid 8708] <... close resumed>) = 0 [pid 8709] symlink("/dev/binderfs", "./binderfs" [pid 8705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8704] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8710] <... set_robust_list resumed>) = 0 [pid 8708] symlink("/dev/binderfs", "./binderfs" [pid 8709] <... symlink resumed>) = 0 [pid 8705] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8710] rt_sigprocmask(SIG_SETMASK, [], [pid 8708] <... symlink resumed>) = 0 [pid 8704] <... futex resumed>) = 1 [pid 8710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8708] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8709] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8705] <... futex resumed>) = 0 [pid 8703] <... futex resumed>) = 0 [pid 8710] memfd_create("syzkaller", 0 [pid 8708] <... futex resumed>) = 0 [pid 8709] <... futex resumed>) = 0 [pid 8707] <... memfd_create resumed>) = 3 [pid 8705] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8704] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8703] exit_group(0 [pid 8704] <... futex resumed>) = ? [pid 8703] <... exit_group resumed>) = ? [pid 8704] +++ exited with 0 +++ [pid 8708] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8709] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8708] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8709] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8709] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8710] <... memfd_create resumed>) = 3 [pid 8708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8710] <... mmap resumed>) = 0x7f670b400000 [pid 8708] <... mmap resumed>) = 0x7f6713892000 [pid 8709] <... mmap resumed>) = 0x7f6713892000 [pid 8707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8708] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8709] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8707] <... mmap resumed>) = 0x7f670b400000 [pid 8708] <... mprotect resumed>) = 0 [pid 8709] <... mprotect resumed>) = 0 [pid 8708] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8708] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 8711 attached [pid 8708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8709] <... clone3 resumed> => {parent_tid=[8711]}, 88) = 8711 ./strace-static-x86_64: Process 8712 attached [pid 8711] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8709] rt_sigprocmask(SIG_SETMASK, [], [pid 8703] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8703, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 8711] <... rseq resumed>) = 0 [pid 8709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8711] set_robust_list(0x7f67138b29a0, 24 [pid 8708] <... clone3 resumed> => {parent_tid=[8712]}, 88) = 8712 [pid 8709] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8712] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8711] <... set_robust_list resumed>) = 0 [pid 8708] rt_sigprocmask(SIG_SETMASK, [], [pid 8709] <... futex resumed>) = 0 [pid 8712] <... rseq resumed>) = 0 [pid 8711] rt_sigprocmask(SIG_SETMASK, [], [pid 8708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8709] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8712] set_robust_list(0x7f67138b29a0, 24 [pid 8708] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8712] <... set_robust_list resumed>) = 0 [pid 8708] <... futex resumed>) = 0 [pid 8712] rt_sigprocmask(SIG_SETMASK, [], [pid 8711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8708] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8712] memfd_create("syzkaller", 0 [pid 8711] memfd_create("syzkaller", 0) = 3 [pid 5062] umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8712] <... memfd_create resumed>) = 3 [pid 5062] openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... openat resumed>) = 3 [pid 8712] <... mmap resumed>) = 0x7f670b400000 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./358/binderfs") = 0 [pid 5062] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8707] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./358/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, [pid 8710] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./358/file0") = 0 [pid 8711] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./358") = 0 [pid 5062] mkdir("./359", 0777 [pid 8707] <... write resumed>) = 2097152 [pid 5062] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8707] munmap(0x7f670b400000, 138412032 [pid 8712] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8711] <... write resumed>) = 2097152 [pid 8707] <... munmap resumed>) = 0 [pid 8711] munmap(0x7f670b400000, 138412032) = 0 [pid 8707] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8711] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8711] ioctl(4, LOOP_SET_FD, 3 [pid 8707] close(3) = 0 [pid 8707] close(4) = 0 [pid 8707] mkdir("./file0", 0777) = 0 [pid 8707] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8712] <... write resumed>) = 2097152 [pid 8711] <... ioctl resumed>) = 0 [pid 8710] <... write resumed>) = 2097152 [pid 8711] close(3) = 0 [pid 8712] munmap(0x7f670b400000, 138412032 [pid 8711] close(4 [pid 8710] munmap(0x7f670b400000, 138412032 [pid 8711] <... close resumed>) = 0 [pid 8711] mkdir("./file0", 0777) = 0 [ 301.509775][ T8707] loop2: detected capacity change from 0 to 4096 [ 301.518016][ T8711] loop3: detected capacity change from 0 to 4096 [pid 8711] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8712] <... munmap resumed>) = 0 [pid 8710] <... munmap resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8710] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] close(3 [pid 8712] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8710] <... openat resumed>) = 4 [pid 5062] <... close resumed>) = 0 [pid 8710] ioctl(4, LOOP_SET_FD, 3 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8713 attached [pid 8712] <... openat resumed>) = 4 [pid 8712] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8713 [pid 8713] set_robust_list(0x5555569076a0, 24 [pid 8712] <... ioctl resumed>) = 0 [pid 8710] <... ioctl resumed>) = 0 [pid 8713] <... set_robust_list resumed>) = 0 [pid 8712] close(3 [pid 8710] close(3 [pid 8713] chdir("./359" [pid 8712] <... close resumed>) = 0 [pid 8710] <... close resumed>) = 0 [pid 8713] <... chdir resumed>) = 0 [pid 8712] close(4 [pid 8710] close(4 [pid 8713] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8712] <... close resumed>) = 0 [pid 8710] <... close resumed>) = 0 [pid 8713] <... prctl resumed>) = 0 [pid 8712] mkdir("./file0", 0777 [pid 8710] mkdir("./file0", 0777 [pid 8707] <... mount resumed>) = 0 [pid 8713] setpgid(0, 0) = 0 [pid 8707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8712] <... mkdir resumed>) = 0 [pid 8711] <... mount resumed>) = 0 [pid 8710] <... mkdir resumed>) = 0 [pid 8707] <... openat resumed>) = 3 [pid 8707] chdir("./file0" [pid 8713] <... openat resumed>) = 3 [pid 8712] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8711] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8710] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8707] <... chdir resumed>) = 0 [pid 8713] write(3, "1000", 4 [pid 8711] <... openat resumed>) = 3 [pid 8707] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8713] <... write resumed>) = 4 [pid 8711] chdir("./file0" [pid 8707] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8713] close(3 [pid 8711] <... chdir resumed>) = 0 [pid 8707] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8713] <... close resumed>) = 0 [pid 8711] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8713] symlink("/dev/binderfs", "./binderfs" [pid 8711] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8707] <... futex resumed>) = 1 [pid 8713] <... symlink resumed>) = 0 [pid 8711] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8707] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8713] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8711] <... futex resumed>) = 1 [pid 8709] <... futex resumed>) = 0 [pid 8706] <... futex resumed>) = 0 [pid 8713] <... futex resumed>) = 0 [pid 8711] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8709] exit_group(0 [pid 8706] exit_group(0 [pid 8711] <... futex resumed>) = ? [pid 8709] <... exit_group resumed>) = ? [pid 8707] <... futex resumed>) = ? [pid 8706] <... exit_group resumed>) = ? [ 301.587404][ T8710] loop4: detected capacity change from 0 to 4096 [ 301.597488][ T8712] loop1: detected capacity change from 0 to 4096 [pid 8713] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8711] +++ exited with 0 +++ [pid 8709] +++ exited with 0 +++ [pid 8707] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8709, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8713] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8706] +++ exited with 0 +++ [pid 5065] <... openat resumed>) = 3 [pid 8713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] newfstatat(3, "", [pid 8713] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8706, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5065] getdents64(3, [pid 5064] umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8713] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8713] <... mprotect resumed>) = 0 [pid 5064] getdents64(3, [pid 8713] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] newfstatat(AT_FDCWD, "./361/binderfs", [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8713] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] unlink("./361/binderfs" [pid 5064] newfstatat(AT_FDCWD, "./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5064] unlink("./363/binderfs"./strace-static-x86_64: Process 8714 attached [pid 5065] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8714] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8713] <... clone3 resumed> => {parent_tid=[8714]}, 88) = 8714 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8714] <... rseq resumed>) = 0 [pid 8713] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8714] set_robust_list(0x7f67138b29a0, 24 [pid 8713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8714] <... set_robust_list resumed>) = 0 [pid 8713] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8714] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] newfstatat(AT_FDCWD, "./361/file0", [pid 8714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8713] <... futex resumed>) = 0 [pid 8714] memfd_create("syzkaller", 0 [pid 5065] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8713] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8714] <... memfd_create resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] openat(AT_FDCWD, "./361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(AT_FDCWD, "./363/file0", [pid 8714] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8712] <... mount resumed>) = 0 [pid 8710] <... mount resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 5064] openat(AT_FDCWD, "./363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8712] <... openat resumed>) = 3 [pid 8710] <... openat resumed>) = 3 [pid 5065] getdents64(4, [pid 8712] chdir("./file0" [pid 8710] chdir("./file0" [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8712] <... chdir resumed>) = 0 [pid 8710] <... chdir resumed>) = 0 [pid 5065] getdents64(4, [pid 8712] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8710] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 8712] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8710] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... close resumed>) = 0 [pid 8712] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8710] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] rmdir("./361/file0" [pid 8712] <... futex resumed>) = 1 [pid 8710] <... futex resumed>) = 1 [pid 8708] <... futex resumed>) = 0 [pid 8705] <... futex resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 8712] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8710] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8708] exit_group(0 [pid 8705] exit_group(0 [pid 5065] getdents64(3, [pid 8712] <... futex resumed>) = ? [pid 8710] <... futex resumed>) = ? [pid 8708] <... exit_group resumed>) = ? [pid 8705] <... exit_group resumed>) = ? [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8714] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8712] +++ exited with 0 +++ [pid 8710] +++ exited with 0 +++ [pid 8708] +++ exited with 0 +++ [pid 8705] +++ exited with 0 +++ [pid 5065] close(3 [pid 5064] <... openat resumed>) = 4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8705, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5065] <... close resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8708, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=5 /* 0.05 s */} --- [pid 5065] rmdir("./361" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] getdents64(4, [pid 5066] umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] mkdir("./362", 0777 [pid 5064] getdents64(4, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 5064] close(4 [pid 5063] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 5064] <... close resumed>) = 0 [pid 5063] newfstatat(3, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] rmdir("./363/file0" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] close(3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./361/binderfs", [pid 5064] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] rmdir("./363" [pid 5063] newfstatat(AT_FDCWD, "./366/binderfs", [pid 5066] unlink("./361/binderfs" [pid 5064] <... rmdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8714] <... write resumed>) = 2097152 [pid 5066] <... unlink resumed>) = 0 [pid 5064] mkdir("./364", 0777 [pid 5063] unlink("./366/binderfs" [pid 5066] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8714] munmap(0x7f670b400000, 138412032) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5066] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8714] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(AT_FDCWD, "./361/file0", [pid 8714] <... openat resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8714] ioctl(4, LOOP_SET_FD, 3 [pid 5066] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8714] <... ioctl resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 8714] close(3) = 0 [pid 8714] close(4 [pid 5066] newfstatat(4, "", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] newfstatat(AT_FDCWD, "./366/file0", [pid 5066] getdents64(4, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8714] <... close resumed>) = 0 [pid 5063] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8714] mkdir("./file0", 0777) = 0 [pid 5066] getdents64(4, [pid 5063] openat(AT_FDCWD, "./366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8714] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5063] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5063] newfstatat(4, "", [pid 5066] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] rmdir("./361/file0" [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... rmdir resumed>) = 0 [ 301.793938][ T8714] loop0: detected capacity change from 0 to 4096 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] getdents64(4, [pid 5066] getdents64(3, [pid 5065] close(3 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 5063] close(4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] close(3 [pid 5063] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5063] rmdir("./366/file0" [pid 5066] rmdir("./361" [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8715 ./strace-static-x86_64: Process 8715 attached [pid 5063] <... rmdir resumed>) = 0 [pid 8715] set_robust_list(0x5555569076a0, 24 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 5066] mkdir("./362", 0777 [pid 8715] <... set_robust_list resumed>) = 0 [pid 8715] chdir("./362") = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 8715] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8715] <... prctl resumed>) = 0 [pid 8715] setpgid(0, 0 [pid 5066] <... openat resumed>) = 3 [pid 8715] <... setpgid resumed>) = 0 [pid 8715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5063] close(3 [pid 8715] <... openat resumed>) = 3 [pid 5064] close(3 [pid 5063] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] rmdir("./366" [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8715] write(3, "1000", 4) = 4 [pid 5063] <... rmdir resumed>) = 0 [pid 8715] close(3) = 0 [pid 8715] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 8716 attached ) = 0 [pid 5063] mkdir("./367", 0777 [pid 8716] set_robust_list(0x5555569076a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8716 [pid 8715] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8716] <... set_robust_list resumed>) = 0 [pid 8715] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8716] chdir("./364" [pid 8715] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8715] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8715] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8716] <... chdir resumed>) = 0 [pid 8715] <... mprotect resumed>) = 0 [pid 8716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8715] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8716] setpgid(0, 0) = 0 [pid 8716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8715] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8716] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8717 attached [pid 8716] write(3, "1000", 4 [pid 8715] <... clone3 resumed> => {parent_tid=[8717]}, 88) = 8717 [pid 8717] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8716] <... write resumed>) = 4 [pid 8717] <... rseq resumed>) = 0 [pid 8716] close(3 [pid 8715] rt_sigprocmask(SIG_SETMASK, [], [pid 8717] set_robust_list(0x7f67138b29a0, 24 [pid 8716] <... close resumed>) = 0 [pid 8715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8717] <... set_robust_list resumed>) = 0 [pid 8716] symlink("/dev/binderfs", "./binderfs" [pid 8715] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8717] rt_sigprocmask(SIG_SETMASK, [], [pid 8715] <... futex resumed>) = 0 [pid 8717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8715] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8716] <... symlink resumed>) = 0 [pid 8716] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8714] <... mount resumed>) = 0 [pid 8717] memfd_create("syzkaller", 0 [pid 8716] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8717] <... memfd_create resumed>) = 3 [pid 8716] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8716] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8714] <... openat resumed>) = 3 [pid 8717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8714] chdir("./file0" [pid 8716] <... clone3 resumed> => {parent_tid=[8718]}, 88) = 8718 ./strace-static-x86_64: Process 8718 attached [pid 8716] rt_sigprocmask(SIG_SETMASK, [], [pid 8714] <... chdir resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8718] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8714] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8713] <... futex resumed>) = 0 [pid 8714] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8713] exit_group(0 [pid 8716] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... ioctl resumed>) = 0 [pid 8718] <... rseq resumed>) = 0 [pid 8716] <... futex resumed>) = 0 [pid 8714] <... futex resumed>) = ? [pid 8713] <... exit_group resumed>) = ? [pid 8718] set_robust_list(0x7f67138b29a0, 24 [pid 5063] close(3 [pid 5066] close(3 [pid 8718] <... set_robust_list resumed>) = 0 [pid 8716] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8718] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... close resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8718] memfd_create("syzkaller", 0 [pid 8714] +++ exited with 0 +++ [pid 8713] +++ exited with 0 +++ [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8719 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8720 [pid 8718] <... memfd_create resumed>) = 3 [pid 8718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8713, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8719 attached [pid 8718] <... mmap resumed>) = 0x7f670b400000 [pid 5062] openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8719] set_robust_list(0x5555569076a0, 24 [pid 5062] <... openat resumed>) = 3 [pid 8719] <... set_robust_list resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 8719] chdir("./362" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8720 attached [pid 8719] <... chdir resumed>) = 0 [pid 8720] set_robust_list(0x5555569076a0, 24 [pid 8719] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8720] <... set_robust_list resumed>) = 0 [pid 8719] <... prctl resumed>) = 0 [pid 8720] chdir("./367" [pid 8719] setpgid(0, 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8720] <... chdir resumed>) = 0 [pid 8719] <... setpgid resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./359/binderfs", [pid 8720] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8720] <... prctl resumed>) = 0 [pid 8719] <... openat resumed>) = 3 [pid 8717] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8720] setpgid(0, 0 [pid 5062] unlink("./359/binderfs" [pid 8720] <... setpgid resumed>) = 0 [pid 8719] write(3, "1000", 4 [pid 5062] <... unlink resumed>) = 0 [pid 8720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8719] <... write resumed>) = 4 [pid 5062] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8720] <... openat resumed>) = 3 [pid 8719] close(3 [pid 5062] <... umount2 resumed>) = 0 [pid 8719] <... close resumed>) = 0 [pid 8719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8720] write(3, "1000", 4 [pid 8719] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8720] <... write resumed>) = 4 [pid 8719] <... futex resumed>) = 0 [pid 8720] close(3 [pid 8719] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8720] <... close resumed>) = 0 [pid 8719] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8720] symlink("/dev/binderfs", "./binderfs" [pid 8719] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8720] <... symlink resumed>) = 0 [pid 8719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8720] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8719] <... mmap resumed>) = 0x7f6713892000 [pid 5062] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8720] <... futex resumed>) = 0 [pid 8719] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8720] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8719] <... mprotect resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./359/file0", [pid 8720] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8719] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8720] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8719] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8719] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8720] <... mmap resumed>) = 0x7f6713892000 [pid 8719] <... clone3 resumed> => {parent_tid=[8721]}, 88) = 8721 [pid 8720] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8719] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] openat(AT_FDCWD, "./359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8720] <... mprotect resumed>) = 0 [pid 8719] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8721 attached [pid 8719] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... openat resumed>) = 4 [pid 8721] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8720] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8719] <... futex resumed>) = 0 [pid 8721] <... rseq resumed>) = 0 [pid 8720] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8719] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] newfstatat(4, "", [pid 8721] set_robust_list(0x7f67138b29a0, 24 [pid 8720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8722 attached [pid 8721] <... set_robust_list resumed>) = 0 [pid 5062] getdents64(4, [pid 8722] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, [pid 8722] <... rseq resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8722] set_robust_list(0x7f67138b29a0, 24 [pid 8720] <... clone3 resumed> => {parent_tid=[8722]}, 88) = 8722 [pid 5062] close(4 [pid 8722] <... set_robust_list resumed>) = 0 [pid 8720] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... close resumed>) = 0 [pid 8720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] rmdir("./359/file0" [pid 8722] rt_sigprocmask(SIG_SETMASK, [], [pid 8720] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... rmdir resumed>) = 0 [pid 8722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8720] <... futex resumed>) = 0 [pid 5062] getdents64(3, [pid 8722] memfd_create("syzkaller", 0 [pid 8721] rt_sigprocmask(SIG_SETMASK, [], [pid 8720] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8718] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8717] <... write resumed>) = 2097152 [pid 8722] <... memfd_create resumed>) = 3 [pid 5062] close(3 [pid 8722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8721] memfd_create("syzkaller", 0 [pid 5062] <... close resumed>) = 0 [pid 8722] <... mmap resumed>) = 0x7f670b400000 [pid 8721] <... memfd_create resumed>) = 3 [pid 8717] munmap(0x7f670b400000, 138412032 [pid 5062] rmdir("./359" [pid 8721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8717] <... munmap resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./360", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8718] <... write resumed>) = 2097152 [pid 8721] <... mmap resumed>) = 0x7f670b400000 [pid 8717] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8718] munmap(0x7f670b400000, 138412032 [pid 8722] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8718] <... munmap resumed>) = 0 [pid 8717] <... openat resumed>) = 4 [pid 8717] ioctl(4, LOOP_SET_FD, 3 [pid 8718] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8717] <... ioctl resumed>) = 0 [pid 8717] close(3) = 0 [pid 8717] close(4) = 0 [pid 8722] <... write resumed>) = 2097152 [pid 8717] mkdir("./file0", 0777 [pid 8722] munmap(0x7f670b400000, 138412032 [pid 8718] ioctl(4, LOOP_SET_FD, 3 [pid 8722] <... munmap resumed>) = 0 [pid 8717] <... mkdir resumed>) = 0 [pid 8722] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8721] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8717] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8718] <... ioctl resumed>) = 0 [pid 8718] close(3) = 0 [pid 8722] <... openat resumed>) = 4 [pid 8718] close(4) = 0 [pid 8722] ioctl(4, LOOP_SET_FD, 3 [ 302.099618][ T8717] loop3: detected capacity change from 0 to 4096 [ 302.130071][ T8718] loop2: detected capacity change from 0 to 4096 [pid 8718] mkdir("./file0", 0777) = 0 [pid 8718] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3 [pid 8722] <... ioctl resumed>) = 0 [pid 8722] close(3) = 0 [pid 8722] close(4) = 0 [pid 5062] <... close resumed>) = 0 [pid 8722] mkdir("./file0", 0777 [pid 8721] <... write resumed>) = 2097152 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8722] <... mkdir resumed>) = 0 [pid 8721] munmap(0x7f670b400000, 138412032 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8723 ./strace-static-x86_64: Process 8723 attached [pid 8723] set_robust_list(0x5555569076a0, 24) = 0 [pid 8723] chdir("./360") = 0 [pid 8723] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8722] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8721] <... munmap resumed>) = 0 [pid 8723] <... prctl resumed>) = 0 [pid 8723] setpgid(0, 0) = 0 [pid 8721] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8718] <... mount resumed>) = 0 [ 302.153446][ T8722] loop1: detected capacity change from 0 to 4096 [pid 8723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8721] <... openat resumed>) = 4 [pid 8718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8721] ioctl(4, LOOP_SET_FD, 3 [pid 8723] <... openat resumed>) = 3 [pid 8723] write(3, "1000", 4) = 4 [pid 8723] close(3) = 0 [pid 8723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8718] chdir("./file0" [pid 8723] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8718] <... chdir resumed>) = 0 [pid 8723] <... futex resumed>) = 0 [pid 8718] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8723] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8721] <... ioctl resumed>) = 0 [pid 8718] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8721] close(3 [pid 8723] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8721] <... close resumed>) = 0 [pid 8723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8723] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8721] close(4 [pid 8723] <... mprotect resumed>) = 0 [pid 8723] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8721] <... close resumed>) = 0 [pid 8723] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8718] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8717] <... mount resumed>) = 0 [pid 8723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8721] mkdir("./file0", 0777 [pid 8718] <... futex resumed>) = 1 [pid 8717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8716] <... futex resumed>) = 0 [pid 8723] <... clone3 resumed> => {parent_tid=[8724]}, 88) = 8724 ./strace-static-x86_64: Process 8724 attached [pid 8723] rt_sigprocmask(SIG_SETMASK, [], [pid 8724] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8724] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8723] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8724] rt_sigprocmask(SIG_SETMASK, [], [pid 8723] <... futex resumed>) = 0 [pid 8724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8721] <... mkdir resumed>) = 0 [pid 8718] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8717] <... openat resumed>) = 3 [pid 8716] exit_group(0 [pid 8718] <... futex resumed>) = ? [pid 8717] chdir("./file0" [pid 8716] <... exit_group resumed>) = ? [pid 8718] +++ exited with 0 +++ [pid 8717] <... chdir resumed>) = 0 [pid 8724] memfd_create("syzkaller", 0 [pid 8723] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8717] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8721] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8717] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8715] <... futex resumed>) = 0 [pid 8724] <... memfd_create resumed>) = 3 [pid 8715] exit_group(0 [pid 8724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8715] <... exit_group resumed>) = ? [pid 8724] <... mmap resumed>) = 0x7f670b400000 [ 302.214367][ T8721] loop4: detected capacity change from 0 to 4096 [pid 8717] +++ exited with 0 +++ [pid 8716] +++ exited with 0 +++ [pid 8715] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8716, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8715, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 5065] umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 8722] <... mount resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 5064] openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 8722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8722] <... openat resumed>) = 3 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] getdents64(3, [pid 5065] umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./362/binderfs" [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... unlink resumed>) = 0 [pid 5064] umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./364/binderfs" [pid 8722] chdir("./file0" [pid 5064] <... unlink resumed>) = 0 [pid 8722] <... chdir resumed>) = 0 [pid 5065] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8722] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8722] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8722] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8720] <... futex resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8720] exit_group(0) = ? [pid 8722] <... futex resumed>) = ? [pid 5065] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8724] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./362/file0", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(AT_FDCWD, "./364/file0", [pid 5065] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8722] +++ exited with 0 +++ [pid 8720] +++ exited with 0 +++ [pid 5065] openat(AT_FDCWD, "./362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8720, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5065] newfstatat(4, "", [pid 5064] <... openat resumed>) = 4 [pid 5063] umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(4, [pid 5063] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] newfstatat(3, "", [pid 5065] getdents64(4, [pid 5064] getdents64(4, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] getdents64(3, [pid 5064] close(4 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 5063] umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] rmdir("./364/file0" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(4 [pid 5063] newfstatat(AT_FDCWD, "./367/binderfs", [pid 5065] <... close resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] rmdir("./362/file0" [pid 5063] unlink("./367/binderfs") = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5063] <... umount2 resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5064] getdents64(3, [pid 5063] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./362" [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8724] <... write resumed>) = 2097152 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] close(3 [pid 5063] newfstatat(AT_FDCWD, "./367/file0", [pid 5064] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] rmdir("./364" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8724] munmap(0x7f670b400000, 138412032 [pid 8721] <... mount resumed>) = 0 [pid 5065] mkdir("./363", 0777 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] mkdir("./365", 0777 [pid 5063] newfstatat(4, "", [pid 8721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... mkdir resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 8721] <... openat resumed>) = 3 [pid 8724] <... munmap resumed>) = 0 [pid 8721] chdir("./file0" [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8724] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8721] <... chdir resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 3 [pid 5063] close(4 [pid 8724] <... openat resumed>) = 4 [pid 8721] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... close resumed>) = 0 [pid 8724] ioctl(4, LOOP_SET_FD, 3 [pid 8721] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] rmdir("./367/file0" [pid 8721] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... rmdir resumed>) = 0 [pid 8721] <... futex resumed>) = 1 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8721] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] close(3) = 0 [pid 5063] rmdir("./367") = 0 [pid 5063] mkdir("./368", 0777) = 0 [pid 8719] <... futex resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8724] <... ioctl resumed>) = 0 [pid 8719] exit_group(0 [pid 5063] <... openat resumed>) = 3 [pid 8724] close(3 [pid 8721] <... futex resumed>) = ? [pid 8719] <... exit_group resumed>) = ? [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8724] <... close resumed>) = 0 [pid 8721] +++ exited with 0 +++ [pid 8724] close(4) = 0 [pid 8719] +++ exited with 0 +++ [pid 8724] mkdir("./file0", 0777 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8719, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8724] <... mkdir resumed>) = 0 [ 302.413035][ T8724] loop0: detected capacity change from 0 to 4096 [pid 8724] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./362/binderfs") = 0 [pid 5066] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8724] <... mount resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 8724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] close(3) = 0 [pid 8724] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... ioctl resumed>) = 0 [pid 8724] chdir("./file0") = 0 [pid 5066] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8725 [pid 5064] close(3 [pid 8724] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 8724] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] newfstatat(AT_FDCWD, "./362/file0", [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8725 attached [pid 8724] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8726 attached [pid 8724] <... futex resumed>) = 1 [pid 8723] <... futex resumed>) = 0 [pid 5066] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8726 [pid 8726] set_robust_list(0x5555569076a0, 24 [pid 8724] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8723] exit_group(0 [pid 8725] set_robust_list(0x5555569076a0, 24 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... ioctl resumed>) = 0 [pid 8723] <... exit_group resumed>) = ? [pid 8725] <... set_robust_list resumed>) = 0 [pid 5063] close(3 [pid 8726] <... set_robust_list resumed>) = 0 [pid 8724] <... futex resumed>) = ? [pid 5066] openat(AT_FDCWD, "./362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8726] chdir("./365" [pid 8725] chdir("./363" [pid 8724] +++ exited with 0 +++ [pid 8723] +++ exited with 0 +++ [pid 5066] <... openat resumed>) = 4 [pid 5063] <... close resumed>) = 0 [pid 8726] <... chdir resumed>) = 0 [pid 8725] <... chdir resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8723, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8726] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8725] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] newfstatat(4, "", [pid 8726] <... prctl resumed>) = 0 [pid 8725] <... prctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8727 attached [pid 8726] setpgid(0, 0 [pid 8725] setpgid(0, 0 [pid 5066] getdents64(4, [pid 5062] umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8727] set_robust_list(0x5555569076a0, 24 [pid 8726] <... setpgid resumed>) = 0 [pid 8725] <... setpgid resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8727 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8727] <... set_robust_list resumed>) = 0 [pid 8726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] getdents64(4, [pid 5062] openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8727] chdir("./368" [pid 8726] <... openat resumed>) = 3 [pid 8725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8727] <... chdir resumed>) = 0 [pid 8726] write(3, "1000", 4 [pid 8725] <... openat resumed>) = 3 [pid 5066] close(4 [pid 5062] newfstatat(3, "", [pid 8727] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8726] <... write resumed>) = 4 [pid 8725] write(3, "1000", 4 [pid 5066] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8727] <... prctl resumed>) = 0 [pid 8726] close(3 [pid 5066] rmdir("./362/file0" [pid 5062] getdents64(3, [pid 8727] setpgid(0, 0 [pid 8726] <... close resumed>) = 0 [pid 8725] <... write resumed>) = 4 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8727] <... setpgid resumed>) = 0 [pid 8726] symlink("/dev/binderfs", "./binderfs" [pid 8725] close(3 [pid 5066] <... rmdir resumed>) = 0 [pid 5062] umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8726] <... symlink resumed>) = 0 [pid 8725] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./360/binderfs", [pid 8727] <... openat resumed>) = 3 [pid 8725] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8726] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] unlink("./360/binderfs" [pid 8726] <... futex resumed>) = 0 [pid 8725] <... symlink resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8726] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] getdents64(3, [pid 5062] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8727] write(3, "1000", 4 [pid 8726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8727] <... write resumed>) = 4 [pid 8726] <... mmap resumed>) = 0x7f6713892000 [pid 8725] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... umount2 resumed>) = 0 [pid 8727] close(3 [pid 8726] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8725] <... futex resumed>) = 0 [pid 5066] close(3 [pid 8726] <... mprotect resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5062] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] rmdir("./362") = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8726] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] newfstatat(AT_FDCWD, "./360/file0", [pid 8726] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] mkdir("./363", 0777 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8727] <... close resumed>) = 0 [pid 8726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8725] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8728 attached [pid 8727] symlink("/dev/binderfs", "./binderfs" [pid 8726] <... clone3 resumed> => {parent_tid=[8728]}, 88) = 8728 [pid 8725] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8728] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8726] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5062] openat(AT_FDCWD, "./360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8728] <... rseq resumed>) = 0 [pid 8727] <... symlink resumed>) = 0 [pid 8726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8725] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... openat resumed>) = 4 [pid 8728] set_robust_list(0x7f67138b29a0, 24 [pid 8726] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] newfstatat(4, "", [pid 8728] <... set_robust_list resumed>) = 0 [pid 8726] <... futex resumed>) = 0 [pid 8725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8727] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8728] rt_sigprocmask(SIG_SETMASK, [], [pid 8727] <... futex resumed>) = 0 [pid 8726] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8725] <... mmap resumed>) = 0x7f6713892000 [pid 5062] getdents64(4, [pid 8728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8727] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8725] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8727] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8727] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8725] <... mprotect resumed>) = 0 [pid 5062] getdents64(4, [pid 8728] memfd_create("syzkaller", 0 [pid 8727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8728] <... memfd_create resumed>) = 3 [pid 8727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] close(4 [pid 8728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... close resumed>) = 0 [pid 8728] <... mmap resumed>) = 0x7f670b400000 [pid 8727] <... mmap resumed>) = 0x7f6713892000 [pid 5062] rmdir("./360/file0" [pid 8727] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8725] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8727] <... mprotect resumed>) = 0 [pid 8725] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8727] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8725] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8727] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] getdents64(3, ./strace-static-x86_64: Process 8729 attached [pid 8727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8730 attached [pid 8729] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8725] <... clone3 resumed> => {parent_tid=[8729]}, 88) = 8729 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8730] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8729] <... rseq resumed>) = 0 [pid 8727] <... clone3 resumed> => {parent_tid=[8730]}, 88) = 8730 [pid 8725] rt_sigprocmask(SIG_SETMASK, [], [pid 8730] <... rseq resumed>) = 0 [pid 8729] set_robust_list(0x7f67138b29a0, 24 [pid 8727] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] close(3 [pid 8730] set_robust_list(0x7f67138b29a0, 24 [pid 8729] <... set_robust_list resumed>) = 0 [pid 8727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... close resumed>) = 0 [pid 8730] <... set_robust_list resumed>) = 0 [pid 8729] rt_sigprocmask(SIG_SETMASK, [], [pid 8727] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8725] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] rmdir("./360" [pid 8730] rt_sigprocmask(SIG_SETMASK, [], [pid 8729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8727] <... futex resumed>) = 0 [pid 8730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8727] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8725] <... futex resumed>) = 0 [pid 8725] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8729] memfd_create("syzkaller", 0 [pid 8730] memfd_create("syzkaller", 0 [pid 8729] <... memfd_create resumed>) = 3 [pid 8728] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... rmdir resumed>) = 0 [pid 8730] <... memfd_create resumed>) = 3 [pid 8729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] mkdir("./361", 0777 [pid 8730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... mkdir resumed>) = 0 [pid 5066] close(3) = 0 [pid 8730] <... mmap resumed>) = 0x7f670b400000 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8731 ./strace-static-x86_64: Process 8731 attached [pid 8731] set_robust_list(0x5555569076a0, 24) = 0 [pid 8731] chdir("./363") = 0 [pid 8731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8728] <... write resumed>) = 2097152 [pid 8728] munmap(0x7f670b400000, 138412032 [pid 8731] setpgid(0, 0) = 0 [pid 8731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8731] write(3, "1000", 4) = 4 [pid 8731] close(3) = 0 [pid 8731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8731] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8730] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8731] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8731] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8729] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8728] <... munmap resumed>) = 0 [pid 8731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8731] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8728] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8731] <... mprotect resumed>) = 0 [pid 8728] <... openat resumed>) = 4 [pid 8731] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8728] ioctl(4, LOOP_SET_FD, 3 [pid 8731] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8732]}, 88) = 8732 ./strace-static-x86_64: Process 8732 attached [pid 8731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8732] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8731] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8732] set_robust_list(0x7f67138b29a0, 24 [pid 8731] <... futex resumed>) = 0 [pid 8731] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8732] <... set_robust_list resumed>) = 0 [pid 8728] <... ioctl resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8728] close(3 [pid 5062] close(3 [pid 8728] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8728] close(4 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8732] memfd_create("syzkaller", 0 [pid 8728] <... close resumed>) = 0 ./strace-static-x86_64: Process 8733 attached [pid 8728] mkdir("./file0", 0777 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8733 [pid 8733] set_robust_list(0x5555569076a0, 24) = 0 [pid 8729] <... write resumed>) = 2097152 [pid 8728] <... mkdir resumed>) = 0 [pid 8733] chdir("./361" [pid 8732] <... memfd_create resumed>) = 3 [pid 8729] munmap(0x7f670b400000, 138412032 [pid 8728] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8733] <... chdir resumed>) = 0 [pid 8732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8733] setpgid(0, 0) = 0 [ 302.704435][ T8728] loop2: detected capacity change from 0 to 4096 [pid 8733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8730] <... write resumed>) = 2097152 [pid 8729] <... munmap resumed>) = 0 [pid 8733] <... openat resumed>) = 3 [pid 8730] munmap(0x7f670b400000, 138412032 [pid 8733] write(3, "1000", 4) = 4 [pid 8733] close(3) = 0 [pid 8733] symlink("/dev/binderfs", "./binderfs" [pid 8730] <... munmap resumed>) = 0 [pid 8729] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8728] <... mount resumed>) = 0 [pid 8733] <... symlink resumed>) = 0 [pid 8730] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8729] <... openat resumed>) = 4 [pid 8728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8729] ioctl(4, LOOP_SET_FD, 3 [pid 8732] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8733] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8730] <... openat resumed>) = 4 [pid 8729] <... ioctl resumed>) = 0 [pid 8728] <... openat resumed>) = 3 [pid 8733] <... futex resumed>) = 0 [pid 8730] ioctl(4, LOOP_SET_FD, 3 [pid 8729] close(3 [pid 8728] chdir("./file0" [pid 8733] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8730] <... ioctl resumed>) = 0 [pid 8729] <... close resumed>) = 0 [pid 8728] <... chdir resumed>) = 0 [pid 8733] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8733] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8728] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8733] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8728] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8733] <... mprotect resumed>) = 0 [pid 8733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8734 attached => {parent_tid=[8734]}, 88) = 8734 [pid 8734] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8733] rt_sigprocmask(SIG_SETMASK, [], [pid 8734] <... rseq resumed>) = 0 [pid 8733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8729] close(4 [pid 8728] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8733] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8729] <... close resumed>) = 0 [pid 8728] <... futex resumed>) = 1 [pid 8726] <... futex resumed>) = 0 [pid 8733] <... futex resumed>) = 0 [pid 8729] mkdir("./file0", 0777 [pid 8728] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8726] exit_group(0 [pid 8733] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8730] close(3 [pid 8729] <... mkdir resumed>) = 0 [pid 8728] <... futex resumed>) = ? [pid 8726] <... exit_group resumed>) = ? [pid 8730] <... close resumed>) = 0 [pid 8729] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8728] +++ exited with 0 +++ [pid 8726] +++ exited with 0 +++ [pid 8730] close(4) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8726, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8730] mkdir("./file0", 0777 [pid 5064] umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8734] set_robust_list(0x7f67138b29a0, 24 [pid 5064] openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8734] <... set_robust_list resumed>) = 0 [pid 8730] <... mkdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8734] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] newfstatat(3, "", [pid 8734] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8730] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8734] memfd_create("syzkaller", 0 [pid 5064] getdents64(3, [pid 8734] <... memfd_create resumed>) = 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8734] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./365/binderfs", [pid 8729] <... mount resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] unlink("./365/binderfs" [pid 8729] <... openat resumed>) = 3 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8729] chdir("./file0") = 0 [ 302.809924][ T8729] loop3: detected capacity change from 0 to 4096 [ 302.829444][ T8730] loop1: detected capacity change from 0 to 4096 [pid 8729] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8732] <... write resumed>) = 2097152 [pid 8732] munmap(0x7f670b400000, 138412032 [pid 5064] <... umount2 resumed>) = 0 [pid 8729] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8729] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8732] <... munmap resumed>) = 0 [pid 8725] <... futex resumed>) = 0 [pid 8725] exit_group(0 [pid 5064] newfstatat(AT_FDCWD, "./365/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8729] <... futex resumed>) = ? [pid 8725] <... exit_group resumed>) = ? [pid 5064] <... openat resumed>) = 4 [pid 8729] +++ exited with 0 +++ [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8725] +++ exited with 0 +++ [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8725, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5064] getdents64(4, [pid 5065] umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] close(4 [pid 5065] <... openat resumed>) = 3 [pid 5064] <... close resumed>) = 0 [pid 8730] <... mount resumed>) = 0 [pid 5064] rmdir("./365/file0" [pid 8732] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] newfstatat(3, "", [pid 8730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8730] <... openat resumed>) = 3 [pid 5065] getdents64(3, [pid 5064] <... rmdir resumed>) = 0 [pid 8730] chdir("./file0" [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8732] <... openat resumed>) = 4 [pid 8730] <... chdir resumed>) = 0 [pid 5065] umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, [pid 8730] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8730] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] newfstatat(AT_FDCWD, "./363/binderfs", [pid 5064] close(3 [pid 8732] ioctl(4, LOOP_SET_FD, 3 [pid 8730] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... close resumed>) = 0 [pid 8730] <... futex resumed>) = 1 [pid 5065] unlink("./363/binderfs" [pid 5064] rmdir("./365" [pid 8730] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... rmdir resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] mkdir("./366", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8734] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8732] <... ioctl resumed>) = 0 [pid 8727] <... futex resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 8727] exit_group(0 [pid 5064] <... openat resumed>) = 3 [pid 8727] <... exit_group resumed>) = ? [pid 8730] <... futex resumed>) = ? [pid 8730] +++ exited with 0 +++ [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./363/file0", [pid 8732] close(3 [pid 8727] +++ exited with 0 +++ [pid 8732] <... close resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8727, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 8732] close(4 [pid 5063] umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8732] <... close resumed>) = 0 [pid 8732] mkdir("./file0", 0777 [pid 5063] openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8732] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] getdents64(3, [pid 8732] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5065] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 4 [pid 5063] newfstatat(AT_FDCWD, "./368/binderfs", [pid 5065] newfstatat(4, "", [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] unlink("./368/binderfs") = 0 [pid 5063] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 5063] <... umount2 resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5063] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rmdir("./363/file0" [pid 5063] newfstatat(AT_FDCWD, "./368/file0", [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(3, [pid 5063] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 302.937140][ T8732] loop4: detected capacity change from 0 to 4096 [pid 5065] close(3) = 0 [pid 5065] rmdir("./363" [pid 5063] openat(AT_FDCWD, "./368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 5065] mkdir("./364", 0777 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... mkdir resumed>) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./368/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] close(3 [pid 8734] <... write resumed>) = 2097152 [pid 5065] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./368") = 0 [pid 8734] munmap(0x7f670b400000, 138412032 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8734] <... munmap resumed>) = 0 [pid 8732] <... mount resumed>) = 0 [pid 5063] mkdir("./369", 0777 [pid 8732] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] <... mkdir resumed>) = 0 [pid 8732] <... openat resumed>) = 3 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8734] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8732] chdir("./file0" [pid 5063] <... openat resumed>) = 3 [pid 8732] <... chdir resumed>) = 0 [pid 8732] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8734] <... openat resumed>) = 4 [pid 8734] ioctl(4, LOOP_SET_FD, 3 [pid 8732] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8732] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8734] <... ioctl resumed>) = 0 [pid 8732] <... futex resumed>) = 1 [pid 8731] <... futex resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 8732] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8731] exit_group(0 [pid 5064] close(3 [pid 8732] <... futex resumed>) = ? [pid 8731] <... exit_group resumed>) = ? [pid 5064] <... close resumed>) = 0 [pid 8734] close(3) = 0 [pid 8732] +++ exited with 0 +++ [pid 8731] +++ exited with 0 +++ [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8731, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8734] close(4 [pid 5066] umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8734] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8734] mkdir("./file0", 0777 [pid 5066] openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8735 attached [pid 8734] <... mkdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8735] set_robust_list(0x5555569076a0, 24 [pid 5066] getdents64(3, [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8735 [pid 8734] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8735] <... set_robust_list resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8735] chdir("./366" [pid 5066] newfstatat(AT_FDCWD, "./363/binderfs", [pid 5065] close(3 [pid 8735] <... chdir resumed>) = 0 [pid 8735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 303.050162][ T8734] loop0: detected capacity change from 0 to 4096 [pid 8735] setpgid(0, 0 [pid 5066] unlink("./363/binderfs" [pid 8735] <... setpgid resumed>) = 0 [pid 8735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8735] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8735] write(3, "1000", 4) = 4 [pid 5066] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8735] close(3./strace-static-x86_64: Process 8736 attached ) = 0 [pid 5066] newfstatat(AT_FDCWD, "./363/file0", [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8736 [pid 8736] set_robust_list(0x5555569076a0, 24 [pid 8735] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8736] <... set_robust_list resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8736] chdir("./364" [pid 5066] openat(AT_FDCWD, "./363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8735] <... symlink resumed>) = 0 [pid 8735] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8735] <... futex resumed>) = 0 [pid 5066] getdents64(4, [pid 8735] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8736] <... chdir resumed>) = 0 [pid 8735] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] getdents64(4, [pid 8736] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8736] <... prctl resumed>) = 0 [pid 8735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] close(4 [pid 8736] setpgid(0, 0 [pid 8735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... close resumed>) = 0 [pid 8736] <... setpgid resumed>) = 0 [pid 5066] rmdir("./363/file0" [pid 8736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8735] <... mmap resumed>) = 0x7f6713892000 [pid 5066] <... rmdir resumed>) = 0 [pid 8736] <... openat resumed>) = 3 [pid 8735] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8736] write(3, "1000", 4) = 4 [pid 8736] close(3 [pid 5066] getdents64(3, [pid 8736] <... close resumed>) = 0 [pid 8735] <... mprotect resumed>) = 0 [pid 8736] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8736] <... symlink resumed>) = 0 [pid 8735] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] close(3) = 0 [pid 5066] rmdir("./363" [pid 8736] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8736] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8735] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8736] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] mkdir("./364", 0777./strace-static-x86_64: Process 8737 attached [pid 8736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8737] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... mkdir resumed>) = 0 [pid 8735] <... clone3 resumed> => {parent_tid=[8737]}, 88) = 8737 [pid 8737] <... rseq resumed>) = 0 [pid 8736] <... mmap resumed>) = 0x7f6713892000 [pid 8735] rt_sigprocmask(SIG_SETMASK, [], [pid 8737] set_robust_list(0x7f67138b29a0, 24 [pid 8736] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8737] <... set_robust_list resumed>) = 0 [pid 8736] <... mprotect resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8737] rt_sigprocmask(SIG_SETMASK, [], [pid 8736] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8735] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... openat resumed>) = 3 [pid 8737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8736] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8737] memfd_create("syzkaller", 0 [pid 8736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8735] <... futex resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 8738 attached [pid 8738] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8736] <... clone3 resumed> => {parent_tid=[8738]}, 88) = 8738 [pid 8736] rt_sigprocmask(SIG_SETMASK, [], [pid 8738] <... rseq resumed>) = 0 [pid 8738] set_robust_list(0x7f67138b29a0, 24 [pid 8736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8738] <... set_robust_list resumed>) = 0 [pid 8737] <... memfd_create resumed>) = 3 [pid 8736] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8738] rt_sigprocmask(SIG_SETMASK, [], [pid 8736] <... futex resumed>) = 0 [pid 8738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8736] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... ioctl resumed>) = 0 [pid 8735] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8737] <... mmap resumed>) = 0x7f670b400000 [pid 8738] memfd_create("syzkaller", 0 [pid 8734] <... mount resumed>) = 0 [pid 8738] <... memfd_create resumed>) = 3 [pid 8738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8734] chdir("./file0" [pid 5063] close(3 [pid 8734] <... chdir resumed>) = 0 [pid 8734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8734] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... close resumed>) = 0 [pid 8734] <... futex resumed>) = 1 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8734] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8733] <... futex resumed>) = 0 [pid 8733] exit_group(0 [pid 8734] <... futex resumed>) = ? [pid 8733] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 8739 attached [pid 8734] +++ exited with 0 +++ [pid 8733] +++ exited with 0 +++ [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8739 [pid 8738] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8739] set_robust_list(0x5555569076a0, 24 [pid 8737] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8733, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8739] <... set_robust_list resumed>) = 0 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8739] chdir("./369" [pid 5062] <... restart_syscall resumed>) = 0 [pid 8739] <... chdir resumed>) = 0 [pid 8739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8739] setpgid(0, 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8739] <... setpgid resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8739] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./361/binderfs", [pid 8739] write(3, "1000", 4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8739] <... write resumed>) = 4 [pid 5062] unlink("./361/binderfs" [pid 8739] close(3) = 0 [pid 8739] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... unlink resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 8739] <... symlink resumed>) = 0 [pid 5062] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8739] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] close(3 [pid 8739] <... futex resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 8738] <... write resumed>) = 2097152 [pid 8739] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8737] <... write resumed>) = 2097152 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... umount2 resumed>) = 0 [pid 8739] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8738] munmap(0x7f670b400000, 138412032 [pid 8737] munmap(0x7f670b400000, 138412032./strace-static-x86_64: Process 8740 attached [pid 8739] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8740] set_robust_list(0x5555569076a0, 24 [pid 8739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8740 [pid 8740] <... set_robust_list resumed>) = 0 [pid 8739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8740] chdir("./364" [pid 8739] <... mmap resumed>) = 0x7f6713892000 [pid 5062] newfstatat(AT_FDCWD, "./361/file0", [pid 8740] <... chdir resumed>) = 0 [pid 8739] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8740] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8739] <... mprotect resumed>) = 0 [pid 8739] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8740] <... prctl resumed>) = 0 [pid 5062] umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8740] setpgid(0, 0 [pid 8739] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8740] <... setpgid resumed>) = 0 [pid 8739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] openat(AT_FDCWD, "./361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", ./strace-static-x86_64: Process 8741 attached [pid 8740] <... openat resumed>) = 3 [pid 8739] <... clone3 resumed> => {parent_tid=[8741]}, 88) = 8741 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8741] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8739] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] getdents64(4, [pid 8741] <... rseq resumed>) = 0 [pid 8740] write(3, "1000", 4 [pid 8739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8741] set_robust_list(0x7f67138b29a0, 24 [pid 8740] <... write resumed>) = 4 [pid 8739] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8741] <... set_robust_list resumed>) = 0 [pid 8740] close(3 [pid 8739] <... futex resumed>) = 0 [pid 5062] getdents64(4, [pid 8741] rt_sigprocmask(SIG_SETMASK, [], [pid 8740] <... close resumed>) = 0 [pid 8739] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8740] symlink("/dev/binderfs", "./binderfs" [pid 5062] close(4 [pid 8740] <... symlink resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./361/file0" [pid 8740] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... rmdir resumed>) = 0 [pid 8741] memfd_create("syzkaller", 0 [pid 8740] <... futex resumed>) = 0 [pid 8740] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8738] <... munmap resumed>) = 0 [pid 5062] getdents64(3, [pid 8740] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8737] <... munmap resumed>) = 0 [pid 8740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] close(3 [pid 8740] <... mmap resumed>) = 0x7f6713892000 [pid 8738] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8737] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8741] <... memfd_create resumed>) = 3 [pid 8740] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... close resumed>) = 0 [pid 8738] <... openat resumed>) = 4 [pid 8741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8740] <... mprotect resumed>) = 0 [pid 8737] <... openat resumed>) = 4 [pid 5062] rmdir("./361" [pid 8741] <... mmap resumed>) = 0x7f670b400000 [pid 8737] ioctl(4, LOOP_SET_FD, 3 [pid 8738] ioctl(4, LOOP_SET_FD, 3 [pid 8740] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... rmdir resumed>) = 0 [pid 8740] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8742 attached [pid 5062] mkdir("./362", 0777 [pid 8742] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5062] <... mkdir resumed>) = 0 [pid 8742] <... rseq resumed>) = 0 [pid 8740] <... clone3 resumed> => {parent_tid=[8742]}, 88) = 8742 [pid 8742] set_robust_list(0x7f67138b29a0, 24 [pid 8740] rt_sigprocmask(SIG_SETMASK, [], [pid 8742] <... set_robust_list resumed>) = 0 [pid 8740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8742] rt_sigprocmask(SIG_SETMASK, [], [pid 8740] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8740] <... futex resumed>) = 0 [pid 8742] memfd_create("syzkaller", 0 [pid 8740] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8742] <... memfd_create resumed>) = 3 [pid 8738] <... ioctl resumed>) = 0 [pid 8737] <... ioctl resumed>) = 0 [pid 8738] close(3 [pid 8742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8738] <... close resumed>) = 0 [pid 8737] close(3 [pid 8742] <... mmap resumed>) = 0x7f670b400000 [pid 8738] close(4 [pid 8737] <... close resumed>) = 0 [pid 8738] <... close resumed>) = 0 [pid 8737] close(4) = 0 [pid 8737] mkdir("./file0", 0777 [pid 8738] mkdir("./file0", 0777 [pid 8737] <... mkdir resumed>) = 0 [pid 8738] <... mkdir resumed>) = 0 [pid 8737] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8741] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 303.307808][ T8738] loop3: detected capacity change from 0 to 4096 [ 303.317349][ T8737] loop2: detected capacity change from 0 to 4096 [pid 8738] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8742] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8738] <... mount resumed>) = 0 [pid 8738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8738] chdir("./file0") = 0 [pid 8738] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8738] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8738] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8736] <... futex resumed>) = 0 [pid 8736] exit_group(0 [pid 8738] <... futex resumed>) = ? [pid 8736] <... exit_group resumed>) = ? [pid 8738] +++ exited with 0 +++ [pid 8736] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8736, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8737] <... mount resumed>) = 0 [pid 8737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] <... ioctl resumed>) = 0 [pid 8737] chdir("./file0" [pid 5062] close(3 [pid 8737] <... chdir resumed>) = 0 [pid 8737] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... close resumed>) = 0 [pid 8737] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8741] <... write resumed>) = 2097152 [pid 8737] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8737] <... futex resumed>) = 1 [pid 8735] <... futex resumed>) = 0 [pid 8735] exit_group(0) = ? [pid 8737] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8741] munmap(0x7f670b400000, 138412032 [pid 5065] openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8743 ./strace-static-x86_64: Process 8743 attached [pid 8735] +++ exited with 0 +++ [pid 5065] <... openat resumed>) = 3 [pid 8743] set_robust_list(0x5555569076a0, 24 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8735, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8743] <... set_robust_list resumed>) = 0 [pid 8743] chdir("./362" [pid 5065] newfstatat(3, "", [pid 8743] <... chdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8743] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8743] <... prctl resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8743] setpgid(0, 0 [pid 5064] newfstatat(3, "", [pid 8743] <... setpgid resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] getdents64(3, [pid 8743] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8743] write(3, "1000", 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(3, [pid 5064] newfstatat(AT_FDCWD, "./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] unlink("./366/binderfs" [pid 8741] <... munmap resumed>) = 0 [pid 8743] <... write resumed>) = 4 [pid 8741] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... unlink resumed>) = 0 [pid 8743] close(3 [pid 8741] <... openat resumed>) = 4 [pid 8741] ioctl(4, LOOP_SET_FD, 3 [pid 5064] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8743] <... close resumed>) = 0 [pid 8743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8743] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8743] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8743] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8742] <... write resumed>) = 2097152 [pid 8741] <... ioctl resumed>) = 0 [pid 5065] umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 8743] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8742] munmap(0x7f670b400000, 138412032 [pid 8741] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8743] <... mprotect resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./364/binderfs", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8743] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(AT_FDCWD, "./366/file0", [pid 8741] <... close resumed>) = 0 [pid 8743] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] unlink("./364/binderfs" [pid 8743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8741] close(4 [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8744 attached [pid 8742] <... munmap resumed>) = 0 [pid 8741] <... close resumed>) = 0 [pid 5065] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8744] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8743] <... clone3 resumed> => {parent_tid=[8744]}, 88) = 8744 [pid 8741] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8744] <... rseq resumed>) = 0 [pid 8743] rt_sigprocmask(SIG_SETMASK, [], [pid 8741] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8744] set_robust_list(0x7f67138b29a0, 24 [pid 8743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8742] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 303.451040][ T8741] loop1: detected capacity change from 0 to 4096 [pid 8741] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5065] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 4 [pid 8744] <... set_robust_list resumed>) = 0 [pid 8743] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8742] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(4, "", [pid 8744] rt_sigprocmask(SIG_SETMASK, [], [pid 8743] <... futex resumed>) = 0 [pid 8742] ioctl(4, LOOP_SET_FD, 3 [pid 5065] newfstatat(AT_FDCWD, "./364/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8743] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8742] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8744] memfd_create("syzkaller", 0 [pid 5065] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8744] <... memfd_create resumed>) = 3 [pid 5065] newfstatat(4, "", [pid 5064] getdents64(4, [pid 8744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8744] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] close(4 [pid 5065] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] rmdir("./366/file0" [pid 5065] getdents64(4, [pid 5064] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./364/file0") = 0 [pid 5065] getdents64(3, [pid 5064] getdents64(3, [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5064] close(3 [pid 5065] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5065] rmdir("./364" [pid 5064] rmdir("./366" [pid 8742] close(3 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8742] <... close resumed>) = 0 [pid 5065] mkdir("./365", 0777 [pid 8742] close(4) = 0 [pid 5064] mkdir("./367", 0777 [pid 5065] <... mkdir resumed>) = 0 [pid 8742] mkdir("./file0", 0777 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... mkdir resumed>) = 0 [pid 8742] <... mkdir resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8741] <... mount resumed>) = 0 [ 303.518502][ T8742] loop4: detected capacity change from 0 to 4096 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] <... openat resumed>) = 3 [pid 8741] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8741] <... openat resumed>) = 3 [pid 8742] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8741] chdir("./file0") = 0 [pid 8741] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8741] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8739] <... futex resumed>) = 0 [pid 8741] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8739] exit_group(0 [pid 8741] <... futex resumed>) = ? [pid 8739] <... exit_group resumed>) = ? [pid 8741] +++ exited with 0 +++ [pid 8739] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8739, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8744] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./369/binderfs") = 0 [pid 8742] <... mount resumed>) = 0 [pid 5063] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8742] chdir("./file0") = 0 [pid 8742] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8744] <... write resumed>) = 2097152 [pid 8742] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] <... umount2 resumed>) = 0 [pid 8742] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8742] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./369/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8740] <... futex resumed>) = 0 [pid 5063] getdents64(4, [pid 8740] exit_group(0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8740] <... exit_group resumed>) = ? [pid 8742] <... futex resumed>) = ? [pid 5063] getdents64(4, [pid 8742] +++ exited with 0 +++ [pid 8740] +++ exited with 0 +++ [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8740, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5063] close(4) = 0 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5063] rmdir("./369/file0" [pid 5066] <... restart_syscall resumed>) = 0 [pid 8744] munmap(0x7f670b400000, 138412032 [pid 5063] <... rmdir resumed>) = 0 [pid 8744] <... munmap resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./369") = 0 [pid 8744] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(3 [pid 5064] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... openat resumed>) = 3 [pid 5063] mkdir("./370", 0777) = 0 ./strace-static-x86_64: Process 8745 attached [pid 8745] set_robust_list(0x5555569076a0, 24 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 8745] <... set_robust_list resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8745 [pid 8745] chdir("./367" [pid 8744] <... openat resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8745] <... chdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8746 [pid 5066] getdents64(3, [pid 8745] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8744] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8745] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 8746 attached [pid 8745] setpgid(0, 0 [pid 8744] <... ioctl resumed>) = 0 [pid 5066] umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8746] set_robust_list(0x5555569076a0, 24 [pid 8745] <... setpgid resumed>) = 0 [pid 8744] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8746] <... set_robust_list resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./364/binderfs", [pid 8746] chdir("./365" [pid 8745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8744] <... close resumed>) = 0 [pid 8746] <... chdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8746] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] unlink("./364/binderfs" [pid 8746] <... prctl resumed>) = 0 [pid 8746] setpgid(0, 0 [pid 8744] close(4 [pid 8746] <... setpgid resumed>) = 0 [pid 8746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8744] <... close resumed>) = 0 [pid 8746] <... openat resumed>) = 3 [pid 5066] <... unlink resumed>) = 0 [pid 8746] write(3, "1000", 4 [pid 8745] <... openat resumed>) = 3 [pid 8744] mkdir("./file0", 0777 [pid 5066] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8745] write(3, "1000", 4 [pid 8746] <... write resumed>) = 4 [pid 8746] close(3) = 0 [pid 8746] symlink("/dev/binderfs", "./binderfs" [pid 8745] <... write resumed>) = 4 [pid 8746] <... symlink resumed>) = 0 [pid 8745] close(3 [pid 8744] <... mkdir resumed>) = 0 [pid 8745] <... close resumed>) = 0 [pid 8746] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8745] symlink("/dev/binderfs", "./binderfs" [pid 8744] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] <... umount2 resumed>) = 0 [pid 8746] <... futex resumed>) = 0 [pid 8745] <... symlink resumed>) = 0 [pid 5066] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8746] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8745] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8746] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] newfstatat(AT_FDCWD, "./364/file0", [pid 8746] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8745] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8745] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8745] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8746] <... mmap resumed>) = 0x7f6713892000 [pid 8745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] openat(AT_FDCWD, "./364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5066] <... openat resumed>) = 4 [pid 8745] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8745] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8746] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] newfstatat(4, "", [pid 8746] <... mprotect resumed>) = 0 [ 303.696823][ T8744] loop0: detected capacity change from 0 to 4096 [pid 8745] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8747 attached [pid 8746] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8747] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8746] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8745] <... clone3 resumed> => {parent_tid=[8747]}, 88) = 8747 [pid 5066] getdents64(4, [pid 5063] <... ioctl resumed>) = 0 [pid 8747] <... rseq resumed>) = 0 [pid 8746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8745] rt_sigprocmask(SIG_SETMASK, [], [pid 8747] set_robust_list(0x7f67138b29a0, 24 [pid 8745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] close(3./strace-static-x86_64: Process 8748 attached [pid 8747] <... set_robust_list resumed>) = 0 [pid 5066] getdents64(4, [pid 8748] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8747] rt_sigprocmask(SIG_SETMASK, [], [pid 8746] <... clone3 resumed> => {parent_tid=[8748]}, 88) = 8748 [pid 8745] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... close resumed>) = 0 [pid 8748] <... rseq resumed>) = 0 [pid 8747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8746] rt_sigprocmask(SIG_SETMASK, [], [pid 8745] <... futex resumed>) = 0 [pid 5066] close(4 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8748] set_robust_list(0x7f67138b29a0, 24 [pid 8747] memfd_create("syzkaller", 0 [pid 8746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8745] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... close resumed>) = 0 [pid 8748] <... set_robust_list resumed>) = 0 [pid 5066] rmdir("./364/file0" [pid 8748] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... rmdir resumed>) = 0 [pid 8748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8746] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] getdents64(3, [pid 8746] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8749 attached [pid 8747] <... memfd_create resumed>) = 3 [pid 8746] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8749] set_robust_list(0x5555569076a0, 24 [pid 8747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8749] <... set_robust_list resumed>) = 0 [pid 8748] memfd_create("syzkaller", 0 [pid 8747] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8749 [pid 8749] chdir("./370" [pid 5066] close(3) = 0 [pid 5066] rmdir("./364" [pid 8749] <... chdir resumed>) = 0 [pid 8749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8749] setpgid(0, 0) = 0 [pid 8749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8748] <... memfd_create resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./365", 0777 [pid 8748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8749] write(3, "1000", 4) = 4 [pid 8749] close(3) = 0 [pid 8749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8748] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... mkdir resumed>) = 0 [pid 8749] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8749] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8749] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8749] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... openat resumed>) = 3 [pid 8749] <... clone3 resumed> => {parent_tid=[8750]}, 88) = 8750 [pid 5066] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 8750 attached [pid 8749] rt_sigprocmask(SIG_SETMASK, [], [pid 8750] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8750] <... rseq resumed>) = 0 [pid 8749] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8750] set_robust_list(0x7f67138b29a0, 24 [pid 8749] <... futex resumed>) = 0 [pid 8750] <... set_robust_list resumed>) = 0 [pid 8750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8750] memfd_create("syzkaller", 0 [pid 8749] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8750] <... memfd_create resumed>) = 3 [pid 8747] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8744] <... mount resumed>) = 0 [pid 8744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8744] chdir("./file0") = 0 [pid 8748] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8744] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8743] <... futex resumed>) = 0 [pid 8744] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8743] exit_group(0 [pid 8744] <... futex resumed>) = ? [pid 8743] <... exit_group resumed>) = ? [pid 8744] +++ exited with 0 +++ [pid 8743] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8743, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./362/binderfs" [pid 5066] <... ioctl resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3 [pid 5062] <... umount2 resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8751 attached [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8751 [pid 8751] set_robust_list(0x5555569076a0, 24) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8751] chdir("./365" [pid 5062] newfstatat(AT_FDCWD, "./362/file0", [pid 8751] <... chdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8751] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8751] <... prctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8751] setpgid(0, 0 [pid 5062] openat(AT_FDCWD, "./362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8751] <... setpgid resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", [pid 8751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8751] <... openat resumed>) = 3 [pid 8747] <... write resumed>) = 2097152 [pid 8751] write(3, "1000", 4 [pid 5062] getdents64(4, [pid 8751] <... write resumed>) = 4 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8751] close(3 [pid 8748] <... write resumed>) = 2097152 [pid 5062] getdents64(4, [pid 8751] <... close resumed>) = 0 [pid 8750] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8748] munmap(0x7f670b400000, 138412032 [pid 8747] munmap(0x7f670b400000, 138412032 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 8751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8748] <... munmap resumed>) = 0 [pid 8747] <... munmap resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./362/file0") = 0 [pid 5062] getdents64(3, [pid 8751] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./362") = 0 [pid 8751] <... futex resumed>) = 0 [pid 8751] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8748] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] mkdir("./363", 0777 [pid 8751] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8748] <... openat resumed>) = 4 [pid 8751] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8748] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... mkdir resumed>) = 0 [pid 8747] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8747] <... openat resumed>) = 4 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8747] ioctl(4, LOOP_SET_FD, 3 [pid 8751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8748] <... ioctl resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8751] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8748] close(3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8748] <... close resumed>) = 0 [pid 8751] <... mprotect resumed>) = 0 [pid 8748] close(4 [pid 8751] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8748] <... close resumed>) = 0 [pid 8751] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8747] <... ioctl resumed>) = 0 [pid 8747] close(3) = 0 [pid 8747] close(4) = 0 [pid 8747] mkdir("./file0", 0777) = 0 [pid 8751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8748] mkdir("./file0", 0777 [pid 8747] mount("/dev/loop2", "./file0", "ntfs3", 0, ""./strace-static-x86_64: Process 8752 attached [pid 8748] <... mkdir resumed>) = 0 [pid 8752] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8751] <... clone3 resumed> => {parent_tid=[8752]}, 88) = 8752 [pid 8748] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8752] <... rseq resumed>) = 0 [pid 8751] rt_sigprocmask(SIG_SETMASK, [], [pid 8752] set_robust_list(0x7f67138b29a0, 24 [pid 8751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8752] <... set_robust_list resumed>) = 0 [pid 8752] rt_sigprocmask(SIG_SETMASK, [], [pid 8751] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8751] <... futex resumed>) = 0 [pid 8752] memfd_create("syzkaller", 0 [pid 8751] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8752] <... memfd_create resumed>) = 3 [ 303.944255][ T8748] loop3: detected capacity change from 0 to 4096 [ 303.946232][ T8747] loop2: detected capacity change from 0 to 4096 [pid 8748] <... mount resumed>) = 0 [pid 8752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8752] <... mmap resumed>) = 0x7f670b400000 [pid 8748] <... openat resumed>) = 3 [pid 8748] chdir("./file0" [pid 8750] <... write resumed>) = 2097152 [pid 8748] <... chdir resumed>) = 0 [pid 8750] munmap(0x7f670b400000, 138412032 [pid 8748] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8748] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8746] <... futex resumed>) = 0 [pid 8746] exit_group(0) = ? [pid 8750] <... munmap resumed>) = 0 [pid 8750] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8748] +++ exited with 0 +++ [pid 8746] +++ exited with 0 +++ [pid 8750] ioctl(4, LOOP_SET_FD, 3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8746, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5062] <... ioctl resumed>) = 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] close(3) = 0 [pid 5065] umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8753 attached [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8753] set_robust_list(0x5555569076a0, 24 [pid 5065] openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8753] <... set_robust_list resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 8753] chdir("./363" [pid 5065] newfstatat(3, "", [pid 8753] <... chdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8753] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] getdents64(3, [pid 8753] <... prctl resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8753 [pid 8753] setpgid(0, 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8753] <... setpgid resumed>) = 0 [pid 5065] umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./365/binderfs", [pid 8753] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8753] write(3, "1000", 4 [pid 5065] unlink("./365/binderfs" [pid 8753] <... write resumed>) = 4 [pid 5065] <... unlink resumed>) = 0 [pid 8753] close(3) = 0 [pid 8753] symlink("/dev/binderfs", "./binderfs" [pid 5065] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 8753] <... symlink resumed>) = 0 [pid 8750] <... ioctl resumed>) = 0 [pid 8750] close(3) = 0 [pid 8750] close(4 [pid 8753] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8750] <... close resumed>) = 0 [pid 5065] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8753] <... futex resumed>) = 0 [pid 8750] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8753] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8750] <... mkdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./365/file0", [pid 8753] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8753] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8750] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8753] <... mmap resumed>) = 0x7f6713892000 [pid 5065] openat(AT_FDCWD, "./365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8753] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... openat resumed>) = 4 [pid 8753] <... mprotect resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 8753] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8752] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8747] <... mount resumed>) = 0 [pid 8747] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8753] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8747] chdir("./file0" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 304.036812][ T8750] loop1: detected capacity change from 0 to 4096 [pid 8753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8747] <... chdir resumed>) = 0 [pid 5065] getdents64(4, ./strace-static-x86_64: Process 8754 attached [pid 8747] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8754] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8747] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8754] <... rseq resumed>) = 0 [pid 8754] set_robust_list(0x7f67138b29a0, 24 [pid 8747] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8754] <... set_robust_list resumed>) = 0 [pid 8745] <... futex resumed>) = 0 [pid 8754] rt_sigprocmask(SIG_SETMASK, [], [pid 8747] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8745] exit_group(0 [pid 8754] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8747] <... futex resumed>) = ? [pid 8745] <... exit_group resumed>) = ? [pid 8753] <... clone3 resumed> => {parent_tid=[8754]}, 88) = 8754 [pid 8747] +++ exited with 0 +++ [pid 8745] +++ exited with 0 +++ [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8753] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] getdents64(4, [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8745, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 8753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8753] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] close(4) = 0 [pid 8754] <... futex resumed>) = 0 [pid 8753] <... futex resumed>) = 1 [pid 5065] rmdir("./365/file0" [pid 5064] umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8753] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8754] memfd_create("syzkaller", 0 [pid 5064] openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 5065] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./367/binderfs" [pid 8754] <... memfd_create resumed>) = 3 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./365" [pid 8754] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./366", 0777) = 0 [pid 5064] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... umount2 resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8755 [pid 5064] newfstatat(AT_FDCWD, "./367/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8755 attached ) = -1 EINVAL (Invalid argument) [pid 8755] set_robust_list(0x5555569076a0, 24 [pid 5064] openat(AT_FDCWD, "./367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8755] <... set_robust_list resumed>) = 0 [pid 8750] <... mount resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 8755] chdir("./366") = 0 [pid 5064] newfstatat(4, "", [pid 8755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8755] setpgid(0, 0 [pid 8752] <... write resumed>) = 2097152 [pid 8750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] getdents64(4, [pid 8755] <... setpgid resumed>) = 0 [pid 8750] <... openat resumed>) = 3 [pid 8755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8752] munmap(0x7f670b400000, 138412032 [pid 8750] chdir("./file0" [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 8755] <... openat resumed>) = 3 [pid 8750] <... chdir resumed>) = 0 [pid 5064] rmdir("./367/file0" [pid 8755] write(3, "1000", 4 [pid 8750] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... rmdir resumed>) = 0 [pid 8755] <... write resumed>) = 4 [pid 8755] close(3) = 0 [pid 8755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8755] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8752] <... munmap resumed>) = 0 [pid 8750] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] getdents64(3, [pid 8750] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8750] <... futex resumed>) = 1 [pid 8749] <... futex resumed>) = 0 [pid 5064] close(3 [pid 8750] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8749] exit_group(0 [pid 8750] <... futex resumed>) = ? [pid 8749] <... exit_group resumed>) = ? [pid 5064] <... close resumed>) = 0 [pid 8755] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5064] rmdir("./367" [pid 8755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8755] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8750] +++ exited with 0 +++ [pid 8749] +++ exited with 0 +++ [pid 8754] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8755] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8749, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] mkdir("./368", 0777 [pid 5063] umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8755] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8752] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... mkdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8752] <... openat resumed>) = 4 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8752] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... openat resumed>) = 3 [pid 5063] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8756 attached [pid 8755] <... clone3 resumed> => {parent_tid=[8756]}, 88) = 8756 [pid 8755] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] newfstatat(3, "", [pid 8755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8755] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] close(3 [pid 5063] getdents64(3, [pid 8755] <... futex resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8756] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8755] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8756] <... rseq resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8756] set_robust_list(0x7f67138b29a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8757 [pid 5063] newfstatat(AT_FDCWD, "./370/binderfs", [pid 8756] <... set_robust_list resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8756] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] unlink("./370/binderfs" [pid 8756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 8757 attached [pid 5063] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 8756] memfd_create("syzkaller", 0 [pid 8757] set_robust_list(0x5555569076a0, 24 [pid 8756] <... memfd_create resumed>) = 3 [pid 8757] <... set_robust_list resumed>) = 0 [pid 8757] chdir("./368") = 0 [pid 8757] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8752] <... ioctl resumed>) = 0 [pid 5063] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8752] close(3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8757] <... prctl resumed>) = 0 [pid 8752] <... close resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./370/file0", [pid 8757] setpgid(0, 0 [pid 8756] <... mmap resumed>) = 0x7f670b400000 [pid 8752] close(4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8752] <... close resumed>) = 0 [pid 5063] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8752] mkdir("./file0", 0777 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8757] <... setpgid resumed>) = 0 [pid 8752] <... mkdir resumed>) = 0 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] getdents64(4, [pid 8757] <... openat resumed>) = 3 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./370/file0") = 0 [pid 5063] getdents64(3, [pid 8757] write(3, "1000", 4 [pid 8752] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8757] <... write resumed>) = 4 [pid 5063] close(3 [pid 8757] close(3 [pid 5063] <... close resumed>) = 0 [pid 8757] <... close resumed>) = 0 [pid 5063] rmdir("./370" [pid 8757] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... rmdir resumed>) = 0 [pid 8757] <... symlink resumed>) = 0 [pid 8757] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8757] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8757] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 304.201569][ T8752] loop4: detected capacity change from 0 to 4096 [pid 5063] mkdir("./371", 0777 [pid 8757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8754] <... write resumed>) = 2097152 [pid 8757] <... mmap resumed>) = 0x7f6713892000 [pid 5063] <... mkdir resumed>) = 0 [pid 8757] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8757] <... mprotect resumed>) = 0 [pid 8757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8758]}, 88) = 8758 [pid 8757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8757] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8757] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8758 attached [pid 8758] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8758] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8754] munmap(0x7f670b400000, 138412032 [pid 8758] memfd_create("syzkaller", 0) = 3 [pid 8754] <... munmap resumed>) = 0 [pid 8758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8754] ioctl(4, LOOP_SET_FD, 3 [pid 8756] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8758] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8754] <... ioctl resumed>) = 0 [pid 8754] close(3) = 0 [pid 8754] close(4) = 0 [pid 8754] mkdir("./file0", 0777) = 0 [ 304.313902][ T8754] loop0: detected capacity change from 0 to 4096 [pid 8754] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8752] <... mount resumed>) = 0 [pid 8752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8752] chdir("./file0") = 0 [pid 8752] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8752] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8751] <... futex resumed>) = 0 [pid 8752] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8751] exit_group(0 [pid 8752] <... futex resumed>) = ? [pid 8751] <... exit_group resumed>) = ? [pid 8752] +++ exited with 0 +++ [pid 8751] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8751, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5066] umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./365/binderfs") = 0 [pid 5066] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./365/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8759 attached ) = -1 EINVAL (Invalid argument) [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8759 [pid 8759] set_robust_list(0x5555569076a0, 24 [pid 5066] openat(AT_FDCWD, "./365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8759] <... set_robust_list resumed>) = 0 [pid 8759] chdir("./371" [pid 5066] <... openat resumed>) = 4 [pid 8759] <... chdir resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8759] setpgid(0, 0) = 0 [pid 8759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8759] write(3, "1000", 4) = 4 [pid 8759] close(3) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8756] <... write resumed>) = 2097152 [pid 8759] symlink("/dev/binderfs", "./binderfs" [pid 8756] munmap(0x7f670b400000, 138412032 [pid 8754] <... mount resumed>) = 0 [pid 5066] getdents64(4, [pid 8759] <... symlink resumed>) = 0 [pid 8754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8754] <... openat resumed>) = 3 [pid 8754] chdir("./file0") = 0 [pid 8754] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8759] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8756] <... munmap resumed>) = 0 [pid 8754] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] getdents64(4, [pid 8759] <... futex resumed>) = 0 [pid 8759] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8759] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8759] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8754] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8759] <... mprotect resumed>) = 0 [pid 8754] <... futex resumed>) = 1 [pid 8753] <... futex resumed>) = 0 [pid 8759] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8758] <... write resumed>) = 2097152 [pid 8756] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] close(4 [pid 8753] exit_group(0 [pid 5066] <... close resumed>) = 0 [pid 8753] <... exit_group resumed>) = ? [pid 5066] rmdir("./365/file0") = 0 [pid 5066] getdents64(3, [pid 8759] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8760 attached [pid 5066] close(3 [pid 8760] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8759] <... clone3 resumed> => {parent_tid=[8760]}, 88) = 8760 [pid 8758] munmap(0x7f670b400000, 138412032 [pid 8756] <... openat resumed>) = 4 [pid 8754] +++ exited with 0 +++ [pid 8753] +++ exited with 0 +++ [pid 5066] <... close resumed>) = 0 [pid 8760] <... rseq resumed>) = 0 [pid 8759] rt_sigprocmask(SIG_SETMASK, [], [pid 8756] ioctl(4, LOOP_SET_FD, 3 [pid 5066] rmdir("./365" [pid 8760] set_robust_list(0x7f67138b29a0, 24 [pid 8759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8753, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 8760] <... set_robust_list resumed>) = 0 [pid 8759] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... rmdir resumed>) = 0 [pid 5062] umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8760] rt_sigprocmask(SIG_SETMASK, [], [pid 8759] <... futex resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8759] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8760] memfd_create("syzkaller", 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8760] <... memfd_create resumed>) = 3 [pid 5066] mkdir("./366", 0777 [pid 5062] unlink("./363/binderfs" [pid 8760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... unlink resumed>) = 0 [pid 8760] <... mmap resumed>) = 0x7f670b400000 [pid 5062] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8758] <... munmap resumed>) = 0 [pid 8756] <... ioctl resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5062] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8758] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8756] close(3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8756] <... close resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./363/file0", [pid 8756] close(4 [pid 8758] <... openat resumed>) = 4 [pid 8756] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8758] ioctl(4, LOOP_SET_FD, 3 [pid 5062] umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8756] mkdir("./file0", 0777 [pid 8760] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8758] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8758] close(3 [pid 8756] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8758] <... close resumed>) = 0 [pid 8756] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5062] <... openat resumed>) = 4 [pid 8758] close(4) = 0 [pid 8758] mkdir("./file0", 0777) = 0 [pid 5062] newfstatat(4, "", [pid 8758] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... ioctl resumed>) = 0 [ 304.476436][ T8756] loop3: detected capacity change from 0 to 4096 [ 304.508759][ T8758] loop2: detected capacity change from 0 to 4096 [pid 5066] close(3 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 5066] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] rmdir("./363/file0") = 0 [pid 5062] getdents64(3, ./strace-static-x86_64: Process 8761 attached [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8761 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8761] set_robust_list(0x5555569076a0, 24 [pid 5062] close(3 [pid 8761] <... set_robust_list resumed>) = 0 [pid 8761] chdir("./366" [pid 5062] <... close resumed>) = 0 [pid 8761] <... chdir resumed>) = 0 [pid 8756] <... mount resumed>) = 0 [pid 5062] rmdir("./363" [pid 8761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8761] setpgid(0, 0) = 0 [pid 8756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] mkdir("./364", 0777 [pid 8761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8756] <... openat resumed>) = 3 [pid 5062] <... mkdir resumed>) = 0 [pid 8761] <... openat resumed>) = 3 [pid 8756] chdir("./file0" [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8761] write(3, "1000", 4 [pid 8756] <... chdir resumed>) = 0 [pid 8756] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... openat resumed>) = 3 [pid 8761] <... write resumed>) = 4 [pid 8761] close(3) = 0 [pid 8760] <... write resumed>) = 2097152 [pid 8758] <... mount resumed>) = 0 [pid 8756] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8761] symlink("/dev/binderfs", "./binderfs" [pid 8760] munmap(0x7f670b400000, 138412032 [pid 8756] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8761] <... symlink resumed>) = 0 [pid 8760] <... munmap resumed>) = 0 [pid 8758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8756] <... futex resumed>) = 1 [pid 8755] <... futex resumed>) = 0 [pid 8755] exit_group(0) = ? [pid 8761] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8761] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8758] <... openat resumed>) = 3 [pid 8756] +++ exited with 0 +++ [pid 8755] +++ exited with 0 +++ [pid 8761] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8758] chdir("./file0" [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8755, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 8761] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8758] <... chdir resumed>) = 0 [pid 8761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8761] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8758] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8761] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8758] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8761] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8760] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8758] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8762 attached [pid 8760] <... openat resumed>) = 4 [pid 8758] <... futex resumed>) = 1 [pid 8757] <... futex resumed>) = 0 [pid 5065] umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8762] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8761] <... clone3 resumed> => {parent_tid=[8762]}, 88) = 8762 [pid 8758] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8757] exit_group(0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8762] <... rseq resumed>) = 0 [pid 8761] rt_sigprocmask(SIG_SETMASK, [], [pid 8760] ioctl(4, LOOP_SET_FD, 3 [pid 8758] <... futex resumed>) = ? [pid 8757] <... exit_group resumed>) = ? [pid 5065] openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8762] set_robust_list(0x7f67138b29a0, 24 [pid 8761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8758] +++ exited with 0 +++ [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8761] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./366/binderfs", [pid 8762] <... set_robust_list resumed>) = 0 [pid 8761] <... futex resumed>) = 0 [pid 8757] +++ exited with 0 +++ [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./366/binderfs" [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8757, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5065] <... unlink resumed>) = 0 [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 8762] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... restart_syscall resumed>) = 0 [pid 8761] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8762] memfd_create("syzkaller", 0 [pid 5064] umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(3, "", [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8760] <... ioctl resumed>) = 0 [pid 5064] umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8762] <... memfd_create resumed>) = 3 [pid 8760] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8760] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./368/binderfs", [pid 8762] <... mmap resumed>) = 0x7f670b400000 [pid 8760] close(4 [pid 5065] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./368/binderfs") = 0 [pid 5064] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5064] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./368/file0", [pid 8760] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8760] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8760] <... mkdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./366/file0", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "./368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(4, "", [pid 5065] openat(AT_FDCWD, "./366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5064] getdents64(4, [pid 5065] newfstatat(4, "", [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8760] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 5065] close(4 [pid 5064] rmdir("./368/file0" [pid 5065] <... close resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5065] rmdir("./366/file0" [pid 5064] getdents64(3, [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(3, [pid 5064] close(3 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [ 304.638678][ T8760] loop1: detected capacity change from 0 to 4096 [pid 5064] rmdir("./368") = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./366") = 0 [pid 5064] mkdir("./369", 0777) = 0 [pid 5065] mkdir("./367", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8760] <... mount resumed>) = 0 [pid 8762] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... ioctl resumed>) = 0 [pid 8760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8760] chdir("./file0") = 0 [pid 8760] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8760] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8760] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8759] <... futex resumed>) = 0 [pid 8759] exit_group(0 [pid 8760] <... futex resumed>) = ? [pid 8759] <... exit_group resumed>) = ? [pid 8760] +++ exited with 0 +++ [pid 5062] close(3 [pid 8759] +++ exited with 0 +++ [pid 5062] <... close resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8759, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8763 [pid 5063] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 8763 attached [pid 8763] set_robust_list(0x5555569076a0, 24) = 0 [pid 8763] chdir("./364") = 0 [pid 8763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8763] setpgid(0, 0) = 0 [pid 8763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8763] write(3, "1000", 4) = 4 [pid 8763] close(3) = 0 [pid 8763] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8763] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8763] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8763] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", [pid 8763] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8763] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] getdents64(3, [pid 8763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8763] <... mmap resumed>) = 0x7f6713892000 [pid 5063] umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8763] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8763] <... mprotect resumed>) = 0 [pid 8763] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] newfstatat(AT_FDCWD, "./371/binderfs", [pid 8762] <... write resumed>) = 2097152 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./371/binderfs" [pid 8763] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8763] <... clone3 resumed> => {parent_tid=[8764]}, 88) = 8764 [pid 8763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8763] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8763] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] close(3./strace-static-x86_64: Process 8764 attached ) = 0 [pid 8764] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] close(3 [pid 8764] <... rseq resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8764] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8764] rt_sigprocmask(SIG_SETMASK, [], [pid 8762] munmap(0x7f670b400000, 138412032 [pid 5063] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8765 attached [pid 5063] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8765] set_robust_list(0x5555569076a0, 24 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8765 [pid 5063] newfstatat(AT_FDCWD, "./371/file0", [pid 8764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8765] <... set_robust_list resumed>) = 0 [pid 8764] memfd_create("syzkaller", 0 [pid 5063] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8766 attached ) = 4 [pid 8766] set_robust_list(0x5555569076a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8766 [pid 5063] newfstatat(4, "", [pid 8766] <... set_robust_list resumed>) = 0 [pid 8765] chdir("./367" [pid 8766] chdir("./369" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8766] <... chdir resumed>) = 0 [pid 8764] <... memfd_create resumed>) = 3 [pid 8766] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] getdents64(4, [pid 8766] <... prctl resumed>) = 0 [pid 8765] <... chdir resumed>) = 0 [pid 8764] <... mmap resumed>) = 0x7f670b400000 [pid 8766] setpgid(0, 0 [pid 8765] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8765] <... prctl resumed>) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 8766] <... setpgid resumed>) = 0 [pid 5063] rmdir("./371/file0" [pid 8766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... rmdir resumed>) = 0 [pid 8766] <... openat resumed>) = 3 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 8766] write(3, "1000", 4 [pid 8765] setpgid(0, 0 [pid 5063] <... close resumed>) = 0 [pid 8765] <... setpgid resumed>) = 0 [pid 8765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] rmdir("./371" [pid 8766] <... write resumed>) = 4 [pid 8766] close(3) = 0 [pid 8766] symlink("/dev/binderfs", "./binderfs" [pid 8765] <... openat resumed>) = 3 [pid 8762] <... munmap resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8766] <... symlink resumed>) = 0 [pid 8765] write(3, "1000", 4 [pid 8762] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8766] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8765] <... write resumed>) = 4 [pid 8766] <... futex resumed>) = 0 [pid 8765] close(3 [pid 8762] <... openat resumed>) = 4 [pid 8766] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8765] <... close resumed>) = 0 [pid 8762] ioctl(4, LOOP_SET_FD, 3 [pid 8765] symlink("/dev/binderfs", "./binderfs" [pid 5063] mkdir("./372", 0777 [pid 8766] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8766] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8766] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... mkdir resumed>) = 0 [pid 8766] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8765] <... symlink resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8766] <... clone3 resumed> => {parent_tid=[8767]}, 88) = 8767 [pid 5063] <... openat resumed>) = 3 [pid 8766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 8767 attached [pid 8766] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8767] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8766] <... futex resumed>) = 0 [pid 8767] <... rseq resumed>) = 0 [pid 8766] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8765] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8767] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8765] <... futex resumed>) = 0 [pid 8767] memfd_create("syzkaller", 0 [pid 8765] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8762] <... ioctl resumed>) = 0 [pid 8765] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8762] close(3 [pid 8767] <... memfd_create resumed>) = 3 [pid 8765] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8762] <... close resumed>) = 0 [pid 8767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8762] close(4 [pid 8767] <... mmap resumed>) = 0x7f670b400000 [pid 8765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8762] <... close resumed>) = 0 [pid 8765] <... mmap resumed>) = 0x7f6713892000 [ 304.871029][ T8762] loop4: detected capacity change from 0 to 4096 [pid 8762] mkdir("./file0", 0777 [pid 8764] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8765] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8762] <... mkdir resumed>) = 0 [pid 8765] <... mprotect resumed>) = 0 [pid 8762] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8768 attached [pid 8768] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8765] <... clone3 resumed> => {parent_tid=[8768]}, 88) = 8768 [pid 8768] <... rseq resumed>) = 0 [pid 8765] rt_sigprocmask(SIG_SETMASK, [], [pid 8768] set_robust_list(0x7f67138b29a0, 24 [pid 8767] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8768] <... set_robust_list resumed>) = 0 [pid 8765] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8768] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8768] memfd_create("syzkaller", 0 [pid 8765] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8768] <... memfd_create resumed>) = 3 [pid 8768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... ioctl resumed>) = 0 [pid 5063] close(3 [pid 8764] <... write resumed>) = 2097152 [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8769 attached [pid 8764] munmap(0x7f670b400000, 138412032 [pid 8769] set_robust_list(0x5555569076a0, 24 [pid 8764] <... munmap resumed>) = 0 [pid 8769] <... set_robust_list resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8769 [pid 8769] chdir("./372") = 0 [pid 8769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8769] setpgid(0, 0) = 0 [pid 8769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8769] <... openat resumed>) = 3 [pid 8764] ioctl(4, LOOP_SET_FD, 3 [pid 8769] write(3, "1000", 4 [pid 8768] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8767] <... write resumed>) = 2097152 [pid 8769] <... write resumed>) = 4 [pid 8769] close(3) = 0 [pid 8769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8769] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8762] <... mount resumed>) = 0 [pid 8769] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8767] munmap(0x7f670b400000, 138412032 [pid 8762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8762] chdir("./file0" [pid 8769] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8764] <... ioctl resumed>) = 0 [pid 8762] <... chdir resumed>) = 0 [pid 8764] close(3) = 0 [pid 8769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8764] close(4 [pid 8762] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8764] <... close resumed>) = 0 [pid 8769] <... mmap resumed>) = 0x7f6713892000 [pid 8764] mkdir("./file0", 0777) = 0 [pid 8769] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8767] <... munmap resumed>) = 0 [pid 8762] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 305.024774][ T8764] loop0: detected capacity change from 0 to 4096 [pid 8764] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8769] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8768] <... write resumed>) = 2097152 [pid 8767] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8762] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8769] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8767] <... openat resumed>) = 4 [pid 8769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8767] ioctl(4, LOOP_SET_FD, 3 [pid 8762] <... futex resumed>) = 1 ./strace-static-x86_64: Process 8770 attached [pid 8762] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8761] <... futex resumed>) = 0 [pid 8761] exit_group(0) = ? [pid 8762] <... futex resumed>) = ? [pid 8770] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8769] <... clone3 resumed> => {parent_tid=[8770]}, 88) = 8770 [pid 8770] <... rseq resumed>) = 0 [pid 8769] rt_sigprocmask(SIG_SETMASK, [], [pid 8762] +++ exited with 0 +++ [pid 8769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8761] +++ exited with 0 +++ [pid 8770] set_robust_list(0x7f67138b29a0, 24 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8761, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8769] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8768] munmap(0x7f670b400000, 138412032 [pid 8767] <... ioctl resumed>) = 0 [pid 8770] <... set_robust_list resumed>) = 0 [pid 8769] <... futex resumed>) = 0 [pid 8770] rt_sigprocmask(SIG_SETMASK, [], [pid 8769] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8770] memfd_create("syzkaller", 0) = 3 [pid 8767] close(3 [pid 8770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8767] <... close resumed>) = 0 [pid 8768] <... munmap resumed>) = 0 [pid 8770] <... mmap resumed>) = 0x7f670b400000 [pid 8768] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8767] close(4 [pid 5066] umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8767] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8768] <... openat resumed>) = 4 [pid 8767] mkdir("./file0", 0777 [pid 5066] openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8767] <... mkdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8768] ioctl(4, LOOP_SET_FD, 3 [pid 5066] newfstatat(AT_FDCWD, "./366/binderfs", [pid 8767] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./366/binderfs") = 0 [pid 5066] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8764] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8764] chdir("./file0" [pid 5066] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8768] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./366/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8768] close(3 [pid 5066] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8768] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8768] close(4 [pid 5066] openat(AT_FDCWD, "./366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8768] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8768] mkdir("./file0", 0777 [pid 5066] getdents64(4, [pid 8768] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./366/file0" [pid 8768] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./366") = 0 [ 305.089732][ T8767] loop2: detected capacity change from 0 to 4096 [ 305.122712][ T8768] loop3: detected capacity change from 0 to 4096 [pid 5066] mkdir("./367", 0777 [pid 8764] <... chdir resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 8764] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8764] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... openat resumed>) = 3 [pid 8764] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8767] <... mount resumed>) = 0 [pid 8764] <... futex resumed>) = 1 [pid 8763] <... futex resumed>) = 0 [pid 8764] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8763] exit_group(0 [pid 8767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8767] chdir("./file0" [pid 8764] <... futex resumed>) = ? [pid 8763] <... exit_group resumed>) = ? [pid 8767] <... chdir resumed>) = 0 [pid 8764] +++ exited with 0 +++ [pid 8767] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8767] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8763] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8763, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8767] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8766] <... futex resumed>) = 0 [pid 8766] exit_group(0 [pid 8767] <... futex resumed>) = ? [pid 8766] <... exit_group resumed>) = ? [pid 5062] umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8770] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8767] +++ exited with 0 +++ [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8766] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8766, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] unlink("./364/binderfs" [pid 5064] umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] <... unlink resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./364/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8768] <... mount resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8768] chdir("./file0") = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8768] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] openat(AT_FDCWD, "./364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8768] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] newfstatat(AT_FDCWD, "./369/binderfs", [pid 5062] <... openat resumed>) = 4 [pid 8768] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8765] <... futex resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8768] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8765] exit_group(0 [pid 8768] <... futex resumed>) = ? [pid 8765] <... exit_group resumed>) = ? [pid 5064] unlink("./369/binderfs" [pid 5062] newfstatat(4, "", [pid 8768] +++ exited with 0 +++ [pid 8765] +++ exited with 0 +++ [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8765, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8770] <... write resumed>) = 2097152 [pid 5064] <... unlink resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8771 attached [pid 8771] set_robust_list(0x5555569076a0, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8771 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 5064] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] getdents64(4, [pid 5065] <... restart_syscall resumed>) = 0 [pid 8771] <... set_robust_list resumed>) = 0 [pid 8771] chdir("./367" [pid 5065] umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8771] <... chdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] getdents64(4, [pid 5065] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8771] setpgid(0, 0) = 0 [pid 8771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] newfstatat(3, "", [pid 5064] <... umount2 resumed>) = 0 [pid 5062] close(4) = 0 [pid 8771] write(3, "1000", 4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] rmdir("./364/file0" [pid 8771] <... write resumed>) = 4 [pid 5065] getdents64(3, [pid 8771] close(3 [pid 8770] munmap(0x7f670b400000, 138412032 [pid 8771] <... close resumed>) = 0 [pid 8771] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... rmdir resumed>) = 0 [pid 5065] umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] close(3 [pid 5065] newfstatat(AT_FDCWD, "./367/binderfs", [pid 5064] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8771] <... symlink resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... close resumed>) = 0 [pid 5065] unlink("./367/binderfs" [pid 5064] newfstatat(AT_FDCWD, "./369/file0", [pid 5062] rmdir("./364" [pid 5065] <... unlink resumed>) = 0 [pid 8771] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8771] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... rmdir resumed>) = 0 [pid 5065] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8771] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] mkdir("./365", 0777 [pid 8771] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8770] <... munmap resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... mkdir resumed>) = 0 [pid 8771] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] openat(AT_FDCWD, "./369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8771] <... mprotect resumed>) = 0 [pid 8771] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... umount2 resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8771] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... openat resumed>) = 4 [pid 8771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8770] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 5062] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8772 attached [pid 8770] <... openat resumed>) = 4 [pid 8772] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8771] <... clone3 resumed> => {parent_tid=[8772]}, 88) = 8772 [pid 8772] <... rseq resumed>) = 0 [pid 8771] rt_sigprocmask(SIG_SETMASK, [], [pid 8770] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8772] set_robust_list(0x7f67138b29a0, 24 [pid 8771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] newfstatat(AT_FDCWD, "./367/file0", [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8771] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./369/file0" [pid 5065] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8771] <... futex resumed>) = 0 [pid 8772] <... set_robust_list resumed>) = 0 [pid 8771] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... rmdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8772] memfd_create("syzkaller", 0 [pid 5065] <... openat resumed>) = 4 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(4, "", [pid 5064] close(3 [pid 8770] <... ioctl resumed>) = 0 [pid 8770] close(3) = 0 [pid 8770] close(4) = 0 [pid 8770] mkdir("./file0", 0777 [pid 8772] <... memfd_create resumed>) = 3 [pid 8770] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... close resumed>) = 0 [pid 8772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8770] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5065] getdents64(4, [pid 5064] rmdir("./369") = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] mkdir("./370", 0777 [pid 5065] getdents64(4, [pid 5064] <... mkdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5065] rmdir("./367/file0" [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./367") = 0 [pid 5065] mkdir("./368", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 305.303764][ T8770] loop1: detected capacity change from 0 to 4096 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8770] <... mount resumed>) = 0 [pid 8770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8770] chdir("./file0") = 0 [pid 8770] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5062] <... ioctl resumed>) = 0 [pid 8770] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8769] <... futex resumed>) = 0 [pid 8769] exit_group(0) = ? [pid 5062] close(3 [pid 8770] +++ exited with 0 +++ [pid 8769] +++ exited with 0 +++ [pid 5062] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8769, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- ./strace-static-x86_64: Process 8773 attached [pid 8772] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8773 [pid 8773] set_robust_list(0x5555569076a0, 24) = 0 [pid 8773] chdir("./365") = 0 [pid 8773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8773] setpgid(0, 0) = 0 [pid 8773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8773] write(3, "1000", 4) = 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8773] close(3) = 0 [pid 8773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8773] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] close(3 [pid 5064] close(3 [pid 5065] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] newfstatat(3, "", [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8773] <... futex resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8773] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8773] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8773] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] getdents64(3, [pid 8773] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8775 attached ./strace-static-x86_64: Process 8774 attached [pid 8773] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8775] set_robust_list(0x5555569076a0, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8774 [pid 8774] set_robust_list(0x5555569076a0, 24 [pid 8775] <... set_robust_list resumed>) = 0 [pid 8773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8774] <... set_robust_list resumed>) = 0 [pid 8774] chdir("./368" [pid 8773] <... clone3 resumed> => {parent_tid=[8776]}, 88) = 8776 [pid 8774] <... chdir resumed>) = 0 [pid 8773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] newfstatat(AT_FDCWD, "./372/binderfs", [pid 8774] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8775] chdir("./370" [pid 8773] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8775 ./strace-static-x86_64: Process 8776 attached [pid 8774] <... prctl resumed>) = 0 [pid 8773] <... futex resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8776] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8774] setpgid(0, 0 [pid 8775] <... chdir resumed>) = 0 [pid 8773] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] unlink("./372/binderfs" [pid 8776] <... rseq resumed>) = 0 [pid 8774] <... setpgid resumed>) = 0 [pid 8775] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8776] set_robust_list(0x7f67138b29a0, 24 [pid 8774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... unlink resumed>) = 0 [pid 8776] <... set_robust_list resumed>) = 0 [pid 8774] <... openat resumed>) = 3 [pid 8775] <... prctl resumed>) = 0 [pid 8772] <... write resumed>) = 2097152 [pid 5063] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8776] rt_sigprocmask(SIG_SETMASK, [], [pid 8774] write(3, "1000", 4 [pid 8775] setpgid(0, 0 [pid 8776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8774] <... write resumed>) = 4 [pid 8772] munmap(0x7f670b400000, 138412032 [pid 8776] memfd_create("syzkaller", 0 [pid 8774] close(3 [pid 8775] <... setpgid resumed>) = 0 [pid 8772] <... munmap resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8776] <... memfd_create resumed>) = 3 [pid 8774] <... close resumed>) = 0 [pid 8775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8775] <... openat resumed>) = 3 [pid 5063] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8775] write(3, "1000", 4) = 4 [pid 8775] close(3) = 0 [pid 8775] symlink("/dev/binderfs", "./binderfs" [pid 8776] <... mmap resumed>) = 0x7f670b400000 [pid 8774] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8775] <... symlink resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8774] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5063] newfstatat(AT_FDCWD, "./372/file0", [pid 8774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8774] <... mmap resumed>) = 0x7f6713892000 [pid 8772] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... openat resumed>) = 4 [pid 8774] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8772] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", [pid 8774] <... mprotect resumed>) = 0 [pid 8775] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8772] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8774] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8775] <... futex resumed>) = 0 [pid 5063] getdents64(4, [pid 8774] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8777]}, 88) = 8777 [pid 8774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8774] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8777 attached ) = 0 [pid 8777] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8774] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] getdents64(4, [pid 8775] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8775] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] close(4 [pid 8775] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... close resumed>) = 0 [pid 8775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] rmdir("./372/file0" [pid 8777] <... rseq resumed>) = 0 [pid 8775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8777] set_robust_list(0x7f67138b29a0, 24 [pid 8775] <... mmap resumed>) = 0x7f6713892000 [pid 8777] <... set_robust_list resumed>) = 0 [pid 8775] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] getdents64(3, [pid 8777] rt_sigprocmask(SIG_SETMASK, [], [pid 8776] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8775] <... mprotect resumed>) = 0 [pid 8772] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] close(3./strace-static-x86_64: Process 8778 attached ) = 0 [pid 8778] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8775] <... clone3 resumed> => {parent_tid=[8778]}, 88) = 8778 [pid 5063] rmdir("./372" [pid 8778] <... rseq resumed>) = 0 [pid 8775] rt_sigprocmask(SIG_SETMASK, [], [pid 8778] set_robust_list(0x7f67138b29a0, 24 [pid 8777] memfd_create("syzkaller", 0 [pid 8775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8772] close(3 [pid 5063] <... rmdir resumed>) = 0 [pid 8778] <... set_robust_list resumed>) = 0 [pid 8775] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8778] memfd_create("syzkaller", 0 [pid 8775] <... futex resumed>) = 0 [pid 8772] <... close resumed>) = 0 [pid 8772] close(4 [pid 8775] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] mkdir("./373", 0777 [pid 8777] <... memfd_create resumed>) = 3 [pid 8772] <... close resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8772] mkdir("./file0", 0777 [pid 8777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8772] <... mkdir resumed>) = 0 [pid 8778] <... memfd_create resumed>) = 3 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... openat resumed>) = 3 [pid 8778] <... mmap resumed>) = 0x7f670b400000 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8777] <... mmap resumed>) = 0x7f670b400000 [ 305.513143][ T8772] loop4: detected capacity change from 0 to 4096 [pid 8772] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8776] <... write resumed>) = 2097152 [pid 8776] munmap(0x7f670b400000, 138412032) = 0 [pid 8778] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8772] <... mount resumed>) = 0 [pid 8776] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8777] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8776] <... openat resumed>) = 4 [pid 8772] <... openat resumed>) = 3 [pid 8776] ioctl(4, LOOP_SET_FD, 3 [pid 8772] chdir("./file0") = 0 [pid 8772] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8772] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... ioctl resumed>) = 0 [pid 8772] <... futex resumed>) = 1 [pid 8771] <... futex resumed>) = 0 [pid 8776] <... ioctl resumed>) = 0 [pid 8772] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8771] exit_group(0 [pid 5063] close(3 [pid 8772] <... futex resumed>) = ? [pid 8771] <... exit_group resumed>) = ? [pid 8776] close(3) = 0 [pid 8772] +++ exited with 0 +++ [pid 5063] <... close resumed>) = 0 [pid 8776] close(4 [pid 8771] +++ exited with 0 +++ [pid 8776] <... close resumed>) = 0 [pid 8776] mkdir("./file0", 0777 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8771, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 8776] <... mkdir resumed>) = 0 [pid 5066] <... restart_syscall resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8778] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 8779 attached [pid 8776] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] <... openat resumed>) = 3 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8779 [pid 8779] set_robust_list(0x5555569076a0, 24 [pid 5066] newfstatat(3, "", [pid 8779] <... set_robust_list resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8779] chdir("./373" [pid 8778] munmap(0x7f670b400000, 138412032 [pid 5066] getdents64(3, [pid 8779] <... chdir resumed>) = 0 [pid 8778] <... munmap resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8779] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8779] <... prctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8779] setpgid(0, 0 [pid 5066] newfstatat(AT_FDCWD, "./367/binderfs", [pid 8779] <... setpgid resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] unlink("./367/binderfs" [pid 8779] <... openat resumed>) = 3 [pid 8779] write(3, "1000", 4) = 4 [pid 5066] <... unlink resumed>) = 0 [pid 8779] close(3 [ 305.648453][ T8776] loop0: detected capacity change from 0 to 4096 [pid 5066] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8779] <... close resumed>) = 0 [pid 8779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8779] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8779] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8779] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8778] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8779] <... mmap resumed>) = 0x7f6713892000 [pid 8778] <... openat resumed>) = 4 [pid 8776] <... mount resumed>) = 0 [pid 8779] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8778] ioctl(4, LOOP_SET_FD, 3 [pid 8776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 8779] <... mprotect resumed>) = 0 [pid 8777] <... write resumed>) = 2097152 [pid 8776] <... openat resumed>) = 3 [pid 5066] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8779] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8776] chdir("./file0" [pid 8777] munmap(0x7f670b400000, 138412032 [pid 5066] newfstatat(AT_FDCWD, "./367/file0", [pid 8776] <... chdir resumed>) = 0 [pid 8776] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8779] <... clone3 resumed> => {parent_tid=[8780]}, 88) = 8780 [pid 8779] rt_sigprocmask(SIG_SETMASK, [], [pid 8776] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8776] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8776] <... futex resumed>) = 1 [pid 8773] <... futex resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8780 attached [pid 8779] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8776] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8773] exit_group(0 [pid 5066] <... openat resumed>) = 4 [pid 8778] <... ioctl resumed>) = 0 [pid 8777] <... munmap resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8773] <... exit_group resumed>) = ? [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8779] <... futex resumed>) = 0 [pid 8776] <... futex resumed>) = ? [pid 8780] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5066] getdents64(4, [pid 8779] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8778] close(3 [pid 8777] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8780] <... rseq resumed>) = 0 [pid 8778] <... close resumed>) = 0 [pid 8777] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8780] set_robust_list(0x7f67138b29a0, 24 [pid 8778] close(4 [pid 8777] ioctl(4, LOOP_SET_FD, 3 [pid 8780] <... set_robust_list resumed>) = 0 [pid 8776] +++ exited with 0 +++ [pid 8773] +++ exited with 0 +++ [pid 5066] getdents64(4, [pid 8780] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8780] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] close(4 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8773, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8778] <... close resumed>) = 0 [pid 8777] <... ioctl resumed>) = 0 [pid 8780] memfd_create("syzkaller", 0 [pid 8778] mkdir("./file0", 0777 [pid 8777] close(3 [pid 5066] <... close resumed>) = 0 [pid 5062] umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8780] <... memfd_create resumed>) = 3 [pid 8778] <... mkdir resumed>) = 0 [pid 8777] <... close resumed>) = 0 [pid 5066] rmdir("./367/file0" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8778] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8777] close(4 [pid 5062] openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... rmdir resumed>) = 0 [pid 8780] <... mmap resumed>) = 0x7f670b400000 [pid 8777] <... close resumed>) = 0 [pid 5066] getdents64(3, [pid 5062] <... openat resumed>) = 3 [pid 8777] mkdir("./file0", 0777 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] newfstatat(3, "", [pid 8777] <... mkdir resumed>) = 0 [pid 5066] close(3) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] rmdir("./367" [pid 5062] getdents64(3, [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [ 305.726162][ T8778] loop2: detected capacity change from 0 to 4096 [ 305.762260][ T8777] loop3: detected capacity change from 0 to 4096 [pid 8777] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5062] umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] mkdir("./368", 0777 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... mkdir resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./365/binderfs") = 0 [pid 5062] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8778] <... mount resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5062] <... umount2 resumed>) = 0 [pid 8780] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8778] <... openat resumed>) = 3 [pid 8778] chdir("./file0") = 0 [pid 8778] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5062] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./365/file0", [pid 8778] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8777] <... mount resumed>) = 0 [pid 8775] <... futex resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8775] exit_group(0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8775] <... exit_group resumed>) = ? [pid 5062] openat(AT_FDCWD, "./365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8778] +++ exited with 0 +++ [pid 8775] +++ exited with 0 +++ [pid 5062] newfstatat(4, "", [pid 8777] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8775, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 8777] <... openat resumed>) = 3 [pid 8777] chdir("./file0") = 0 [pid 5064] umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8777] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8777] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8777] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8777] <... futex resumed>) = 1 [pid 8774] <... futex resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 5062] getdents64(4, [pid 8774] exit_group(0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8774] <... exit_group resumed>) = ? [pid 5064] getdents64(3, [pid 5062] close(4 [pid 8777] +++ exited with 0 +++ [pid 8774] +++ exited with 0 +++ [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... close resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8774, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5064] umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] rmdir("./365/file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./370/binderfs", [pid 5062] <... rmdir resumed>) = 0 [pid 5065] umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] unlink("./370/binderfs" [pid 5062] getdents64(3, [pid 5065] openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... unlink resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5064] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] close(3 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./365" [pid 8780] <... write resumed>) = 2097152 [pid 5065] unlink("./368/binderfs") = 0 [pid 5065] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 8780] munmap(0x7f670b400000, 138412032 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] mkdir("./366", 0777 [pid 8780] <... munmap resumed>) = 0 [pid 5066] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./370/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 8781 attached [pid 8780] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... openat resumed>) = 3 [pid 8781] set_robust_list(0x5555569076a0, 24 [pid 5065] newfstatat(AT_FDCWD, "./368/file0", [pid 8781] <... set_robust_list resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8781] chdir("./368" [pid 8780] <... openat resumed>) = 4 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8781 [pid 5065] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 8781] <... chdir resumed>) = 0 [pid 8780] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] openat(AT_FDCWD, "./368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(4, [pid 8781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] <... openat resumed>) = 4 [pid 8781] setpgid(0, 0 [pid 5065] newfstatat(4, "", [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8781] <... setpgid resumed>) = 0 [pid 8780] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8780] close(3 [pid 5065] getdents64(4, [pid 5064] getdents64(4, [pid 8780] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8781] <... openat resumed>) = 3 [pid 8780] close(4 [pid 5064] close(4 [pid 8781] write(3, "1000", 4 [pid 8780] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 8781] <... write resumed>) = 4 [pid 8781] close(3 [pid 8780] mkdir("./file0", 0777 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 5065] close(4 [pid 5064] rmdir("./370/file0") = 0 [pid 8781] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./368/file0") = 0 [pid 5064] getdents64(3, [pid 8780] <... mkdir resumed>) = 0 [pid 8781] symlink("/dev/binderfs", "./binderfs" [pid 5065] getdents64(3, [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 8781] <... symlink resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8781] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] close(3 [pid 5064] rmdir("./370" [pid 8780] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8781] <... futex resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8781] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5065] rmdir("./368" [pid 5064] mkdir("./371", 0777 [pid 8781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] <... rmdir resumed>) = 0 [pid 8781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... mkdir resumed>) = 0 [ 305.958761][ T8780] loop1: detected capacity change from 0 to 4096 [pid 8781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5065] mkdir("./369", 0777 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... mkdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8781] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8781] <... mprotect resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8782 attached [pid 8782] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8781] <... clone3 resumed> => {parent_tid=[8782]}, 88) = 8782 [pid 8782] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8781] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8781] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... ioctl resumed>) = 0 [pid 8782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8783 attached [pid 8783] set_robust_list(0x5555569076a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8783 [pid 8783] <... set_robust_list resumed>) = 0 [pid 8782] memfd_create("syzkaller", 0 [pid 8783] chdir("./366") = 0 [pid 8782] <... memfd_create resumed>) = 3 [pid 8780] <... mount resumed>) = 0 [pid 8783] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8780] chdir("./file0" [pid 8782] <... mmap resumed>) = 0x7f670b400000 [pid 8780] <... chdir resumed>) = 0 [pid 8780] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8783] <... prctl resumed>) = 0 [pid 8783] setpgid(0, 0 [pid 8780] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8783] <... setpgid resumed>) = 0 [pid 8783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8780] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8779] <... futex resumed>) = 0 [pid 8779] exit_group(0) = ? [pid 8783] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8784 attached [pid 8780] +++ exited with 0 +++ [pid 8779] +++ exited with 0 +++ [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8784 [pid 8784] set_robust_list(0x5555569076a0, 24) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8779, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 8783] write(3, "1000", 4 [pid 8784] chdir("./371" [pid 5063] umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8783] <... write resumed>) = 4 [pid 5063] <... openat resumed>) = 3 [pid 8783] close(3 [pid 5063] newfstatat(3, "", [pid 8784] <... chdir resumed>) = 0 [pid 8783] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 8783] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8784] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8783] <... symlink resumed>) = 0 [pid 5063] umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8784] <... prctl resumed>) = 0 [pid 8783] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8784] setpgid(0, 0 [pid 8783] <... futex resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./373/binderfs", [pid 8784] <... setpgid resumed>) = 0 [pid 8783] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8783] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] unlink("./373/binderfs" [pid 8784] <... openat resumed>) = 3 [pid 8783] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8784] write(3, "1000", 4 [pid 8783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8783] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8784] <... write resumed>) = 4 [pid 8783] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... ioctl resumed>) = 0 [pid 8783] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8785]}, 88) = 8785 [pid 5063] <... umount2 resumed>) = 0 [pid 8784] close(3 [pid 8783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8783] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8785 attached [pid 8783] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8785] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8785] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8785] memfd_create("syzkaller", 0 [pid 8784] <... close resumed>) = 0 [pid 5063] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8784] symlink("/dev/binderfs", "./binderfs" [pid 5063] newfstatat(AT_FDCWD, "./373/file0", [pid 5065] close(3) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8785] <... memfd_create resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8786 attached [pid 8785] <... mmap resumed>) = 0x7f670b400000 [pid 5063] <... openat resumed>) = 4 [pid 8786] set_robust_list(0x5555569076a0, 24 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 8786] <... set_robust_list resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8786] chdir("./369" [pid 5063] getdents64(4, [pid 8786] <... chdir resumed>) = 0 [pid 8784] <... symlink resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8786 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] close(4 [pid 8786] setpgid(0, 0 [pid 5063] <... close resumed>) = 0 [pid 8786] <... setpgid resumed>) = 0 [pid 8784] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] rmdir("./373/file0" [pid 8786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8784] <... futex resumed>) = 0 [pid 8786] <... openat resumed>) = 3 [pid 8786] write(3, "1000", 4 [pid 5063] <... rmdir resumed>) = 0 [pid 8786] <... write resumed>) = 4 [pid 8786] close(3) = 0 [pid 8786] symlink("/dev/binderfs", "./binderfs" [pid 8784] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] getdents64(3, [pid 8786] <... symlink resumed>) = 0 [pid 8784] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8786] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8782] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] close(3 [pid 8786] <... futex resumed>) = 0 [pid 8784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] <... close resumed>) = 0 [pid 8786] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] rmdir("./373" [pid 8786] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8784] <... mmap resumed>) = 0x7f6713892000 [pid 5063] <... rmdir resumed>) = 0 [pid 8786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8784] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] mkdir("./374", 0777 [pid 8786] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8785] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8784] <... mprotect resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8786] <... mmap resumed>) = 0x7f6713892000 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8786] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... openat resumed>) = 3 [pid 8786] <... mprotect resumed>) = 0 [pid 8784] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8786] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8784] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8786] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8787 attached [pid 8787] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8784] <... clone3 resumed> => {parent_tid=[8787]}, 88) = 8787 [pid 8787] <... rseq resumed>) = 0 [pid 8784] rt_sigprocmask(SIG_SETMASK, [], [pid 8787] set_robust_list(0x7f67138b29a0, 24 [pid 8784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8784] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8787] <... set_robust_list resumed>) = 0 [pid 8784] <... futex resumed>) = 0 [pid 8787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8784] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8786] <... clone3 resumed> => {parent_tid=[8788]}, 88) = 8788 [pid 8786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8786] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8786] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8788 attached [pid 8787] memfd_create("syzkaller", 0 [pid 8788] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8788] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8787] <... memfd_create resumed>) = 3 [pid 8788] rt_sigprocmask(SIG_SETMASK, [], [pid 8787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8787] <... mmap resumed>) = 0x7f670b400000 [pid 8788] memfd_create("syzkaller", 0 [pid 8782] <... write resumed>) = 2097152 [pid 8788] <... memfd_create resumed>) = 3 [pid 8788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8782] munmap(0x7f670b400000, 138412032) = 0 [pid 8785] <... write resumed>) = 2097152 [pid 8785] munmap(0x7f670b400000, 138412032 [pid 8788] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8787] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8782] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5063] <... ioctl resumed>) = 0 [pid 8782] ioctl(4, LOOP_SET_FD, 3 [pid 5063] close(3 [pid 8785] <... munmap resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ./strace-static-x86_64: Process 8789 attached [pid 8785] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8789 [pid 8789] set_robust_list(0x5555569076a0, 24) = 0 [pid 8785] <... ioctl resumed>) = 0 [pid 8782] <... ioctl resumed>) = 0 [pid 8789] chdir("./374" [pid 8787] <... write resumed>) = 2097152 [pid 8782] close(3 [pid 8789] <... chdir resumed>) = 0 [pid 8789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8789] setpgid(0, 0) = 0 [pid 8782] <... close resumed>) = 0 [pid 8782] close(4) = 0 [pid 8782] mkdir("./file0", 0777) = 0 [pid 8782] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8787] munmap(0x7f670b400000, 138412032 [pid 8785] close(3) = 0 [pid 8785] close(4 [pid 8789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8785] <... close resumed>) = 0 [pid 8785] mkdir("./file0", 0777 [pid 8789] <... openat resumed>) = 3 [pid 8785] <... mkdir resumed>) = 0 [pid 8785] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [ 306.275934][ T8782] loop4: detected capacity change from 0 to 4096 [ 306.289908][ T8785] loop0: detected capacity change from 0 to 4096 [pid 8789] write(3, "1000", 4) = 4 [pid 8789] close(3) = 0 [pid 8787] <... munmap resumed>) = 0 [pid 8789] symlink("/dev/binderfs", "./binderfs" [pid 8787] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8789] <... symlink resumed>) = 0 [pid 8788] <... write resumed>) = 2097152 [pid 8787] <... openat resumed>) = 4 [pid 8787] ioctl(4, LOOP_SET_FD, 3 [pid 8788] munmap(0x7f670b400000, 138412032 [pid 8789] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8789] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8788] <... munmap resumed>) = 0 [pid 8785] <... mount resumed>) = 0 [pid 8789] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8782] <... mount resumed>) = 0 [pid 8789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8785] <... openat resumed>) = 3 [pid 8789] <... mmap resumed>) = 0x7f6713892000 [pid 8785] chdir("./file0" [pid 8789] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8785] <... chdir resumed>) = 0 [pid 8789] <... mprotect resumed>) = 0 [pid 8787] <... ioctl resumed>) = 0 [pid 8785] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8787] close(3 [pid 8785] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8789] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8785] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8787] <... close resumed>) = 0 [pid 8785] <... futex resumed>) = 1 [pid 8783] <... futex resumed>) = 0 [pid 8782] <... openat resumed>) = 3 [pid 8789] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8787] close(4 [pid 8785] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 306.356684][ T8787] loop2: detected capacity change from 0 to 4096 [pid 8783] exit_group(0 [pid 8782] chdir("./file0" [pid 8789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8787] <... close resumed>) = 0 [pid 8788] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8787] mkdir("./file0", 0777 [pid 8788] ioctl(4, LOOP_SET_FD, 3 [pid 8789] <... clone3 resumed> => {parent_tid=[8790]}, 88) = 8790 [pid 8787] <... mkdir resumed>) = 0 [pid 8789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8789] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8787] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8783] <... exit_group resumed>) = ? [pid 8782] <... chdir resumed>) = 0 [pid 8785] <... futex resumed>) = ? ./strace-static-x86_64: Process 8790 attached [pid 8782] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8790] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8782] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8790] <... rseq resumed>) = 0 [pid 8782] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8790] set_robust_list(0x7f67138b29a0, 24 [pid 8782] <... futex resumed>) = 1 [pid 8781] <... futex resumed>) = 0 [pid 8790] <... set_robust_list resumed>) = 0 [pid 8782] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8781] exit_group(0 [pid 8790] rt_sigprocmask(SIG_SETMASK, [], [pid 8782] <... futex resumed>) = ? [pid 8781] <... exit_group resumed>) = ? [pid 8790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8782] +++ exited with 0 +++ [pid 8790] memfd_create("syzkaller", 0) = 3 [pid 8790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8789] <... futex resumed>) = 0 [pid 8785] +++ exited with 0 +++ [pid 8783] +++ exited with 0 +++ [pid 8781] +++ exited with 0 +++ [pid 8789] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8788] <... ioctl resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8783, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 8788] close(3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8781, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8788] <... close resumed>) = 0 [pid 5066] umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8788] close(4) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8788] mkdir("./file0", 0777) = 0 [pid 5066] openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8788] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5062] openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./366/binderfs") = 0 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8787] <... mount resumed>) = 0 [ 306.399706][ T8788] loop3: detected capacity change from 0 to 4096 [pid 5066] getdents64(3, [pid 5062] <... umount2 resumed>) = 0 [pid 8787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8787] <... openat resumed>) = 3 [pid 5066] umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8787] chdir("./file0") = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8787] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] newfstatat(AT_FDCWD, "./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8787] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] unlink("./368/binderfs" [pid 8787] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... unlink resumed>) = 0 [pid 5062] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8787] <... futex resumed>) = 1 [pid 5066] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8787] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] newfstatat(AT_FDCWD, "./366/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8784] <... futex resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8784] exit_group(0 [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 8787] <... futex resumed>) = ? [pid 8784] <... exit_group resumed>) = ? [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./366/file0") = 0 [pid 8787] +++ exited with 0 +++ [pid 8784] +++ exited with 0 +++ [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./366") = 0 [pid 5062] mkdir("./367", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8790] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8784, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5062] <... openat resumed>) = 3 [pid 5064] umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5066] newfstatat(AT_FDCWD, "./368/file0", [pid 5064] openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 5066] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... openat resumed>) = 4 [pid 5064] newfstatat(AT_FDCWD, "./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(4, "", [pid 5064] unlink("./371/binderfs") = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 8788] <... mount resumed>) = 0 [pid 5066] rmdir("./368/file0" [pid 8788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8788] chdir("./file0" [pid 5064] <... umount2 resumed>) = 0 [pid 8788] <... chdir resumed>) = 0 [pid 8788] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5066] <... rmdir resumed>) = 0 [pid 8788] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8788] <... futex resumed>) = 1 [pid 8786] <... futex resumed>) = 0 [pid 8788] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] getdents64(3, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(AT_FDCWD, "./371/file0", [pid 5066] close(3 [pid 8786] exit_group(0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] rmdir("./368" [pid 5064] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8788] <... futex resumed>) = ? [pid 8786] <... exit_group resumed>) = ? [pid 8788] +++ exited with 0 +++ [pid 8786] +++ exited with 0 +++ [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8786, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5065] umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] openat(AT_FDCWD, "./371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] mkdir("./369", 0777 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... openat resumed>) = 4 [pid 5065] umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5065] unlink("./369/binderfs") = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8790] <... write resumed>) = 2097152 [pid 5065] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./371/file0" [pid 8790] munmap(0x7f670b400000, 138412032 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8790] <... munmap resumed>) = 0 [pid 5065] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./371") = 0 [pid 5064] mkdir("./372", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... mkdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./369/file0", [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] openat(AT_FDCWD, "./369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./369/file0" [pid 8790] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... rmdir resumed>) = 0 [pid 8790] <... openat resumed>) = 4 [pid 5065] getdents64(3, [pid 8790] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... ioctl resumed>) = 0 [pid 8790] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 8790] close(3 [pid 5062] <... close resumed>) = 0 [pid 8790] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8790] close(4 [pid 5065] close(3 [pid 8790] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./369" [pid 8790] mkdir("./file0", 0777 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./370", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 8791 attached [pid 8790] <... mkdir resumed>) = 0 [pid 8791] set_robust_list(0x5555569076a0, 24 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8791 [pid 8791] <... set_robust_list resumed>) = 0 [pid 8790] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8791] chdir("./367") = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 8791] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] close(3 [pid 8791] <... prctl resumed>) = 0 [pid 8791] setpgid(0, 0 [pid 5066] <... close resumed>) = 0 [pid 8791] <... setpgid resumed>) = 0 [ 306.592182][ T8790] loop1: detected capacity change from 0 to 4096 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] close(3./strace-static-x86_64: Process 8792 attached [pid 8791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8792] set_robust_list(0x5555569076a0, 24) = 0 [pid 8791] <... openat resumed>) = 3 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8792 [pid 8792] chdir("./369") = 0 [pid 8792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8792] setpgid(0, 0) = 0 [pid 8792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8792] write(3, "1000", 4) = 4 [pid 8792] close(3) = 0 [pid 8792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8792] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 8792] <... futex resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8793 attached [pid 8792] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8791] write(3, "1000", 4 [pid 8793] set_robust_list(0x5555569076a0, 24 [pid 8791] <... write resumed>) = 4 [pid 8793] <... set_robust_list resumed>) = 0 [pid 8792] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8793 [pid 8790] <... mount resumed>) = 0 [pid 8792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8793] chdir("./372" [pid 8792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8791] close(3 [pid 8790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8793] <... chdir resumed>) = 0 [pid 8792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8791] <... close resumed>) = 0 [pid 8793] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8792] <... mmap resumed>) = 0x7f6713892000 [pid 8791] symlink("/dev/binderfs", "./binderfs" [pid 8790] <... openat resumed>) = 3 [pid 5065] <... ioctl resumed>) = 0 [pid 8793] <... prctl resumed>) = 0 [pid 8792] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8793] setpgid(0, 0 [pid 8792] <... mprotect resumed>) = 0 [pid 8793] <... setpgid resumed>) = 0 [pid 8792] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8791] <... symlink resumed>) = 0 [pid 8790] chdir("./file0" [pid 8793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8792] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8791] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8790] <... chdir resumed>) = 0 [pid 8793] <... openat resumed>) = 3 [pid 8792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8791] <... futex resumed>) = 0 [pid 8790] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8794 attached [pid 8793] write(3, "1000", 4 [pid 8791] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] close(3 [pid 8794] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8793] <... write resumed>) = 4 [pid 8790] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8791] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8793] close(3 [pid 8791] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8790] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8793] <... close resumed>) = 0 [pid 8792] <... clone3 resumed> => {parent_tid=[8794]}, 88) = 8794 [pid 8792] rt_sigprocmask(SIG_SETMASK, [], [pid 8794] <... rseq resumed>) = 0 [pid 8792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8794] set_robust_list(0x7f67138b29a0, 24 [pid 8792] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... close resumed>) = 0 [pid 8794] <... set_robust_list resumed>) = 0 [pid 8792] <... futex resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8794] rt_sigprocmask(SIG_SETMASK, [], [pid 8792] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8794] memfd_create("syzkaller", 0./strace-static-x86_64: Process 8795 attached [pid 8793] symlink("/dev/binderfs", "./binderfs" [pid 8791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8790] <... futex resumed>) = 1 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8795 [pid 8795] set_robust_list(0x5555569076a0, 24 [pid 8793] <... symlink resumed>) = 0 [pid 8791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8790] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8789] <... futex resumed>) = 0 [pid 8795] <... set_robust_list resumed>) = 0 [pid 8794] <... memfd_create resumed>) = 3 [pid 8793] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8791] <... mmap resumed>) = 0x7f6713892000 [pid 8789] exit_group(0 [pid 8795] chdir("./370" [pid 8794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8793] <... futex resumed>) = 0 [pid 8791] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8790] <... futex resumed>) = ? [pid 8789] <... exit_group resumed>) = ? [pid 8795] <... chdir resumed>) = 0 [pid 8794] <... mmap resumed>) = 0x7f670b400000 [pid 8793] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8791] <... mprotect resumed>) = 0 [pid 8790] +++ exited with 0 +++ [pid 8795] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8793] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8791] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8793] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8795] <... prctl resumed>) = 0 [pid 8793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8795] setpgid(0, 0 [pid 8793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8791] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8789] +++ exited with 0 +++ [pid 8793] <... mmap resumed>) = 0x7f6713892000 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8789, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8791] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8795] <... setpgid resumed>) = 0 [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 8795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8791] <... clone3 resumed> => {parent_tid=[8796]}, 88) = 8796 [pid 8791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8795] <... openat resumed>) = 3 [pid 8793] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8793] <... mprotect resumed>) = 0 [pid 8795] write(3, "1000", 4 [pid 5063] openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8795] <... write resumed>) = 4 [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 8795] close(3 [pid 8793] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8795] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8793] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8795] symlink("/dev/binderfs", "./binderfs" [pid 8793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] getdents64(3, [pid 8795] <... symlink resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8791] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8797 attached [pid 5063] umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8795] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8797] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8793] <... clone3 resumed> => {parent_tid=[8797]}, 88) = 8797 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8797] <... rseq resumed>) = 0 [pid 8793] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] newfstatat(AT_FDCWD, "./374/binderfs", [pid 8793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8797] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5063] unlink("./374/binderfs" [pid 8797] rt_sigprocmask(SIG_SETMASK, [], [pid 8795] <... futex resumed>) = 0 [pid 8793] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8791] <... futex resumed>) = 0 [pid 8797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8795] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8793] <... futex resumed>) = 0 [pid 8791] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8796 attached [pid 8797] memfd_create("syzkaller", 0 [pid 8795] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8793] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... unlink resumed>) = 0 [pid 8797] <... memfd_create resumed>) = 3 [pid 8796] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8795] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8796] <... rseq resumed>) = 0 [pid 8796] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8796] rt_sigprocmask(SIG_SETMASK, [], [pid 8797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8797] <... mmap resumed>) = 0x7f670b400000 [pid 8795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8795] <... mmap resumed>) = 0x7f6713892000 [pid 8796] memfd_create("syzkaller", 0 [pid 8795] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8796] <... memfd_create resumed>) = 3 [pid 8795] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8795] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8798]}, 88) = 8798 [pid 5063] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8795] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8798 attached [pid 8798] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8794] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8798] <... rseq resumed>) = 0 [pid 8795] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] newfstatat(AT_FDCWD, "./374/file0", [pid 8798] set_robust_list(0x7f67138b29a0, 24 [pid 8795] <... futex resumed>) = 0 [pid 8798] <... set_robust_list resumed>) = 0 [pid 8795] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8798] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8798] memfd_create("syzkaller", 0 [pid 8797] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8798] <... memfd_create resumed>) = 3 [pid 5063] openat(AT_FDCWD, "./374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", [pid 8798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./374/file0") = 0 [pid 5063] getdents64(3, [pid 8796] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8794] <... write resumed>) = 2097152 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./374" [pid 8794] munmap(0x7f670b400000, 138412032 [pid 8797] <... write resumed>) = 2097152 [pid 8794] <... munmap resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8797] munmap(0x7f670b400000, 138412032 [pid 5063] mkdir("./375", 0777 [pid 8798] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8797] <... munmap resumed>) = 0 [pid 8794] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... mkdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8794] <... openat resumed>) = 4 [pid 5063] <... openat resumed>) = 3 [pid 8794] ioctl(4, LOOP_SET_FD, 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8797] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8797] ioctl(4, LOOP_SET_FD, 3 [pid 8794] <... ioctl resumed>) = 0 [pid 8794] close(3 [pid 8798] <... write resumed>) = 2097152 [pid 8797] <... ioctl resumed>) = 0 [pid 8796] <... write resumed>) = 2097152 [pid 8794] <... close resumed>) = 0 [pid 8798] munmap(0x7f670b400000, 138412032 [pid 8797] close(3 [pid 8796] munmap(0x7f670b400000, 138412032 [pid 8794] close(4 [pid 8797] <... close resumed>) = 0 [pid 8794] <... close resumed>) = 0 [pid 8794] mkdir("./file0", 0777 [pid 8797] close(4) = 0 [pid 8797] mkdir("./file0", 0777 [pid 8794] <... mkdir resumed>) = 0 [pid 8794] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8798] <... munmap resumed>) = 0 [pid 8797] <... mkdir resumed>) = 0 [pid 8796] <... munmap resumed>) = 0 [ 306.892481][ T8794] loop4: detected capacity change from 0 to 4096 [ 306.906438][ T8797] loop2: detected capacity change from 0 to 4096 [pid 8798] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8797] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8796] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8794] <... mount resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8798] <... openat resumed>) = 4 [pid 8794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8796] <... openat resumed>) = 4 [pid 8794] <... openat resumed>) = 3 [pid 5063] close(3 [pid 8798] ioctl(4, LOOP_SET_FD, 3 [pid 8796] ioctl(4, LOOP_SET_FD, 3 [pid 8794] chdir("./file0" [pid 5063] <... close resumed>) = 0 [pid 8794] <... chdir resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8794] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 8799 attached ) = -1 EBUSY (Device or resource busy) [pid 8799] set_robust_list(0x5555569076a0, 24 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8799 [pid 8799] <... set_robust_list resumed>) = 0 [pid 8794] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8799] chdir("./375" [pid 8798] <... ioctl resumed>) = 0 [pid 8794] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8792] <... futex resumed>) = 0 [pid 8792] exit_group(0 [pid 8799] <... chdir resumed>) = 0 [pid 8794] <... futex resumed>) = ? [pid 8792] <... exit_group resumed>) = ? [pid 8794] +++ exited with 0 +++ [pid 8799] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8792] +++ exited with 0 +++ [pid 8799] <... prctl resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8792, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 8799] setpgid(0, 0 [pid 8798] close(3 [pid 8799] <... setpgid resumed>) = 0 [pid 5066] umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8798] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8798] close(4 [pid 5066] <... openat resumed>) = 3 [pid 8798] <... close resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 8799] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8799] write(3, "1000", 4 [pid 5066] getdents64(3, [pid 8799] <... write resumed>) = 4 [pid 8798] mkdir("./file0", 0777 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8799] close(3) = 0 [pid 8798] <... mkdir resumed>) = 0 [pid 5066] umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8799] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8798] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8796] <... ioctl resumed>) = 0 [pid 8799] <... symlink resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./369/binderfs", [pid 8799] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8796] close(3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8799] <... futex resumed>) = 0 [pid 8796] <... close resumed>) = 0 [pid 5066] unlink("./369/binderfs" [pid 8796] close(4) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 8799] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [ 306.961015][ T8798] loop3: detected capacity change from 0 to 4096 [ 306.970321][ T8796] loop0: detected capacity change from 0 to 4096 [pid 8796] mkdir("./file0", 0777 [pid 8799] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8796] <... mkdir resumed>) = 0 [pid 5066] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8799] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8796] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8799] <... mmap resumed>) = 0x7f6713892000 [pid 8799] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8799] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8799] <... clone3 resumed> => {parent_tid=[8800]}, 88) = 8800 [pid 5066] newfstatat(AT_FDCWD, "./369/file0", [pid 8799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8800 attached [pid 8799] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8800] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8799] <... futex resumed>) = 0 [pid 8800] <... rseq resumed>) = 0 [pid 8799] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8800] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8800] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] openat(AT_FDCWD, "./369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8800] memfd_create("syzkaller", 0 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8800] <... memfd_create resumed>) = 3 [pid 8797] <... mount resumed>) = 0 [pid 8800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] getdents64(4, [pid 8800] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 8797] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] rmdir("./369/file0" [pid 8797] <... openat resumed>) = 3 [pid 8797] chdir("./file0") = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 8797] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... close resumed>) = 0 [pid 8797] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] rmdir("./369" [pid 8797] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8793] <... futex resumed>) = 0 [pid 8797] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... rmdir resumed>) = 0 [pid 8798] <... mount resumed>) = 0 [pid 8793] exit_group(0 [pid 5066] mkdir("./370", 0777 [pid 8797] <... futex resumed>) = ? [pid 8793] <... exit_group resumed>) = ? [pid 5066] <... mkdir resumed>) = 0 [pid 8798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8797] +++ exited with 0 +++ [pid 8796] <... mount resumed>) = 0 [pid 8798] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8800] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8793] +++ exited with 0 +++ [pid 8798] chdir("./file0" [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8793, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 8798] <... chdir resumed>) = 0 [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 8798] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... restart_syscall resumed>) = 0 [pid 8798] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8798] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8796] chdir("./file0" [pid 5064] openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8796] <... chdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 8796] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8798] <... futex resumed>) = 1 [pid 8796] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8795] <... futex resumed>) = 0 [pid 8798] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8796] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8795] exit_group(0 [pid 8791] <... futex resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8798] <... futex resumed>) = ? [pid 8796] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8795] <... exit_group resumed>) = ? [pid 8791] exit_group(0 [pid 5064] newfstatat(AT_FDCWD, "./372/binderfs", [pid 8798] +++ exited with 0 +++ [pid 8796] <... futex resumed>) = ? [pid 8791] <... exit_group resumed>) = ? [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8796] +++ exited with 0 +++ [pid 8795] +++ exited with 0 +++ [pid 5064] unlink("./372/binderfs" [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8795, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5064] <... unlink resumed>) = 0 [pid 5065] umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8791] +++ exited with 0 +++ [pid 5065] openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 5064] <... umount2 resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8791, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 5064] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./372/file0", [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] newfstatat(AT_FDCWD, "./370/binderfs", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./367/binderfs", [pid 5065] unlink("./370/binderfs" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] unlink("./367/binderfs" [pid 5064] <... openat resumed>) = 4 [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./372/file0" [pid 5062] <... umount2 resumed>) = 0 [pid 8800] <... write resumed>) = 2097152 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./372") = 0 [pid 5064] mkdir("./373", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] newfstatat(AT_FDCWD, "./367/file0", [pid 8800] munmap(0x7f670b400000, 138412032 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5062] umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8800] <... munmap resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8800] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... ioctl resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8800] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", [pid 5065] newfstatat(AT_FDCWD, "./370/file0", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] getdents64(4, [pid 5065] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8800] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] getdents64(4, [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./370/file0") = 0 [pid 8800] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 5066] <... close resumed>) = 0 [pid 5065] getdents64(3, [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] rmdir("./367/file0" [pid 5065] close(3) = 0 [pid 5065] rmdir("./370") = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, [pid 5065] mkdir("./371", 0777 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5062] close(3 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... close resumed>) = 0 ./strace-static-x86_64: Process 8801 attached [pid 8800] close(3 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8801 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] rmdir("./367" [pid 8801] set_robust_list(0x5555569076a0, 24) = 0 [pid 8800] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5062] <... rmdir resumed>) = 0 [pid 8800] close(4 [pid 8801] chdir("./370" [pid 5062] mkdir("./368", 0777 [pid 8801] <... chdir resumed>) = 0 [pid 8800] <... close resumed>) = 0 [pid 5064] close(3 [pid 8800] mkdir("./file0", 0777 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] <... close resumed>) = 0 [pid 8801] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8800] <... mkdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... mkdir resumed>) = 0 [pid 8801] <... prctl resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8801] setpgid(0, 0./strace-static-x86_64: Process 8802 attached ) = 0 [pid 8800] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] <... openat resumed>) = 3 [pid 8802] set_robust_list(0x5555569076a0, 24 [pid 8801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8802] <... set_robust_list resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8802 [pid 8802] chdir("./373") = 0 [pid 8802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 307.216603][ T8800] loop1: detected capacity change from 0 to 4096 [pid 8802] setpgid(0, 0 [pid 8801] <... openat resumed>) = 3 [pid 8802] <... setpgid resumed>) = 0 [pid 8801] write(3, "1000", 4) = 4 [pid 8802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8801] close(3) = 0 [pid 8802] <... openat resumed>) = 3 [pid 8801] symlink("/dev/binderfs", "./binderfs" [pid 8802] write(3, "1000", 4) = 4 [pid 8801] <... symlink resumed>) = 0 [pid 8802] close(3 [pid 8801] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8802] <... close resumed>) = 0 [pid 8802] symlink("/dev/binderfs", "./binderfs" [pid 8801] <... futex resumed>) = 0 [pid 8801] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8801] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8802] <... symlink resumed>) = 0 [pid 8802] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8802] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8802] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8801] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8801] <... mprotect resumed>) = 0 [pid 8802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8801] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8802] <... mmap resumed>) = 0x7f6713892000 [pid 8801] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8802] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8802] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8801] <... clone3 resumed> => {parent_tid=[8803]}, 88) = 8803 [pid 8802] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 8803 attached [pid 8803] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8803] <... rseq resumed>) = 0 [pid 8801] rt_sigprocmask(SIG_SETMASK, [], [pid 8803] set_robust_list(0x7f67138b29a0, 24 [pid 8801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8803] <... set_robust_list resumed>) = 0 [pid 8802] <... clone3 resumed> => {parent_tid=[8804]}, 88) = 8804 [pid 8801] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8804 attached [pid 8803] rt_sigprocmask(SIG_SETMASK, [], [pid 8802] rt_sigprocmask(SIG_SETMASK, [], [pid 8801] <... futex resumed>) = 0 [pid 8803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8801] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... ioctl resumed>) = 0 [pid 8804] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8804] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8804] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8803] memfd_create("syzkaller", 0 [pid 8802] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8804] <... futex resumed>) = 0 [pid 8802] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8804] memfd_create("syzkaller", 0 [pid 8803] <... memfd_create resumed>) = 3 [pid 8800] <... mount resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8804] <... memfd_create resumed>) = 3 [pid 8803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8803] <... mmap resumed>) = 0x7f670b400000 [pid 5062] close(3) = 0 [pid 8804] <... mmap resumed>) = 0x7f670b400000 [pid 8800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] close(3 [pid 8800] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8805 attached [pid 8805] set_robust_list(0x5555569076a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8805 [pid 8805] <... set_robust_list resumed>) = 0 [pid 8805] chdir("./368" [pid 8800] chdir("./file0" [pid 8805] <... chdir resumed>) = 0 [pid 8805] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 8806 attached [pid 8800] <... chdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8806 [pid 8805] <... prctl resumed>) = 0 [pid 8806] set_robust_list(0x5555569076a0, 24 [pid 8805] setpgid(0, 0 [pid 8800] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8805] <... setpgid resumed>) = 0 [pid 8806] <... set_robust_list resumed>) = 0 [pid 8805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8800] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8800] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8799] <... futex resumed>) = 0 [pid 8806] chdir("./371" [pid 8805] <... openat resumed>) = 3 [pid 8800] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8799] exit_group(0 [pid 8806] <... chdir resumed>) = 0 [pid 8805] write(3, "1000", 4 [pid 8800] <... futex resumed>) = ? [pid 8799] <... exit_group resumed>) = ? [pid 8805] <... write resumed>) = 4 [pid 8800] +++ exited with 0 +++ [pid 8806] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8805] close(3 [pid 8806] <... prctl resumed>) = 0 [pid 8805] <... close resumed>) = 0 [pid 8806] setpgid(0, 0 [pid 8805] symlink("/dev/binderfs", "./binderfs" [pid 8806] <... setpgid resumed>) = 0 [pid 8806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8805] <... symlink resumed>) = 0 [pid 8806] <... openat resumed>) = 3 [pid 8805] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8806] write(3, "1000", 4 [pid 8805] <... futex resumed>) = 0 [pid 8799] +++ exited with 0 +++ [pid 8806] <... write resumed>) = 4 [pid 8806] close(3) = 0 [pid 8805] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8806] symlink("/dev/binderfs", "./binderfs" [pid 8805] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8806] <... symlink resumed>) = 0 [pid 8805] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8799, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 8805] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8806] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8806] <... futex resumed>) = 0 [pid 8805] <... mmap resumed>) = 0x7f6713892000 [pid 8806] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8805] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8806] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8805] <... mprotect resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8806] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8805] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8805] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8806] <... mmap resumed>) = 0x7f6713892000 [pid 8805] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8807 attached [pid 8806] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] newfstatat(3, "", [pid 8807] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8806] <... mprotect resumed>) = 0 [pid 8805] <... clone3 resumed> => {parent_tid=[8807]}, 88) = 8807 [pid 8803] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8807] <... rseq resumed>) = 0 [pid 8806] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8805] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8807] set_robust_list(0x7f67138b29a0, 24 [pid 8806] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8805] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] getdents64(3, [pid 8807] <... set_robust_list resumed>) = 0 [pid 8806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8808 attached [pid 8807] rt_sigprocmask(SIG_SETMASK, [], [pid 8805] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8808] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8807] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8806] <... clone3 resumed> => {parent_tid=[8808]}, 88) = 8808 [pid 8805] <... futex resumed>) = 0 [pid 5063] umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8808] <... rseq resumed>) = 0 [pid 8806] rt_sigprocmask(SIG_SETMASK, [], [pid 8808] set_robust_list(0x7f67138b29a0, 24 [pid 8806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8805] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8808] <... set_robust_list resumed>) = 0 [pid 8806] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8808] rt_sigprocmask(SIG_SETMASK, [], [pid 8807] memfd_create("syzkaller", 0 [pid 8806] <... futex resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./375/binderfs", [pid 8808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8806] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8808] memfd_create("syzkaller", 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8807] <... memfd_create resumed>) = 3 [pid 8804] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] unlink("./375/binderfs" [pid 8807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... unlink resumed>) = 0 [pid 5063] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8808] <... memfd_create resumed>) = 3 [pid 8808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./375/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./375/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./375") = 0 [pid 5063] mkdir("./376", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8803] <... write resumed>) = 2097152 [pid 8803] munmap(0x7f670b400000, 138412032 [pid 8808] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8807] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8804] <... write resumed>) = 2097152 [pid 8803] <... munmap resumed>) = 0 [pid 8804] munmap(0x7f670b400000, 138412032 [pid 8803] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8804] <... munmap resumed>) = 0 [pid 8803] <... openat resumed>) = 4 [pid 8804] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8803] ioctl(4, LOOP_SET_FD, 3 [pid 8804] <... openat resumed>) = 4 [pid 8804] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... ioctl resumed>) = 0 [pid 8804] <... ioctl resumed>) = 0 [pid 8803] <... ioctl resumed>) = 0 [pid 8803] close(3) = 0 [pid 8803] close(4) = 0 [pid 5063] close(3 [pid 8803] mkdir("./file0", 0777 [pid 5063] <... close resumed>) = 0 [pid 8803] <... mkdir resumed>) = 0 [pid 8803] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8809 attached , child_tidptr=0x555556907690) = 8809 [pid 8809] set_robust_list(0x5555569076a0, 24 [pid 8804] close(3 [pid 8809] <... set_robust_list resumed>) = 0 [pid 8809] chdir("./376") = 0 [pid 8804] <... close resumed>) = 0 [pid 8809] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8804] close(4 [pid 8809] <... prctl resumed>) = 0 [pid 8804] <... close resumed>) = 0 [pid 8809] setpgid(0, 0 [pid 8804] mkdir("./file0", 0777 [pid 8809] <... setpgid resumed>) = 0 [pid 8809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8804] <... mkdir resumed>) = 0 [pid 8809] <... openat resumed>) = 3 [pid 8804] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8809] write(3, "1000", 4) = 4 [pid 8807] <... write resumed>) = 2097152 [pid 8809] close(3) = 0 [pid 8809] symlink("/dev/binderfs", "./binderfs" [pid 8807] munmap(0x7f670b400000, 138412032 [pid 8809] <... symlink resumed>) = 0 [pid 8807] <... munmap resumed>) = 0 [ 307.548133][ T8803] loop4: detected capacity change from 0 to 4096 [ 307.559309][ T8804] loop2: detected capacity change from 0 to 4096 [pid 8809] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8809] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8809] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8810]}, 88) = 8810 ./strace-static-x86_64: Process 8810 attached [pid 8809] rt_sigprocmask(SIG_SETMASK, [], [pid 8810] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8807] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8803] <... mount resumed>) = 0 [pid 8810] <... rseq resumed>) = 0 [pid 8809] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8807] <... openat resumed>) = 4 [pid 8803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8810] set_robust_list(0x7f67138b29a0, 24 [pid 8809] <... futex resumed>) = 0 [pid 8807] ioctl(4, LOOP_SET_FD, 3 [pid 8803] <... openat resumed>) = 3 [pid 8810] <... set_robust_list resumed>) = 0 [pid 8809] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8808] <... write resumed>) = 2097152 [pid 8808] munmap(0x7f670b400000, 138412032 [pid 8810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8810] memfd_create("syzkaller", 0 [pid 8808] <... munmap resumed>) = 0 [pid 8803] chdir("./file0") = 0 [pid 8803] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8803] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8801] <... futex resumed>) = 0 [pid 8803] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8801] exit_group(0 [pid 8810] <... memfd_create resumed>) = 3 [pid 8803] <... futex resumed>) = ? [pid 8801] <... exit_group resumed>) = ? [pid 8810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8803] +++ exited with 0 +++ [pid 8810] <... mmap resumed>) = 0x7f670b400000 [pid 8801] +++ exited with 0 +++ [pid 8807] <... ioctl resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8801, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8807] close(3) = 0 [pid 8807] close(4) = 0 [pid 8807] mkdir("./file0", 0777) = 0 [pid 8804] <... mount resumed>) = 0 [pid 8808] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8808] <... openat resumed>) = 4 [pid 8804] <... openat resumed>) = 3 [pid 5066] umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8804] chdir("./file0" [pid 8807] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8808] ioctl(4, LOOP_SET_FD, 3 [pid 8804] <... chdir resumed>) = 0 [pid 8808] <... ioctl resumed>) = 0 [pid 8804] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 8804] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8804] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8804] <... futex resumed>) = 1 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8804] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] newfstatat(AT_FDCWD, "./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./370/binderfs") = 0 [pid 8802] <... futex resumed>) = 0 [pid 8802] exit_group(0 [pid 8804] <... futex resumed>) = ? [pid 8802] <... exit_group resumed>) = ? [pid 5066] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 8804] +++ exited with 0 +++ [pid 8802] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8802, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [ 307.621789][ T8807] loop0: detected capacity change from 0 to 4096 [ 307.659139][ T8808] loop3: detected capacity change from 0 to 4096 [pid 5064] umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./373/binderfs") = 0 [pid 5064] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8808] close(3 [pid 8810] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8808] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = 0 [pid 8808] close(4 [pid 5066] newfstatat(AT_FDCWD, "./370/file0", [pid 5064] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8808] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8808] mkdir("./file0", 0777 [pid 8807] <... mount resumed>) = 0 [pid 5066] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(AT_FDCWD, "./373/file0", [pid 8808] <... mkdir resumed>) = 0 [pid 8807] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8808] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8807] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "./370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8807] chdir("./file0" [pid 5066] <... openat resumed>) = 4 [pid 8807] <... chdir resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8807] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8807] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8807] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] openat(AT_FDCWD, "./373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8807] <... futex resumed>) = 1 [pid 8805] <... futex resumed>) = 0 [pid 5066] getdents64(4, [pid 8807] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8805] exit_group(0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... openat resumed>) = 4 [pid 8807] <... futex resumed>) = ? [pid 8805] <... exit_group resumed>) = ? [pid 5066] close(4 [pid 5064] newfstatat(4, "", [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./370/file0" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] close(3) = 0 [pid 5064] getdents64(4, [pid 5066] rmdir("./370" [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] close(4 [pid 5066] mkdir("./371", 0777 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./373/file0" [pid 5066] <... mkdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./373" [pid 8807] +++ exited with 0 +++ [pid 8805] +++ exited with 0 +++ [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./374", 0777 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8805, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 8808] <... mount resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] <... mkdir resumed>) = 0 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] <... restart_syscall resumed>) = 0 [pid 8808] <... openat resumed>) = 3 [pid 8808] chdir("./file0") = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8808] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8808] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8808] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8808] <... futex resumed>) = 1 [pid 8808] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5064] close(3 [pid 5062] newfstatat(3, "", [pid 5064] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8806] <... futex resumed>) = 0 [pid 5062] getdents64(3, [pid 8806] exit_group(0) = ? [pid 8808] <... futex resumed>) = ? [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8811 [pid 8808] +++ exited with 0 +++ [pid 8806] +++ exited with 0 +++ ./strace-static-x86_64: Process 8811 attached [pid 5062] umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8811] set_robust_list(0x5555569076a0, 24 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8811] <... set_robust_list resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./368/binderfs", [pid 8811] chdir("./374" [pid 8810] <... write resumed>) = 2097152 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8806, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./368/binderfs" [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 8811] <... chdir resumed>) = 0 [pid 5065] <... restart_syscall resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8811] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8811] <... prctl resumed>) = 0 [pid 8811] setpgid(0, 0) = 0 [pid 8811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8811] write(3, "1000", 4) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./371/binderfs", [pid 8811] close(3 [pid 8810] munmap(0x7f670b400000, 138412032 [pid 5062] <... umount2 resumed>) = 0 [pid 8811] <... close resumed>) = 0 [pid 8811] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8810] <... munmap resumed>) = 0 [pid 5065] unlink("./371/binderfs" [pid 8811] <... symlink resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8811] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(AT_FDCWD, "./368/file0", [pid 8811] <... futex resumed>) = 0 [pid 8811] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] <... umount2 resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8811] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8811] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] openat(AT_FDCWD, "./368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8811] <... mmap resumed>) = 0x7f6713892000 [pid 5065] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... openat resumed>) = 4 [pid 8811] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(4, "", [pid 8811] <... mprotect resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./371/file0", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8811] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8810] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8810] <... openat resumed>) = 4 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 8810] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 8811] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] getdents64(4, [pid 5065] close(4) = 0 [pid 5065] rmdir("./371/file0") = 0 [pid 8811] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./371") = 0 ./strace-static-x86_64: Process 8812 attached [pid 5065] mkdir("./372", 0777 [pid 8812] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8811] <... clone3 resumed> => {parent_tid=[8812]}, 88) = 8812 [pid 5065] <... mkdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8811] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] close(4 [pid 8811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8812] <... rseq resumed>) = 0 [pid 8811] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... close resumed>) = 0 [pid 8811] <... futex resumed>) = 0 [pid 5062] rmdir("./368/file0" [pid 8811] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8812] set_robust_list(0x7f67138b29a0, 24 [pid 5062] <... rmdir resumed>) = 0 [pid 8812] <... set_robust_list resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] getdents64(3, [pid 8812] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... ioctl resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 8812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8812] memfd_create("syzkaller", 0 [pid 8810] <... ioctl resumed>) = 0 [pid 8810] close(3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8810] <... close resumed>) = 0 [pid 8810] close(4 [pid 8812] <... memfd_create resumed>) = 3 [pid 8810] <... close resumed>) = 0 [pid 8812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8810] mkdir("./file0", 0777 [pid 8812] <... mmap resumed>) = 0x7f670b400000 [pid 8810] <... mkdir resumed>) = 0 [pid 5066] close(3 [pid 5062] close(3 [pid 5066] <... close resumed>) = 0 [pid 8810] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... close resumed>) = 0 [ 307.843568][ T8810] loop1: detected capacity change from 0 to 4096 [pid 5062] rmdir("./368"./strace-static-x86_64: Process 8813 attached [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8813 [pid 5062] <... rmdir resumed>) = 0 [pid 8813] set_robust_list(0x5555569076a0, 24) = 0 [pid 8813] chdir("./371") = 0 [pid 5062] mkdir("./369", 0777 [pid 8813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8813] setpgid(0, 0) = 0 [pid 8813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 8813] write(3, "1000", 4) = 4 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8813] close(3) = 0 [pid 8813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8813] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8813] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8812] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8813] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... ioctl resumed>) = 0 [pid 8813] <... mprotect resumed>) = 0 [pid 5065] close(3) = 0 [pid 8813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8814 attached [pid 8813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8815 attached [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8814 [pid 8815] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8814] set_robust_list(0x5555569076a0, 24 [pid 8813] <... clone3 resumed> => {parent_tid=[8815]}, 88) = 8815 [pid 8815] <... rseq resumed>) = 0 [pid 8814] <... set_robust_list resumed>) = 0 [pid 8813] rt_sigprocmask(SIG_SETMASK, [], [pid 8810] <... mount resumed>) = 0 [pid 8815] set_robust_list(0x7f67138b29a0, 24 [pid 8814] chdir("./372" [pid 8813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8815] <... set_robust_list resumed>) = 0 [pid 8814] <... chdir resumed>) = 0 [pid 8813] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8810] <... openat resumed>) = 3 [pid 8815] rt_sigprocmask(SIG_SETMASK, [], [pid 8814] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8813] <... futex resumed>) = 0 [pid 8810] chdir("./file0" [pid 5062] <... ioctl resumed>) = 0 [pid 8815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8814] <... prctl resumed>) = 0 [pid 8813] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8810] <... chdir resumed>) = 0 [pid 5062] close(3 [pid 8815] memfd_create("syzkaller", 0 [pid 8814] setpgid(0, 0 [pid 8815] <... memfd_create resumed>) = 3 [pid 5062] <... close resumed>) = 0 [pid 8814] <... setpgid resumed>) = 0 [pid 8815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8810] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8814] <... openat resumed>) = 3 [pid 8810] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8814] write(3, "1000", 4 [pid 8810] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8816 [pid 8815] <... mmap resumed>) = 0x7f670b400000 [pid 8814] <... write resumed>) = 4 [pid 8810] <... futex resumed>) = 1 [pid 8809] <... futex resumed>) = 0 [pid 8810] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8809] exit_group(0./strace-static-x86_64: Process 8816 attached [pid 8810] <... futex resumed>) = ? [pid 8809] <... exit_group resumed>) = ? [pid 8810] +++ exited with 0 +++ [pid 8809] +++ exited with 0 +++ [pid 8814] close(3 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8809, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5063] umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8816] set_robust_list(0x5555569076a0, 24 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8816] <... set_robust_list resumed>) = 0 [pid 8814] <... close resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8816] chdir("./369" [pid 8814] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... openat resumed>) = 3 [pid 8816] <... chdir resumed>) = 0 [pid 8814] <... symlink resumed>) = 0 [pid 5063] newfstatat(3, "", [pid 8816] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8814] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8816] <... prctl resumed>) = 0 [pid 5063] getdents64(3, [pid 8816] setpgid(0, 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8816] <... setpgid resumed>) = 0 [pid 8812] <... write resumed>) = 2097152 [pid 5063] umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8816] <... openat resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8814] <... futex resumed>) = 0 [pid 8812] munmap(0x7f670b400000, 138412032 [pid 8816] write(3, "1000", 4 [pid 8814] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] unlink("./376/binderfs" [pid 8816] <... write resumed>) = 4 [pid 5063] <... unlink resumed>) = 0 [pid 8816] close(3 [pid 5063] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8814] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8816] <... close resumed>) = 0 [pid 8814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8812] <... munmap resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8816] symlink("/dev/binderfs", "./binderfs" [pid 8814] <... mmap resumed>) = 0x7f6713892000 [pid 5063] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8816] <... symlink resumed>) = 0 [pid 8814] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8812] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8814] <... mprotect resumed>) = 0 [pid 8816] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8814] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8812] <... openat resumed>) = 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8812] ioctl(4, LOOP_SET_FD, 3 [pid 5063] newfstatat(AT_FDCWD, "./376/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8816] <... futex resumed>) = 0 [pid 5063] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8816] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8816] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "./376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... openat resumed>) = 4 [pid 8816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] newfstatat(4, "", [pid 8816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8814] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8817 attached [pid 8815] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8812] <... ioctl resumed>) = 0 [pid 8817] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8812] close(3 [pid 8817] <... rseq resumed>) = 0 [pid 8816] <... mmap resumed>) = 0x7f6713892000 [pid 8812] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8817] set_robust_list(0x7f67138b29a0, 24 [pid 8816] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8812] close(4 [pid 5063] getdents64(4, [pid 8817] <... set_robust_list resumed>) = 0 [pid 8816] <... mprotect resumed>) = 0 [pid 8812] <... close resumed>) = 0 [pid 8814] <... clone3 resumed> => {parent_tid=[8817]}, 88) = 8817 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8817] rt_sigprocmask(SIG_SETMASK, [], [pid 8814] rt_sigprocmask(SIG_SETMASK, [], [pid 8812] mkdir("./file0", 0777 [pid 8817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8816] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] getdents64(4, [pid 8817] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8814] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8814] <... futex resumed>) = 0 [pid 8812] <... mkdir resumed>) = 0 [pid 8817] memfd_create("syzkaller", 0 [pid 8816] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8814] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8812] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8817] <... memfd_create resumed>) = 3 [pid 8817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] close(4./strace-static-x86_64: Process 8818 attached [pid 8817] <... mmap resumed>) = 0x7f670b400000 [pid 5063] <... close resumed>) = 0 [pid 8818] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8816] <... clone3 resumed> => {parent_tid=[8818]}, 88) = 8818 [pid 5063] rmdir("./376/file0" [pid 8818] set_robust_list(0x7f67138b29a0, 24 [pid 8816] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... rmdir resumed>) = 0 [pid 8818] <... set_robust_list resumed>) = 0 [pid 8816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8818] rt_sigprocmask(SIG_SETMASK, [], [pid 8816] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(3, [pid 8818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8816] <... futex resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8816] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] close(3) = 0 [pid 5063] rmdir("./376" [pid 8818] memfd_create("syzkaller", 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./377", 0777 [pid 8818] <... memfd_create resumed>) = 3 [pid 8818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... mkdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 308.076904][ T8812] loop2: detected capacity change from 0 to 4096 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8815] <... write resumed>) = 2097152 [pid 8815] munmap(0x7f670b400000, 138412032) = 0 [pid 8815] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8817] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8818] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8815] close(3 [pid 8812] <... mount resumed>) = 0 [pid 8815] <... close resumed>) = 0 [pid 8815] close(4 [pid 8812] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8812] chdir("./file0") = 0 [pid 8812] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8815] <... close resumed>) = 0 [pid 8815] mkdir("./file0", 0777) = 0 [pid 8812] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8815] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8812] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8811] <... futex resumed>) = 0 [pid 8812] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8811] exit_group(0 [pid 8812] <... futex resumed>) = ? [pid 8811] <... exit_group resumed>) = ? [pid 8812] +++ exited with 0 +++ [ 308.169315][ T8815] loop4: detected capacity change from 0 to 4096 [pid 8811] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8811, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5064] umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./374/binderfs") = 0 [pid 5064] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5064] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./374/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] close(3 [pid 8817] <... write resumed>) = 2097152 [pid 5064] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 8817] munmap(0x7f670b400000, 138412032 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8819 attached [pid 8818] <... write resumed>) = 2097152 [pid 8817] <... munmap resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8819] set_robust_list(0x5555569076a0, 24) = 0 [pid 8818] munmap(0x7f670b400000, 138412032 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8819 [pid 8818] <... munmap resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./374/file0" [pid 8817] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... rmdir resumed>) = 0 [pid 8817] <... openat resumed>) = 4 [pid 5064] getdents64(3, [pid 8817] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8819] chdir("./377" [pid 5064] close(3 [pid 8819] <... chdir resumed>) = 0 [pid 8818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./374" [pid 8818] <... openat resumed>) = 4 [pid 8819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8818] ioctl(4, LOOP_SET_FD, 3 [pid 8819] setpgid(0, 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./375", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8819] <... setpgid resumed>) = 0 [pid 8819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8815] <... mount resumed>) = 0 [pid 8815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8815] chdir("./file0") = 0 [pid 8815] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8815] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8819] write(3, "1000", 4 [pid 8817] <... ioctl resumed>) = 0 [pid 8815] <... futex resumed>) = 1 [pid 8813] <... futex resumed>) = 0 [pid 8819] <... write resumed>) = 4 [pid 8818] <... ioctl resumed>) = 0 [pid 8815] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8813] exit_group(0 [pid 8819] close(3 [pid 8818] close(3 [pid 8817] close(3 [pid 8815] <... futex resumed>) = ? [pid 8813] <... exit_group resumed>) = ? [pid 8819] <... close resumed>) = 0 [pid 8818] <... close resumed>) = 0 [pid 8817] <... close resumed>) = 0 [pid 8815] +++ exited with 0 +++ [pid 8819] symlink("/dev/binderfs", "./binderfs" [pid 8818] close(4 [pid 8817] close(4 [pid 8813] +++ exited with 0 +++ [pid 8819] <... symlink resumed>) = 0 [pid 8817] <... close resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8813, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 8818] <... close resumed>) = 0 [pid 8819] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8818] mkdir("./file0", 0777 [pid 8817] mkdir("./file0", 0777 [pid 8818] <... mkdir resumed>) = 0 [pid 8817] <... mkdir resumed>) = 0 [pid 8819] <... futex resumed>) = 0 [pid 8818] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8819] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8817] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5066] umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 308.296449][ T8817] loop3: detected capacity change from 0 to 4096 [ 308.308315][ T8818] loop0: detected capacity change from 0 to 4096 [pid 8819] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8819] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... openat resumed>) = 3 [pid 8819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 8819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] newfstatat(3, "", [pid 8819] <... mmap resumed>) = 0x7f6713892000 [pid 8819] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8819] <... mprotect resumed>) = 0 [pid 5066] getdents64(3, [pid 5064] close(3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... close resumed>) = 0 [pid 5066] umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8820 attached [pid 8819] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8820] set_robust_list(0x5555569076a0, 24 [pid 8819] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] newfstatat(AT_FDCWD, "./371/binderfs", [pid 8820] <... set_robust_list resumed>) = 0 [pid 8819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8820] chdir("./375" [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8820 ./strace-static-x86_64: Process 8821 attached [pid 8820] <... chdir resumed>) = 0 [pid 8818] <... mount resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8821] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8820] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8819] <... clone3 resumed> => {parent_tid=[8821]}, 88) = 8821 [pid 8818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] unlink("./371/binderfs" [pid 8821] <... rseq resumed>) = 0 [pid 8820] <... prctl resumed>) = 0 [pid 8819] rt_sigprocmask(SIG_SETMASK, [], [pid 8818] <... openat resumed>) = 3 [pid 5066] <... unlink resumed>) = 0 [pid 8821] set_robust_list(0x7f67138b29a0, 24 [pid 8820] setpgid(0, 0 [pid 8819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8821] <... set_robust_list resumed>) = 0 [pid 8820] <... setpgid resumed>) = 0 [pid 8819] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8818] chdir("./file0" [pid 8821] rt_sigprocmask(SIG_SETMASK, [], [pid 8820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8819] <... futex resumed>) = 0 [pid 8821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8820] <... openat resumed>) = 3 [pid 8819] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8818] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8817] <... mount resumed>) = 0 [pid 8821] memfd_create("syzkaller", 0 [pid 8818] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8818] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8816] <... futex resumed>) = 0 [pid 8821] <... memfd_create resumed>) = 3 [pid 8818] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8817] <... openat resumed>) = 3 [pid 8816] exit_group(0 [pid 5066] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8821] <... mmap resumed>) = 0x7f670b400000 [pid 8818] <... futex resumed>) = ? [pid 8817] chdir("./file0" [pid 8820] write(3, "1000", 4 [pid 8816] <... exit_group resumed>) = ? [pid 5066] newfstatat(AT_FDCWD, "./371/file0", [pid 8820] <... write resumed>) = 4 [pid 8818] +++ exited with 0 +++ [pid 8817] <... chdir resumed>) = 0 [pid 8816] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8817] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8816, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8817] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8817] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8820] close(3 [pid 8817] <... futex resumed>) = 1 [pid 8814] <... futex resumed>) = 0 [pid 5066] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8820] <... close resumed>) = 0 [pid 8817] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8814] exit_group(0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8820] symlink("/dev/binderfs", "./binderfs" [pid 8817] <... futex resumed>) = ? [pid 8814] <... exit_group resumed>) = ? [pid 5066] openat(AT_FDCWD, "./371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8820] <... symlink resumed>) = 0 [pid 8817] +++ exited with 0 +++ [pid 5062] openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... openat resumed>) = 4 [pid 8820] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... openat resumed>) = 3 [pid 8820] <... futex resumed>) = 0 [pid 8814] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", [pid 5062] newfstatat(3, "", [pid 8820] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8814, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8820] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] getdents64(4, [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8820] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] getdents64(4, [pid 5065] umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] getdents64(3, [pid 8820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./372/binderfs") = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8820] <... mmap resumed>) = 0x7f6713892000 [pid 5066] rmdir("./371/file0" [pid 8820] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(3, [pid 5062] newfstatat(AT_FDCWD, "./369/binderfs", [pid 8820] <... mprotect resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8820] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... close resumed>) = 0 [pid 5062] unlink("./369/binderfs" [pid 8820] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] rmdir("./371" [pid 5062] <... unlink resumed>) = 0 [pid 8820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5062] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] mkdir("./372", 0777 [pid 5065] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8820] <... clone3 resumed> => {parent_tid=[8822]}, 88) = 8822 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8822 attached [pid 8820] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] newfstatat(AT_FDCWD, "./372/file0", [pid 5062] <... umount2 resumed>) = 0 [pid 8822] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8822] <... rseq resumed>) = 0 [pid 8820] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8822] set_robust_list(0x7f67138b29a0, 24 [pid 8820] <... futex resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8822] <... set_robust_list resumed>) = 0 [pid 8820] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] openat(AT_FDCWD, "./372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8822] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] newfstatat(4, "", [pid 5062] newfstatat(AT_FDCWD, "./369/file0", [pid 8822] memfd_create("syzkaller", 0) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] getdents64(4, [pid 8822] <... mmap resumed>) = 0x7f670b400000 [pid 8821] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(4, [pid 5062] umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(4 [pid 5062] openat(AT_FDCWD, "./369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5065] rmdir("./372/file0" [pid 5062] newfstatat(4, "", [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./372") = 0 [pid 5065] mkdir("./373", 0777) = 0 [pid 5062] getdents64(4, [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5062] getdents64(4, [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8823 attached [pid 8823] set_robust_list(0x5555569076a0, 24) = 0 [pid 8823] chdir("./373" [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8823 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8823] <... chdir resumed>) = 0 [pid 5062] close(4 [pid 8823] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./369/file0" [pid 8823] <... prctl resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8823] setpgid(0, 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8823] <... setpgid resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] close(3 [pid 8823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... close resumed>) = 0 [pid 8823] <... openat resumed>) = 3 [pid 8823] write(3, "1000", 4) = 4 [pid 8823] close(3) = 0 [pid 8823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8823] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8823] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8823] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8822] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8821] <... write resumed>) = 2097152 [pid 5066] close(3 [pid 5062] rmdir("./369" [pid 5066] <... close resumed>) = 0 [pid 8823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8823] <... mmap resumed>) = 0x7f6713892000 [pid 5062] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8824 attached [pid 8823] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] mkdir("./370", 0777 [pid 8824] set_robust_list(0x5555569076a0, 24 [pid 8823] <... mprotect resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8824 [pid 8824] <... set_robust_list resumed>) = 0 [pid 8823] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8824] chdir("./372") = 0 [pid 8823] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8824] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8821] munmap(0x7f670b400000, 138412032./strace-static-x86_64: Process 8825 attached [pid 8824] <... prctl resumed>) = 0 [pid 8824] setpgid(0, 0 [pid 8825] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8824] <... setpgid resumed>) = 0 [pid 8823] <... clone3 resumed> => {parent_tid=[8825]}, 88) = 8825 [pid 8825] <... rseq resumed>) = 0 [pid 8824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8823] rt_sigprocmask(SIG_SETMASK, [], [pid 8825] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8825] rt_sigprocmask(SIG_SETMASK, [], [pid 8824] <... openat resumed>) = 3 [pid 8823] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8821] <... munmap resumed>) = 0 [pid 8823] <... futex resumed>) = 0 [pid 8824] write(3, "1000", 4 [pid 8823] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8824] <... write resumed>) = 4 [pid 8824] close(3) = 0 [pid 8824] symlink("/dev/binderfs", "./binderfs" [pid 8825] memfd_create("syzkaller", 0 [pid 8824] <... symlink resumed>) = 0 [pid 8824] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8824] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8825] <... memfd_create resumed>) = 3 [pid 8824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8825] <... mmap resumed>) = 0x7f670b400000 [pid 8824] <... mmap resumed>) = 0x7f6713892000 [pid 8824] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8826 attached => {parent_tid=[8826]}, 88) = 8826 [pid 8826] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8824] rt_sigprocmask(SIG_SETMASK, [], [pid 8826] <... rseq resumed>) = 0 [pid 8826] set_robust_list(0x7f67138b29a0, 24 [pid 8824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8826] <... set_robust_list resumed>) = 0 [pid 8824] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8826] rt_sigprocmask(SIG_SETMASK, [], [pid 8824] <... futex resumed>) = 0 [pid 8826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8824] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8826] memfd_create("syzkaller", 0) = 3 [pid 8826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8821] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8826] <... mmap resumed>) = 0x7f670b400000 [pid 8821] <... openat resumed>) = 4 [pid 8821] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... ioctl resumed>) = 0 [pid 8821] <... ioctl resumed>) = 0 [pid 8821] close(3 [pid 8822] <... write resumed>) = 2097152 [pid 8821] <... close resumed>) = 0 [pid 5062] close(3 [pid 8821] close(4) = 0 [pid 8825] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8821] mkdir("./file0", 0777 [pid 5062] <... close resumed>) = 0 [pid 8821] <... mkdir resumed>) = 0 [pid 8821] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8822] munmap(0x7f670b400000, 138412032 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8822] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 8827 attached [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8827 [pid 8827] set_robust_list(0x5555569076a0, 24) = 0 [pid 8827] chdir("./370") = 0 [ 308.636153][ T8821] loop1: detected capacity change from 0 to 4096 [pid 8827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8827] setpgid(0, 0 [pid 8826] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8827] <... setpgid resumed>) = 0 [pid 8822] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8822] <... openat resumed>) = 4 [pid 8827] <... openat resumed>) = 3 [pid 8822] ioctl(4, LOOP_SET_FD, 3 [pid 8827] write(3, "1000", 4) = 4 [pid 8827] close(3) = 0 [pid 8827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8827] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8827] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8827] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8827] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8821] <... mount resumed>) = 0 [pid 8827] <... mprotect resumed>) = 0 [pid 8827] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8821] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8821] chdir("./file0" [pid 8827] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8828 attached [pid 8821] <... chdir resumed>) = 0 [pid 8828] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8828] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8828] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8827] <... clone3 resumed> => {parent_tid=[8828]}, 88) = 8828 [pid 8827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8827] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8828] <... futex resumed>) = 0 [pid 8827] <... futex resumed>) = 1 [pid 8828] memfd_create("syzkaller", 0 [pid 8827] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8828] <... memfd_create resumed>) = 3 [pid 8828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8821] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8825] <... write resumed>) = 2097152 [pid 8822] <... ioctl resumed>) = 0 [pid 8821] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8822] close(3 [pid 8821] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8822] <... close resumed>) = 0 [pid 8822] close(4 [pid 8821] <... futex resumed>) = 1 [pid 8819] <... futex resumed>) = 0 [pid 8822] <... close resumed>) = 0 [pid 8828] <... mmap resumed>) = 0x7f670b400000 [pid 8822] mkdir("./file0", 0777 [pid 8819] exit_group(0) = ? [pid 8821] +++ exited with 0 +++ [pid 8819] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8819, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 8822] <... mkdir resumed>) = 0 [pid 5063] umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 308.711398][ T8822] loop2: detected capacity change from 0 to 4096 [pid 5063] openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8822] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./377/binderfs") = 0 [pid 5063] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 8825] munmap(0x7f670b400000, 138412032) = 0 [pid 5063] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./377/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8826] <... write resumed>) = 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8825] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] getdents64(4, [pid 8825] <... openat resumed>) = 4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 8825] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./377/file0" [pid 8822] <... mount resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./377" [pid 8826] munmap(0x7f670b400000, 138412032 [pid 5063] <... rmdir resumed>) = 0 [pid 8822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] mkdir("./378", 0777 [pid 8822] <... openat resumed>) = 3 [pid 5063] <... mkdir resumed>) = 0 [pid 8822] chdir("./file0") = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8822] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5063] <... openat resumed>) = 3 [pid 8822] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8820] <... futex resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8822] <... futex resumed>) = 1 [pid 8820] exit_group(0) = ? [pid 8826] <... munmap resumed>) = 0 [pid 8825] <... ioctl resumed>) = 0 [pid 8828] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8826] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8825] close(3 [pid 8822] +++ exited with 0 +++ [pid 8820] +++ exited with 0 +++ [pid 8826] <... openat resumed>) = 4 [pid 8825] <... close resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8820, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 8826] ioctl(4, LOOP_SET_FD, 3 [pid 8825] close(4 [pid 5064] umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 308.811261][ T8825] loop3: detected capacity change from 0 to 4096 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8825] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 8825] mkdir("./file0", 0777 [pid 8826] <... ioctl resumed>) = 0 [pid 8825] <... mkdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8826] close(3 [pid 5064] umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8826] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8826] close(4 [pid 5064] newfstatat(AT_FDCWD, "./375/binderfs", [pid 8826] <... close resumed>) = 0 [pid 8825] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8828] <... write resumed>) = 2097152 [pid 5064] unlink("./375/binderfs" [pid 8828] munmap(0x7f670b400000, 138412032 [pid 8826] mkdir("./file0", 0777) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8828] <... munmap resumed>) = 0 [pid 8826] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5064] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... umount2 resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8828] <... openat resumed>) = 4 [pid 5064] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 308.857414][ T8826] loop4: detected capacity change from 0 to 4096 [pid 5063] close(3 [pid 8828] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./375/file0", [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8829 attached [pid 8828] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8829] set_robust_list(0x5555569076a0, 24 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8829] <... set_robust_list resumed>) = 0 [pid 8828] close(3 [pid 5064] openat(AT_FDCWD, "./375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8828] <... close resumed>) = 0 [pid 8828] close(4 [pid 5064] <... openat resumed>) = 4 [pid 8829] chdir("./378") = 0 [pid 8828] <... close resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 8829] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8828] mkdir("./file0", 0777 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8829 [pid 8829] <... prctl resumed>) = 0 [pid 8829] setpgid(0, 0 [pid 5064] getdents64(4, [pid 8829] <... setpgid resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] getdents64(4, [pid 8828] <... mkdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8829] <... openat resumed>) = 3 [pid 8828] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5064] close(4 [pid 8829] write(3, "1000", 4 [pid 5064] <... close resumed>) = 0 [pid 8829] <... write resumed>) = 4 [pid 5064] rmdir("./375/file0" [pid 8829] close(3) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] getdents64(3, [pid 8825] <... mount resumed>) = 0 [pid 8829] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8829] <... futex resumed>) = 0 [pid 8825] <... openat resumed>) = 3 [pid 5064] close(3 [pid 8829] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... close resumed>) = 0 [pid 8825] chdir("./file0" [pid 8829] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] rmdir("./375" [pid 8829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8825] <... chdir resumed>) = 0 [pid 8829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8825] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8829] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8825] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8829] <... mprotect resumed>) = 0 [pid 8825] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8829] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8825] <... futex resumed>) = 1 [pid 8823] <... futex resumed>) = 0 [pid 8825] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8823] exit_group(0 [pid 8829] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8823] <... exit_group resumed>) = ? [pid 8829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8825] <... futex resumed>) = ? ./strace-static-x86_64: Process 8830 attached [pid 8830] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8829] <... clone3 resumed> => {parent_tid=[8830]}, 88) = 8830 [pid 8830] <... rseq resumed>) = 0 [pid 8829] rt_sigprocmask(SIG_SETMASK, [], [pid 8830] set_robust_list(0x7f67138b29a0, 24 [pid 8829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8830] <... set_robust_list resumed>) = 0 [pid 8829] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [ 308.919281][ T8828] loop0: detected capacity change from 0 to 4096 [pid 8830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8829] <... futex resumed>) = 0 [pid 8830] memfd_create("syzkaller", 0 [pid 8829] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8830] <... memfd_create resumed>) = 3 [pid 8828] <... mount resumed>) = 0 [pid 8826] <... mount resumed>) = 0 [pid 8825] +++ exited with 0 +++ [pid 8823] +++ exited with 0 +++ [pid 8830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8823, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 8830] <... mmap resumed>) = 0x7f670b400000 [pid 8828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8826] <... openat resumed>) = 3 [pid 8828] <... openat resumed>) = 3 [pid 8826] chdir("./file0" [pid 5064] <... rmdir resumed>) = 0 [pid 8826] <... chdir resumed>) = 0 [pid 5065] umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] mkdir("./376", 0777 [pid 8826] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8826] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8828] chdir("./file0" [pid 8826] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8828] <... chdir resumed>) = 0 [pid 8826] <... futex resumed>) = 1 [pid 8824] <... futex resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 8826] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8824] exit_group(0 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8826] <... futex resumed>) = ? [pid 8824] <... exit_group resumed>) = ? [pid 5065] getdents64(3, [pid 8826] +++ exited with 0 +++ [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8828] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] newfstatat(AT_FDCWD, "./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8828] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... mkdir resumed>) = 0 [pid 8828] <... futex resumed>) = 1 [pid 8827] <... futex resumed>) = 0 [pid 8828] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8827] exit_group(0 [pid 5065] unlink("./373/binderfs" [pid 8828] <... futex resumed>) = ? [pid 8827] <... exit_group resumed>) = ? [pid 8828] +++ exited with 0 +++ [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8824] +++ exited with 0 +++ [pid 5065] <... unlink resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8824, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 8827] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8827, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5062] umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./370/binderfs") = 0 [pid 5062] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] newfstatat(AT_FDCWD, "./373/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(4, "", [pid 5062] newfstatat(AT_FDCWD, "./370/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] getdents64(3, [pid 5065] getdents64(4, [pid 5062] umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, [pid 5062] openat(AT_FDCWD, "./370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] newfstatat(AT_FDCWD, "./372/binderfs", [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5065] close(4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./373/file0" [pid 5062] newfstatat(4, "", [pid 5066] unlink("./372/binderfs" [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 8830] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... unlink resumed>) = 0 [pid 5065] getdents64(3, [pid 5066] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] getdents64(4, [pid 5065] close(3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 5062] close(4 [pid 5065] rmdir("./373" [pid 5062] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] rmdir("./370/file0" [pid 5066] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] <... rmdir resumed>) = 0 [pid 5065] mkdir("./374", 0777 [pid 5066] newfstatat(AT_FDCWD, "./372/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5066] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5062] getdents64(3, [pid 5066] openat(AT_FDCWD, "./372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5066] newfstatat(4, "", [pid 5062] rmdir("./370" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8831 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./371", 0777 [pid 5066] getdents64(4, [pid 5062] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8831 attached [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8831] set_robust_list(0x5555569076a0, 24 [pid 5062] <... openat resumed>) = 3 [pid 8831] <... set_robust_list resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8831] chdir("./376" [pid 8830] <... write resumed>) = 2097152 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8831] <... chdir resumed>) = 0 [pid 8830] munmap(0x7f670b400000, 138412032 [pid 8831] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] close(4 [pid 8831] <... prctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 8831] setpgid(0, 0) = 0 [pid 8831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8830] <... munmap resumed>) = 0 [pid 5066] rmdir("./372/file0" [pid 8831] <... openat resumed>) = 3 [pid 8831] write(3, "1000", 4) = 4 [pid 8830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8831] close(3 [pid 5066] <... rmdir resumed>) = 0 [pid 8831] <... close resumed>) = 0 [pid 8831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 8831] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] rmdir("./372") = 0 [pid 5066] mkdir("./373", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8831] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8830] <... openat resumed>) = 4 [pid 8831] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8830] ioctl(4, LOOP_SET_FD, 3 [pid 8831] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8830] <... ioctl resumed>) = 0 [pid 8831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8831] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8832]}, 88) = 8832 [pid 8831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8830] close(3 [pid 5065] <... ioctl resumed>) = 0 [pid 8831] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8830] <... close resumed>) = 0 [pid 5065] close(3 [pid 8831] <... futex resumed>) = 0 [pid 8830] close(4./strace-static-x86_64: Process 8832 attached [pid 8831] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8830] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 8832] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8830] mkdir("./file0", 0777 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8832] <... rseq resumed>) = 0 [pid 8832] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8832] memfd_create("syzkaller", 0 [pid 8830] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8833 attached [pid 8830] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8833 [pid 8833] set_robust_list(0x5555569076a0, 24) = 0 [pid 8833] chdir("./374") = 0 [pid 8832] <... memfd_create resumed>) = 3 [pid 8833] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8833] <... prctl resumed>) = 0 [pid 8832] <... mmap resumed>) = 0x7f670b400000 [ 309.159020][ T8830] loop1: detected capacity change from 0 to 4096 [pid 8833] setpgid(0, 0) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8830] <... mount resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8833] <... openat resumed>) = 3 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8834 ./strace-static-x86_64: Process 8834 attached [pid 8830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8834] set_robust_list(0x5555569076a0, 24 [pid 8833] write(3, "1000", 4 [pid 8830] <... openat resumed>) = 3 [pid 8834] <... set_robust_list resumed>) = 0 [pid 8833] <... write resumed>) = 4 [pid 8830] chdir("./file0" [pid 8834] chdir("./371" [pid 8833] close(3 [pid 8830] <... chdir resumed>) = 0 [pid 8833] <... close resumed>) = 0 [pid 8830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8834] <... chdir resumed>) = 0 [pid 8833] symlink("/dev/binderfs", "./binderfs" [pid 8834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8830] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8834] <... prctl resumed>) = 0 [pid 8834] setpgid(0, 0 [pid 8830] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8834] <... setpgid resumed>) = 0 [pid 8833] <... symlink resumed>) = 0 [pid 8830] <... futex resumed>) = 1 [pid 8833] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8830] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8829] <... futex resumed>) = 0 [pid 8834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8833] <... futex resumed>) = 0 [pid 8833] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8829] exit_group(0) = ? [pid 8834] <... openat resumed>) = 3 [pid 8833] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8830] <... futex resumed>) = ? [pid 8833] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8834] write(3, "1000", 4 [pid 8833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8834] <... write resumed>) = 4 [pid 8833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8834] close(3) = 0 [pid 8833] <... mmap resumed>) = 0x7f6713892000 [pid 8830] +++ exited with 0 +++ [pid 8829] +++ exited with 0 +++ [pid 8834] symlink("/dev/binderfs", "./binderfs" [pid 8833] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8829, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8834] <... symlink resumed>) = 0 [pid 8833] <... mprotect resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 8833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8835 attached [pid 8834] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8835] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8834] <... futex resumed>) = 0 [pid 8833] <... clone3 resumed> => {parent_tid=[8835]}, 88) = 8835 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8834] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8833] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8834] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] newfstatat(3, "", [pid 8834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8833] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(3, [pid 8835] <... rseq resumed>) = 0 [pid 8834] <... mmap resumed>) = 0x7f6713892000 [pid 8833] <... futex resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] close(3 [pid 5063] umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8835] set_robust_list(0x7f67138b29a0, 24 [pid 8834] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8833] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] newfstatat(AT_FDCWD, "./378/binderfs", [pid 8835] <... set_robust_list resumed>) = 0 [pid 8834] <... mprotect resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8836 attached [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8836 [pid 5063] unlink("./378/binderfs") = 0 [pid 5063] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8835] memfd_create("syzkaller", 0 [pid 8836] set_robust_list(0x5555569076a0, 24 [pid 8834] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8836] <... set_robust_list resumed>) = 0 [pid 8836] chdir("./373" [pid 8834] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8836] <... chdir resumed>) = 0 [pid 8836] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8836] <... prctl resumed>) = 0 [pid 8836] setpgid(0, 0 [pid 8835] <... memfd_create resumed>) = 3 [pid 8834] <... clone3 resumed> => {parent_tid=[8837]}, 88) = 8837 ./strace-static-x86_64: Process 8837 attached [pid 8836] <... setpgid resumed>) = 0 [pid 8835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8832] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8834] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... umount2 resumed>) = 0 [pid 8836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8835] <... mmap resumed>) = 0x7f670b400000 [pid 8834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8837] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8836] <... openat resumed>) = 3 [pid 5063] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8836] write(3, "1000", 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8836] <... write resumed>) = 4 [pid 5063] newfstatat(AT_FDCWD, "./378/file0", [pid 8836] close(3) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8836] symlink("/dev/binderfs", "./binderfs" [pid 5063] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8836] <... symlink resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8837] <... rseq resumed>) = 0 [pid 8836] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8834] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8837] set_robust_list(0x7f67138b29a0, 24 [pid 8834] <... futex resumed>) = 0 [pid 8837] <... set_robust_list resumed>) = 0 [pid 8836] <... futex resumed>) = 0 [pid 8834] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... openat resumed>) = 4 [pid 8837] rt_sigprocmask(SIG_SETMASK, [], [pid 8836] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5063] newfstatat(4, "", [pid 8837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] getdents64(4, [pid 8837] memfd_create("syzkaller", 0 [pid 8836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8837] <... memfd_create resumed>) = 3 [pid 8836] <... mmap resumed>) = 0x7f6713892000 [pid 5063] close(4) = 0 [pid 8837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8836] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] rmdir("./378/file0" [pid 8836] <... mprotect resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8836] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] getdents64(3, [pid 8836] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] close(3./strace-static-x86_64: Process 8838 attached [pid 8836] <... clone3 resumed> => {parent_tid=[8838]}, 88) = 8838 [pid 8838] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] <... close resumed>) = 0 [pid 8838] <... rseq resumed>) = 0 [pid 8836] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] rmdir("./378" [pid 8838] set_robust_list(0x7f67138b29a0, 24 [pid 8836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8838] <... set_robust_list resumed>) = 0 [pid 8836] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... rmdir resumed>) = 0 [pid 8838] rt_sigprocmask(SIG_SETMASK, [], [pid 8836] <... futex resumed>) = 0 [pid 8838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8836] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] mkdir("./379", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8838] memfd_create("syzkaller", 0) = 3 [pid 8838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8835] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8832] <... write resumed>) = 2097152 [pid 8838] <... mmap resumed>) = 0x7f670b400000 [pid 8832] munmap(0x7f670b400000, 138412032) = 0 [pid 8832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8837] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8832] <... openat resumed>) = 4 [pid 8832] ioctl(4, LOOP_SET_FD, 3 [pid 8838] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8835] <... write resumed>) = 2097152 [pid 8832] <... ioctl resumed>) = 0 [pid 8832] close(3) = 0 [pid 8832] close(4) = 0 [pid 8832] mkdir("./file0", 0777 [pid 8835] munmap(0x7f670b400000, 138412032 [pid 8832] <... mkdir resumed>) = 0 [pid 8835] <... munmap resumed>) = 0 [pid 8832] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8837] <... write resumed>) = 2097152 [pid 8835] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8837] munmap(0x7f670b400000, 138412032 [pid 8835] <... openat resumed>) = 4 [ 309.401271][ T8832] loop2: detected capacity change from 0 to 4096 [pid 5063] <... ioctl resumed>) = 0 [pid 8835] ioctl(4, LOOP_SET_FD, 3 [pid 5063] close(3 [pid 8837] <... munmap resumed>) = 0 [pid 8832] <... mount resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8838] <... write resumed>) = 2097152 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8837] ioctl(4, LOOP_SET_FD, 3 [pid 8832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8838] munmap(0x7f670b400000, 138412032 [pid 8832] <... openat resumed>) = 3 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8839 [pid 8838] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 8839 attached [pid 8832] chdir("./file0" [pid 8839] set_robust_list(0x5555569076a0, 24 [pid 8832] <... chdir resumed>) = 0 [pid 8839] <... set_robust_list resumed>) = 0 [pid 8832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8839] chdir("./379" [pid 8835] <... ioctl resumed>) = 0 [pid 8832] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8832] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8831] <... futex resumed>) = 0 [pid 8835] close(3 [pid 8832] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8839] <... chdir resumed>) = 0 [pid 8835] <... close resumed>) = 0 [pid 8831] exit_group(0 [pid 8838] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8835] close(4 [pid 8832] <... futex resumed>) = ? [pid 8831] <... exit_group resumed>) = ? [pid 8839] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8838] <... openat resumed>) = 4 [pid 8835] <... close resumed>) = 0 [pid 8839] <... prctl resumed>) = 0 [pid 8838] ioctl(4, LOOP_SET_FD, 3 [pid 8835] mkdir("./file0", 0777 [pid 8832] +++ exited with 0 +++ [pid 8839] setpgid(0, 0 [pid 8831] +++ exited with 0 +++ [pid 8839] <... setpgid resumed>) = 0 [pid 8837] <... ioctl resumed>) = 0 [pid 8835] <... mkdir resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8831, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 8837] close(3 [pid 8835] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8837] <... close resumed>) = 0 [pid 8839] write(3, "1000", 4) = 4 [pid 8839] close(3 [pid 8837] close(4 [pid 5064] umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8839] <... close resumed>) = 0 [pid 8837] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8837] mkdir("./file0", 0777 [pid 5064] openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8839] symlink("/dev/binderfs", "./binderfs" [pid 8837] <... mkdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8839] <... symlink resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 8837] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8839] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8839] <... futex resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./376/binderfs", [pid 8839] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 309.461109][ T8835] loop3: detected capacity change from 0 to 4096 [ 309.480260][ T8837] loop0: detected capacity change from 0 to 4096 [ 309.503093][ T8838] loop4: detected capacity change from 0 to 4096 [pid 8839] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8838] <... ioctl resumed>) = 0 [pid 5064] unlink("./376/binderfs" [pid 8839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8838] close(3 [pid 5064] <... unlink resumed>) = 0 [pid 8839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8838] <... close resumed>) = 0 [pid 5064] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8838] close(4 [pid 8839] <... mmap resumed>) = 0x7f6713892000 [pid 8838] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8838] mkdir("./file0", 0777 [pid 5064] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8838] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8839] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8838] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8837] <... mount resumed>) = 0 [pid 8835] <... mount resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./376/file0", [pid 8839] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8839] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8837] <... openat resumed>) = 3 [pid 8835] <... openat resumed>) = 3 [pid 5064] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8839] <... clone3 resumed> => {parent_tid=[8840]}, 88) = 8840 [pid 8839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8839] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8840 attached [pid 8839] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8837] chdir("./file0" [pid 8835] chdir("./file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8840] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8837] <... chdir resumed>) = 0 [pid 8835] <... chdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8840] <... rseq resumed>) = 0 [pid 8837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8835] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... openat resumed>) = 4 [pid 8840] set_robust_list(0x7f67138b29a0, 24 [pid 8837] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8835] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] newfstatat(4, "", [pid 8840] <... set_robust_list resumed>) = 0 [pid 8837] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8835] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8840] rt_sigprocmask(SIG_SETMASK, [], [pid 8837] <... futex resumed>) = 1 [pid 8835] <... futex resumed>) = 1 [pid 8833] <... futex resumed>) = 0 [pid 8834] <... futex resumed>) = 0 [pid 5064] getdents64(4, [pid 8840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8837] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8835] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8834] exit_group(0 [pid 8833] exit_group(0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8840] memfd_create("syzkaller", 0 [pid 8837] <... futex resumed>) = ? [pid 8835] <... futex resumed>) = ? [pid 8834] <... exit_group resumed>) = ? [pid 8833] <... exit_group resumed>) = ? [pid 5064] getdents64(4, [pid 8840] <... memfd_create resumed>) = 3 [pid 8837] +++ exited with 0 +++ [pid 8835] +++ exited with 0 +++ [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] close(4 [pid 8840] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... close resumed>) = 0 [pid 8834] +++ exited with 0 +++ [pid 8833] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8833, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5064] rmdir("./376/file0" [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8834, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... close resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5064] rmdir("./376" [pid 5062] newfstatat(3, "", [pid 5065] newfstatat(3, "", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, [pid 5065] getdents64(3, [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8840] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] mkdir("./377", 0777 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... mkdir resumed>) = 0 [pid 8838] <... mount resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] newfstatat(AT_FDCWD, "./371/binderfs", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./374/binderfs", [pid 5064] <... openat resumed>) = 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] unlink("./374/binderfs" [pid 5062] unlink("./371/binderfs" [pid 8838] <... openat resumed>) = 3 [pid 8838] chdir("./file0" [pid 5062] <... unlink resumed>) = 0 [pid 8838] <... chdir resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5062] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8838] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8838] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8836] <... futex resumed>) = 0 [pid 8836] exit_group(0) = ? [pid 8838] <... futex resumed>) = ? [pid 5065] <... umount2 resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8838] +++ exited with 0 +++ [pid 8836] +++ exited with 0 +++ [pid 5065] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8836, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5062] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./371/file0", [pid 5065] newfstatat(AT_FDCWD, "./374/file0", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", [pid 5065] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] getdents64(4, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 4 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(4, "", [pid 5066] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 5065] getdents64(4, [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] newfstatat(3, "", [pid 5062] close(4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... close resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] rmdir("./371/file0") = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, [pid 5066] umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(4 [pid 5066] newfstatat(AT_FDCWD, "./373/binderfs", [pid 5065] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] rmdir("./374/file0" [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 5065] <... rmdir resumed>) = 0 [pid 8840] <... write resumed>) = 2097152 [pid 5066] unlink("./373/binderfs" [pid 5062] <... close resumed>) = 0 [pid 5065] getdents64(3, [pid 5062] rmdir("./371" [pid 8840] munmap(0x7f670b400000, 138412032 [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./372", 0777 [pid 8840] <... munmap resumed>) = 0 [pid 5066] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(3 [pid 8840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5062] <... mkdir resumed>) = 0 [pid 8840] ioctl(4, LOOP_SET_FD, 3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8840] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 8840] close(3) = 0 [pid 5066] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./374" [pid 5064] <... ioctl resumed>) = 0 [pid 8840] close(4) = 0 [pid 8840] mkdir("./file0", 0777) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... rmdir resumed>) = 0 [pid 5064] close(3 [pid 8840] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] newfstatat(AT_FDCWD, "./373/file0", [pid 5065] mkdir("./375", 0777 [pid 5064] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8841 attached [pid 5066] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5065] <... openat resumed>) = 3 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8841 [pid 8841] set_robust_list(0x5555569076a0, 24 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8841] <... set_robust_list resumed>) = 0 [pid 5066] getdents64(4, [pid 8841] chdir("./377" [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./373/file0") = 0 [pid 8841] <... chdir resumed>) = 0 [ 309.723238][ T8840] loop1: detected capacity change from 0 to 4096 [pid 8841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8841] setpgid(0, 0 [pid 5066] getdents64(3, [pid 8841] <... setpgid resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] close(3 [pid 8841] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 8841] write(3, "1000", 4 [pid 5066] rmdir("./373" [pid 8841] <... write resumed>) = 4 [pid 8841] close(3 [pid 5066] <... rmdir resumed>) = 0 [pid 8841] <... close resumed>) = 0 [pid 8841] symlink("/dev/binderfs", "./binderfs" [pid 5066] mkdir("./374", 0777 [pid 8841] <... symlink resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8840] <... mount resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 8841] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] close(3 [pid 8840] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] <... close resumed>) = 0 [pid 8840] chdir("./file0" [pid 8841] <... futex resumed>) = 0 [pid 8840] <... chdir resumed>) = 0 [pid 8841] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... openat resumed>) = 3 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8841] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8840] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8842 ./strace-static-x86_64: Process 8842 attached [pid 8842] set_robust_list(0x5555569076a0, 24) = 0 [pid 8842] chdir("./372") = 0 [pid 8842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8842] setpgid(0, 0) = 0 [pid 8841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8840] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8840] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8841] <... mmap resumed>) = 0x7f6713892000 [pid 8841] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8841] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8842] <... openat resumed>) = 3 [pid 8841] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8839] <... futex resumed>) = 0 [pid 8841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8839] exit_group(0./strace-static-x86_64: Process 8843 attached [pid 8842] write(3, "1000", 4 [pid 8840] <... futex resumed>) = ? [pid 8839] <... exit_group resumed>) = ? [pid 5065] <... ioctl resumed>) = 0 [pid 8843] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8840] +++ exited with 0 +++ [pid 8839] +++ exited with 0 +++ [pid 5065] close(3 [pid 8843] <... rseq resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8839, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=1 /* 0.01 s */} --- [pid 8843] set_robust_list(0x7f67138b29a0, 24 [pid 8842] <... write resumed>) = 4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8843] <... set_robust_list resumed>) = 0 [pid 8842] close(3 [pid 8841] <... clone3 resumed> => {parent_tid=[8843]}, 88) = 8843 [pid 8843] rt_sigprocmask(SIG_SETMASK, [], [pid 8842] <... close resumed>) = 0 [pid 8841] rt_sigprocmask(SIG_SETMASK, [], [pid 8843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8842] symlink("/dev/binderfs", "./binderfs" [pid 5063] umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8843] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8842] <... symlink resumed>) = 0 [pid 8841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8844 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8844 attached [pid 8842] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8841] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8844] set_robust_list(0x5555569076a0, 24 [pid 8843] <... futex resumed>) = 0 [pid 8842] <... futex resumed>) = 0 [pid 8841] <... futex resumed>) = 1 [pid 5063] <... openat resumed>) = 3 [pid 8844] <... set_robust_list resumed>) = 0 [pid 8843] memfd_create("syzkaller", 0 [pid 8844] chdir("./375" [pid 8843] <... memfd_create resumed>) = 3 [pid 8842] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8841] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] newfstatat(3, "", [pid 8844] <... chdir resumed>) = 0 [pid 8843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8843] <... mmap resumed>) = 0x7f670b400000 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8844] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8842] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8844] <... prctl resumed>) = 0 [pid 8842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] newfstatat(AT_FDCWD, "./379/binderfs", [pid 8844] setpgid(0, 0 [pid 8842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8844] <... setpgid resumed>) = 0 [pid 8842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5063] unlink("./379/binderfs" [pid 8844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8842] <... mmap resumed>) = 0x7f6713892000 [pid 5066] close(3 [pid 8844] <... openat resumed>) = 3 [pid 8842] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... close resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8844] write(3, "1000", 4 [pid 8842] <... mprotect resumed>) = 0 [pid 8844] <... write resumed>) = 4 [pid 5063] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8844] close(3 [pid 8842] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8844] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8844] symlink("/dev/binderfs", "./binderfs" [pid 8842] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8844] <... symlink resumed>) = 0 [pid 8842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8842] <... clone3 resumed> => {parent_tid=[8845]}, 88) = 8845 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8846 attached [pid 8842] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] newfstatat(AT_FDCWD, "./379/file0", [pid 8846] set_robust_list(0x5555569076a0, 24 [pid 8844] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8846 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8845 attached [pid 8846] <... set_robust_list resumed>) = 0 [pid 8844] <... futex resumed>) = 0 [pid 8842] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8846] chdir("./374" [pid 8845] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8844] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8842] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8846] <... chdir resumed>) = 0 [pid 8845] <... rseq resumed>) = 0 [pid 8844] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8842] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] openat(AT_FDCWD, "./379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8846] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8845] set_robust_list(0x7f67138b29a0, 24 [pid 8844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8843] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8846] <... prctl resumed>) = 0 [pid 8845] <... set_robust_list resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 8845] rt_sigprocmask(SIG_SETMASK, [], [pid 8844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] newfstatat(4, "", [pid 8846] setpgid(0, 0 [pid 8844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8846] <... setpgid resumed>) = 0 [pid 8844] <... mmap resumed>) = 0x7f6713892000 [pid 5063] getdents64(4, [pid 8846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8846] write(3, "1000", 4 [pid 8845] memfd_create("syzkaller", 0 [pid 8846] <... write resumed>) = 4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8846] close(3 [pid 8844] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] getdents64(4, [pid 8846] <... close resumed>) = 0 [pid 8844] <... mprotect resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./379/file0" [pid 8846] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8844] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8846] <... futex resumed>) = 0 [pid 8846] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5063] <... rmdir resumed>) = 0 [pid 8845] <... memfd_create resumed>) = 3 [pid 8844] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] getdents64(3, [pid 8846] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8846] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8845] <... mmap resumed>) = 0x7f670b400000 [pid 8844] <... clone3 resumed> => {parent_tid=[8847]}, 88) = 8847 [pid 5063] close(3./strace-static-x86_64: Process 8847 attached [pid 8846] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8844] rt_sigprocmask(SIG_SETMASK, [], [pid 8847] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./379" [pid 8844] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8847] <... rseq resumed>) = 0 [pid 8847] set_robust_list(0x7f67138b29a0, 24 [pid 8844] <... futex resumed>) = 0 [pid 8846] <... clone3 resumed> => {parent_tid=[8848]}, 88) = 8848 [pid 8846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8846] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8846] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8848 attached [pid 8848] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8848] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8848] memfd_create("syzkaller", 0 [pid 8847] <... set_robust_list resumed>) = 0 [pid 8844] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... rmdir resumed>) = 0 [pid 8847] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] mkdir("./380", 0777 [pid 8847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8848] <... memfd_create resumed>) = 3 [pid 8848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8847] memfd_create("syzkaller", 0 [pid 8843] <... write resumed>) = 2097152 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8848] <... mmap resumed>) = 0x7f670b400000 [pid 8843] munmap(0x7f670b400000, 138412032 [pid 5063] <... openat resumed>) = 3 [pid 8847] <... memfd_create resumed>) = 3 [pid 8843] <... munmap resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8843] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8845] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8843] <... openat resumed>) = 4 [pid 8843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8843] close(3) = 0 [pid 8843] close(4) = 0 [pid 8843] mkdir("./file0", 0777) = 0 [pid 8848] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8847] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8845] <... write resumed>) = 2097152 [pid 8843] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5063] <... ioctl resumed>) = 0 [ 309.989914][ T8843] loop2: detected capacity change from 0 to 4096 [pid 8845] munmap(0x7f670b400000, 138412032 [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8845] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 8849 attached [pid 8845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8849 [pid 8849] set_robust_list(0x5555569076a0, 24 [pid 8845] <... openat resumed>) = 4 [pid 8849] <... set_robust_list resumed>) = 0 [pid 8849] chdir("./380" [pid 8845] ioctl(4, LOOP_SET_FD, 3 [pid 8849] <... chdir resumed>) = 0 [pid 8849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8849] setpgid(0, 0) = 0 [pid 8849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8849] write(3, "1000", 4 [pid 8845] <... ioctl resumed>) = 0 [pid 8849] <... write resumed>) = 4 [pid 8845] close(3 [pid 8849] close(3 [pid 8845] <... close resumed>) = 0 [pid 8849] <... close resumed>) = 0 [pid 8845] close(4 [pid 8849] symlink("/dev/binderfs", "./binderfs" [pid 8848] <... write resumed>) = 2097152 [pid 8845] <... close resumed>) = 0 [pid 8849] <... symlink resumed>) = 0 [pid 8848] munmap(0x7f670b400000, 138412032 [pid 8845] mkdir("./file0", 0777 [pid 8843] <... mount resumed>) = 0 [pid 8845] <... mkdir resumed>) = 0 [pid 8847] <... write resumed>) = 2097152 [pid 8843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8849] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8845] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8849] <... futex resumed>) = 0 [pid 8849] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8843] <... openat resumed>) = 3 [pid 8849] <... mmap resumed>) = 0x7f6713892000 [pid 8849] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8843] chdir("./file0" [pid 8849] <... mprotect resumed>) = 0 [pid 8847] munmap(0x7f670b400000, 138412032 [pid 8843] <... chdir resumed>) = 0 [pid 8849] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8843] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8849] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8843] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [ 310.071411][ T8845] loop0: detected capacity change from 0 to 4096 [pid 8843] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8841] <... futex resumed>) = 0 [pid 8849] <... clone3 resumed> => {parent_tid=[8850]}, 88) = 8850 [pid 8848] <... munmap resumed>) = 0 [pid 8843] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8841] exit_group(0./strace-static-x86_64: Process 8850 attached [pid 8849] rt_sigprocmask(SIG_SETMASK, [], [pid 8848] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8843] <... futex resumed>) = ? [pid 8841] <... exit_group resumed>) = ? [pid 8850] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8848] <... openat resumed>) = 4 [pid 8847] <... munmap resumed>) = 0 [pid 8843] +++ exited with 0 +++ [pid 8841] +++ exited with 0 +++ [pid 8850] <... rseq resumed>) = 0 [pid 8849] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8848] ioctl(4, LOOP_SET_FD, 3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8841, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 8850] set_robust_list(0x7f67138b29a0, 24 [pid 8849] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8847] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8850] <... set_robust_list resumed>) = 0 [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 8847] <... openat resumed>) = 4 [pid 8850] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... restart_syscall resumed>) = 0 [pid 8847] ioctl(4, LOOP_SET_FD, 3 [pid 8850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./377/binderfs") = 0 [pid 5064] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8850] memfd_create("syzkaller", 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8850] <... memfd_create resumed>) = 3 [pid 8848] <... ioctl resumed>) = 0 [pid 8848] close(3) = 0 [pid 8848] close(4) = 0 [pid 8848] mkdir("./file0", 0777 [pid 5064] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8848] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./377/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8848] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... openat resumed>) = 4 [pid 8850] <... mmap resumed>) = 0x7f670b400000 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 8847] <... ioctl resumed>) = 0 [pid 8847] close(3 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8847] <... close resumed>) = 0 [pid 8847] close(4) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8847] mkdir("./file0", 0777 [pid 5064] close(4 [pid 8847] <... mkdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [ 310.146016][ T8848] loop4: detected capacity change from 0 to 4096 [ 310.157019][ T8847] loop3: detected capacity change from 0 to 4096 [pid 8847] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8845] <... mount resumed>) = 0 [pid 5064] rmdir("./377/file0") = 0 [pid 5064] getdents64(3, [pid 8845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 8845] chdir("./file0" [pid 5064] rmdir("./377" [pid 8845] <... chdir resumed>) = 0 [pid 8845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8845] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8845] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8842] <... futex resumed>) = 0 [pid 8842] exit_group(0 [pid 8845] <... futex resumed>) = ? [pid 8842] <... exit_group resumed>) = ? [pid 8845] +++ exited with 0 +++ [pid 8842] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8842, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5062] umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] mkdir("./378", 0777 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./372/binderfs") = 0 [pid 5062] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 8848] <... mount resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8848] chdir("./file0") = 0 [pid 8848] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8850] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... umount2 resumed>) = 0 [pid 8848] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8848] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8847] <... mount resumed>) = 0 [pid 8846] <... futex resumed>) = 0 [pid 8846] exit_group(0 [pid 8848] <... futex resumed>) = ? [pid 8846] <... exit_group resumed>) = ? [pid 5062] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8848] +++ exited with 0 +++ [pid 8847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8847] <... openat resumed>) = 3 [pid 5062] newfstatat(AT_FDCWD, "./372/file0", [pid 8847] chdir("./file0" [pid 8846] +++ exited with 0 +++ [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8847] <... chdir resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8846, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5066] umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", [pid 8847] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8847] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] getdents64(3, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "./372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... openat resumed>) = 4 [pid 8847] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(AT_FDCWD, "./374/binderfs", [pid 5062] newfstatat(4, "", [pid 8847] <... futex resumed>) = 1 [pid 8844] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8847] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8844] exit_group(0 [pid 5066] unlink("./374/binderfs" [pid 5062] getdents64(4, [pid 8847] <... futex resumed>) = ? [pid 8844] <... exit_group resumed>) = ? [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8847] +++ exited with 0 +++ [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./372/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./372") = 0 [pid 8844] +++ exited with 0 +++ [pid 5066] <... unlink resumed>) = 0 [pid 5062] mkdir("./373", 0777 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8844, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5065] umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] <... mkdir resumed>) = 0 [pid 5066] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] <... openat resumed>) = 3 [pid 5065] newfstatat(AT_FDCWD, "./375/binderfs", [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./375/binderfs") = 0 [pid 5065] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 5065] newfstatat(AT_FDCWD, "./375/file0", [pid 5064] <... close resumed>) = 0 [pid 8850] <... write resumed>) = 2097152 [pid 5066] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8850] munmap(0x7f670b400000, 138412032./strace-static-x86_64: Process 8851 attached [pid 5066] newfstatat(AT_FDCWD, "./374/file0", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] openat(AT_FDCWD, "./375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8851 [pid 8851] set_robust_list(0x5555569076a0, 24 [pid 5065] <... openat resumed>) = 4 [pid 5066] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(4, "", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] openat(AT_FDCWD, "./374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] getdents64(4, [pid 8851] <... set_robust_list resumed>) = 0 [pid 8851] chdir("./378" [pid 5066] <... openat resumed>) = 4 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] newfstatat(4, "", [pid 8851] <... chdir resumed>) = 0 [pid 8850] <... munmap resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 8851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8850] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] getdents64(4, [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8851] setpgid(0, 0 [pid 8850] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] close(4 [pid 8851] <... setpgid resumed>) = 0 [pid 8850] ioctl(4, LOOP_SET_FD, 3 [pid 5066] getdents64(4, [pid 5065] <... close resumed>) = 0 [pid 8851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] rmdir("./375/file0" [pid 8851] <... openat resumed>) = 3 [pid 5066] close(4 [pid 5065] <... rmdir resumed>) = 0 [pid 8851] write(3, "1000", 4) = 4 [pid 8851] close(3 [pid 8850] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] getdents64(3, [pid 5062] <... ioctl resumed>) = 0 [pid 8851] <... close resumed>) = 0 [pid 8850] close(3 [pid 5066] rmdir("./374/file0" [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 8851] symlink("/dev/binderfs", "./binderfs" [pid 8850] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5062] close(3 [pid 8851] <... symlink resumed>) = 0 [pid 8850] close(4 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] rmdir("./375" [pid 5062] <... close resumed>) = 0 [pid 8851] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8850] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8851] <... futex resumed>) = 0 [pid 8850] mkdir("./file0", 0777 [pid 5066] getdents64(3, [pid 5065] mkdir("./376", 0777 [pid 8851] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8850] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8851] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8852 attached [pid 8851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] close(3 [pid 8851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... close resumed>) = 0 [pid 8851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] rmdir("./374" [pid 8851] <... mmap resumed>) = 0x7f6713892000 [pid 8850] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8852 [pid 8851] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8851] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] mkdir("./375", 0777 [pid 8852] set_robust_list(0x5555569076a0, 24 [pid 8851] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8852] <... set_robust_list resumed>) = 0 [pid 8851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... openat resumed>) = 3 [pid 8852] chdir("./373" [pid 8850] <... mount resumed>) = 0 ./strace-static-x86_64: Process 8853 attached [pid 8852] <... chdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8852] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8853] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8852] <... prctl resumed>) = 0 [pid 8851] <... clone3 resumed> => {parent_tid=[8853]}, 88) = 8853 [pid 8850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 8852] setpgid(0, 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8852] <... setpgid resumed>) = 0 [pid 8853] <... rseq resumed>) = 0 [pid 8852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8851] rt_sigprocmask(SIG_SETMASK, [], [pid 8850] <... openat resumed>) = 3 [pid 8853] set_robust_list(0x7f67138b29a0, 24 [pid 8851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8850] chdir("./file0" [pid 8853] <... set_robust_list resumed>) = 0 [pid 8852] <... openat resumed>) = 3 [pid 8851] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8853] rt_sigprocmask(SIG_SETMASK, [], [pid 8852] write(3, "1000", 4 [pid 8851] <... futex resumed>) = 0 [pid 8850] <... chdir resumed>) = 0 [pid 8853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8852] <... write resumed>) = 4 [pid 8851] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8850] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8853] memfd_create("syzkaller", 0 [ 310.376530][ T8850] loop1: detected capacity change from 0 to 4096 [pid 8852] close(3) = 0 [pid 8850] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8853] <... memfd_create resumed>) = 3 [pid 8852] symlink("/dev/binderfs", "./binderfs" [pid 8850] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8852] <... symlink resumed>) = 0 [pid 8850] <... futex resumed>) = 1 [pid 8849] <... futex resumed>) = 0 [pid 8853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8852] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8849] exit_group(0 [pid 8853] <... mmap resumed>) = 0x7f670b400000 [pid 8852] <... futex resumed>) = 0 [pid 8849] <... exit_group resumed>) = ? [pid 8852] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8850] +++ exited with 0 +++ [pid 8852] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8852] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8852] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8849] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8849, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=8 /* 0.08 s */} --- [pid 8852] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8853] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8854 attached [pid 5063] umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8854] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8852] <... clone3 resumed> => {parent_tid=[8854]}, 88) = 8854 [pid 8854] <... rseq resumed>) = 0 [pid 8852] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8854] set_robust_list(0x7f67138b29a0, 24 [pid 5063] newfstatat(AT_FDCWD, "./380/binderfs", [pid 8854] <... set_robust_list resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8854] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] unlink("./380/binderfs" [pid 8854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8854] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8852] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8854] <... futex resumed>) = 0 [pid 8852] <... futex resumed>) = 1 [pid 5063] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8852] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8854] memfd_create("syzkaller", 0 [pid 5063] newfstatat(AT_FDCWD, "./380/file0", [pid 8854] <... memfd_create resumed>) = 3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... ioctl resumed>) = 0 [pid 8853] <... write resumed>) = 2097152 [pid 5065] close(3 [pid 5063] openat(AT_FDCWD, "./380/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8855 ./strace-static-x86_64: Process 8855 attached [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 8855] set_robust_list(0x5555569076a0, 24) = 0 [pid 8855] chdir("./376") = 0 [pid 8855] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8855] <... prctl resumed>) = 0 [pid 5063] close(4) = 0 [pid 8855] setpgid(0, 0) = 0 [pid 8855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8854] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8853] munmap(0x7f670b400000, 138412032 [pid 5066] close(3 [pid 5063] rmdir("./380/file0" [pid 5066] <... close resumed>) = 0 [pid 8855] <... openat resumed>) = 3 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] getdents64(3, [pid 8855] write(3, "1000", 4) = 4 [pid 8855] close(3) = 0 [pid 8855] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 8856 attached ) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8856] set_robust_list(0x5555569076a0, 24 [pid 8855] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8856 [pid 5063] close(3 [pid 8856] <... set_robust_list resumed>) = 0 [pid 8855] <... futex resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8855] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] rmdir("./380" [pid 8856] chdir("./375" [pid 8855] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8853] <... munmap resumed>) = 0 [pid 8855] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8856] <... chdir resumed>) = 0 [pid 8855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8853] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] <... rmdir resumed>) = 0 [pid 8856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8853] <... openat resumed>) = 4 [pid 8856] <... prctl resumed>) = 0 [pid 8855] <... mmap resumed>) = 0x7f6713892000 [pid 5063] mkdir("./381", 0777 [pid 8855] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8853] ioctl(4, LOOP_SET_FD, 3 [pid 8855] <... mprotect resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8856] setpgid(0, 0 [pid 8855] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8856] <... setpgid resumed>) = 0 [pid 8855] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8856] <... openat resumed>) = 3 [pid 8856] write(3, "1000", 4 [pid 5063] <... openat resumed>) = 3 [pid 8856] <... write resumed>) = 4 [pid 8856] close(3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8856] <... close resumed>) = 0 [pid 8855] <... clone3 resumed> => {parent_tid=[8857]}, 88) = 8857 [pid 8856] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 8857 attached [pid 8855] rt_sigprocmask(SIG_SETMASK, [], [pid 8857] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8856] <... symlink resumed>) = 0 [pid 8857] <... rseq resumed>) = 0 [pid 8855] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8857] set_robust_list(0x7f67138b29a0, 24 [pid 8856] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8855] <... futex resumed>) = 0 [pid 8857] <... set_robust_list resumed>) = 0 [pid 8856] <... futex resumed>) = 0 [pid 8855] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8857] rt_sigprocmask(SIG_SETMASK, [], [pid 8856] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8856] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8857] memfd_create("syzkaller", 0 [pid 8856] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8857] <... memfd_create resumed>) = 3 [pid 8853] <... ioctl resumed>) = 0 [pid 8857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8854] <... write resumed>) = 2097152 [pid 8853] close(3 [pid 8857] <... mmap resumed>) = 0x7f670b400000 [pid 8856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8854] munmap(0x7f670b400000, 138412032 [pid 8853] <... close resumed>) = 0 [pid 8856] <... mmap resumed>) = 0x7f6713892000 [pid 8853] close(4 [pid 8856] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8856] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8853] <... close resumed>) = 0 [pid 8856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8853] mkdir("./file0", 0777 [pid 8856] <... clone3 resumed> => {parent_tid=[8858]}, 88) = 8858 [pid 8856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8854] <... munmap resumed>) = 0 [pid 8856] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8856] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 310.563989][ T8853] loop2: detected capacity change from 0 to 4096 [pid 8854] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 8858 attached ) = 4 [pid 8853] <... mkdir resumed>) = 0 [pid 8858] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8853] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8858] <... rseq resumed>) = 0 [pid 8858] set_robust_list(0x7f67138b29a0, 24 [pid 8854] ioctl(4, LOOP_SET_FD, 3 [pid 8858] <... set_robust_list resumed>) = 0 [pid 8858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8858] memfd_create("syzkaller", 0) = 3 [pid 8858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8858] <... mmap resumed>) = 0x7f670b400000 [pid 8854] <... ioctl resumed>) = 0 [pid 8854] close(3) = 0 [pid 8854] close(4) = 0 [pid 8854] mkdir("./file0", 0777) = 0 [pid 8854] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8859 attached , child_tidptr=0x555556907690) = 8859 [pid 8859] set_robust_list(0x5555569076a0, 24) = 0 [ 310.616150][ T8854] loop0: detected capacity change from 0 to 4096 [pid 8859] chdir("./381" [pid 8857] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8859] <... chdir resumed>) = 0 [pid 8859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8859] setpgid(0, 0) = 0 [pid 8859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8859] write(3, "1000", 4) = 4 [pid 8859] close(3) = 0 [pid 8859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8859] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8857] <... write resumed>) = 2097152 [pid 8859] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8859] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8859] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8858] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8859] <... mprotect resumed>) = 0 [pid 8859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8857] munmap(0x7f670b400000, 138412032 [pid 8859] <... clone3 resumed> => {parent_tid=[8860]}, 88) = 8860 ./strace-static-x86_64: Process 8860 attached [pid 8859] rt_sigprocmask(SIG_SETMASK, [], [pid 8860] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8860] <... rseq resumed>) = 0 [pid 8857] <... munmap resumed>) = 0 [pid 8859] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8859] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8860] set_robust_list(0x7f67138b29a0, 24 [pid 8853] <... mount resumed>) = 0 [pid 8860] <... set_robust_list resumed>) = 0 [pid 8860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8860] memfd_create("syzkaller", 0 [pid 8857] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8857] <... openat resumed>) = 4 [pid 8854] <... mount resumed>) = 0 [pid 8853] <... openat resumed>) = 3 [pid 8857] ioctl(4, LOOP_SET_FD, 3 [pid 8854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8853] chdir("./file0" [pid 8860] <... memfd_create resumed>) = 3 [pid 8857] <... ioctl resumed>) = 0 [pid 8854] <... openat resumed>) = 3 [pid 8853] <... chdir resumed>) = 0 [pid 8860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8854] chdir("./file0" [pid 8857] close(3 [pid 8853] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8854] <... chdir resumed>) = 0 [pid 8854] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8857] <... close resumed>) = 0 [pid 8854] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8853] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8857] close(4 [pid 8854] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8853] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8854] <... futex resumed>) = 1 [pid 8853] <... futex resumed>) = 1 [pid 8852] <... futex resumed>) = 0 [pid 8851] <... futex resumed>) = 0 [pid 8854] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8853] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8852] exit_group(0 [pid 8851] exit_group(0 [pid 8854] <... futex resumed>) = ? [pid 8853] <... futex resumed>) = ? [pid 8852] <... exit_group resumed>) = ? [pid 8851] <... exit_group resumed>) = ? [pid 8853] +++ exited with 0 +++ [pid 8851] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8851, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5064] umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8857] <... close resumed>) = 0 [pid 8854] +++ exited with 0 +++ [pid 8852] +++ exited with 0 +++ [pid 5064] openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8857] mkdir("./file0", 0777 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8852, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 8858] <... write resumed>) = 2097152 [pid 8857] <... mkdir resumed>) = 0 [pid 5062] umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(3, "", [pid 5062] openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... openat resumed>) = 3 [ 310.768866][ T8857] loop3: detected capacity change from 0 to 4096 [pid 8857] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5062] newfstatat(3, "", [pid 8860] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8858] munmap(0x7f670b400000, 138412032 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] getdents64(3, [pid 5064] newfstatat(AT_FDCWD, "./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8858] <... munmap resumed>) = 0 [pid 5064] unlink("./378/binderfs") = 0 [pid 5064] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./373/binderfs" [pid 5064] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./378/file0", [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8858] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8858] <... openat resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8858] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./378/file0") = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8858] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 8858] close(3 [pid 5064] <... close resumed>) = 0 [pid 5062] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8858] <... close resumed>) = 0 [pid 5064] rmdir("./378" [pid 8858] close(4 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8858] <... close resumed>) = 0 [pid 8858] mkdir("./file0", 0777 [pid 5064] mkdir("./379", 0777 [pid 8858] <... mkdir resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./373/file0", [pid 5064] <... mkdir resumed>) = 0 [pid 8858] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5062] umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8860] <... write resumed>) = 2097152 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8860] munmap(0x7f670b400000, 138412032) = 0 [pid 5062] openat(AT_FDCWD, "./373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [ 310.850988][ T8858] loop4: detected capacity change from 0 to 4096 [pid 8860] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8858] <... mount resumed>) = 0 [pid 8857] <... mount resumed>) = 0 [pid 5062] rmdir("./373/file0") = 0 [pid 8860] <... openat resumed>) = 4 [pid 8857] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8860] ioctl(4, LOOP_SET_FD, 3 [pid 8858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8857] <... openat resumed>) = 3 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./373") = 0 [pid 5062] mkdir("./374", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8860] <... ioctl resumed>) = 0 [pid 8858] <... openat resumed>) = 3 [pid 8857] chdir("./file0" [pid 8858] chdir("./file0" [pid 8860] close(3 [pid 8858] <... chdir resumed>) = 0 [pid 8857] <... chdir resumed>) = 0 [pid 8860] <... close resumed>) = 0 [pid 8858] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8857] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8860] close(4 [pid 8858] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8860] <... close resumed>) = 0 [pid 8857] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... ioctl resumed>) = 0 [pid 8860] mkdir("./file0", 0777 [pid 8858] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8857] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] close(3 [pid 8855] <... futex resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8860] <... mkdir resumed>) = 0 [pid 8858] <... futex resumed>) = 1 [pid 8857] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8855] exit_group(0 [pid 8860] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8858] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8857] <... futex resumed>) = ? [pid 8856] <... futex resumed>) = 0 [pid 8855] <... exit_group resumed>) = ? [pid 8856] exit_group(0./strace-static-x86_64: Process 8861 attached [pid 8857] +++ exited with 0 +++ [pid 8855] +++ exited with 0 +++ [pid 8856] <... exit_group resumed>) = ? [pid 8861] set_robust_list(0x5555569076a0, 24 [pid 8858] <... futex resumed>) = ? [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8855, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8861 [pid 8861] <... set_robust_list resumed>) = 0 [pid 8858] +++ exited with 0 +++ [pid 8861] chdir("./379" [pid 8856] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8856, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 310.938220][ T8860] loop1: detected capacity change from 0 to 4096 [pid 8861] <... chdir resumed>) = 0 [pid 8861] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8861] <... prctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8861] setpgid(0, 0 [pid 5066] openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8861] <... setpgid resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] newfstatat(3, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8861] <... openat resumed>) = 3 [pid 5066] getdents64(3, [pid 5065] <... openat resumed>) = 3 [pid 8861] write(3, "1000", 4) = 4 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8861] close(3 [pid 5066] umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8861] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8861] symlink("/dev/binderfs", "./binderfs" [pid 5066] newfstatat(AT_FDCWD, "./375/binderfs", [pid 8861] <... symlink resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(3, "", [pid 8861] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] unlink("./375/binderfs" [pid 8861] <... futex resumed>) = 0 [pid 8861] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8861] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 8861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5065] umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8861] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8861] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] newfstatat(AT_FDCWD, "./376/binderfs", [pid 8861] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5065] unlink("./376/binderfs" [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 8862 attached [pid 8861] <... clone3 resumed> => {parent_tid=[8862]}, 88) = 8862 [pid 5066] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8862] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8861] rt_sigprocmask(SIG_SETMASK, [], [pid 8862] <... rseq resumed>) = 0 [pid 8861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] close(3 [pid 8862] set_robust_list(0x7f67138b29a0, 24 [pid 8861] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(AT_FDCWD, "./375/file0", [pid 5065] <... umount2 resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8862] <... set_robust_list resumed>) = 0 [pid 8861] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8862] rt_sigprocmask(SIG_SETMASK, [], [pid 8861] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8862] memfd_create("syzkaller", 0 [pid 5066] openat(AT_FDCWD, "./375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8863 attached [pid 8862] <... memfd_create resumed>) = 3 [pid 5065] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8863] set_robust_list(0x5555569076a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8863 [pid 8862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] getdents64(4, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8863] <... set_robust_list resumed>) = 0 [pid 8862] <... mmap resumed>) = 0x7f670b400000 [pid 5066] getdents64(4, [pid 5065] newfstatat(AT_FDCWD, "./376/file0", [pid 8863] chdir("./374" [pid 8860] <... mount resumed>) = 0 [pid 8860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8863] <... chdir resumed>) = 0 [pid 8863] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8860] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8863] <... prctl resumed>) = 0 [pid 8860] chdir("./file0" [pid 8863] setpgid(0, 0 [pid 5066] close(4 [pid 5065] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8860] <... chdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] rmdir("./375/file0" [pid 5065] openat(AT_FDCWD, "./376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8863] <... setpgid resumed>) = 0 [pid 8860] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 8863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8860] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8863] <... openat resumed>) = 3 [pid 8860] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(4, [pid 5066] close(3 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 8860] <... futex resumed>) = 1 [pid 8863] write(3, "1000", 4 [pid 8860] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8859] <... futex resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8863] <... write resumed>) = 4 [pid 8859] exit_group(0 [pid 8863] close(3 [pid 8859] <... exit_group resumed>) = ? [pid 8863] <... close resumed>) = 0 [pid 8860] <... futex resumed>) = ? [pid 8863] symlink("/dev/binderfs", "./binderfs" [pid 8860] +++ exited with 0 +++ [pid 5066] rmdir("./375" [pid 5065] close(4 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5066] mkdir("./376", 0777 [pid 5065] rmdir("./376/file0" [pid 8863] <... symlink resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 8863] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8863] <... futex resumed>) = 0 [pid 8863] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] close(3 [pid 8863] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8863] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8862] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8859] +++ exited with 0 +++ [pid 5065] <... close resumed>) = 0 [pid 8863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] rmdir("./376" [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8859, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... rmdir resumed>) = 0 [pid 8863] <... mmap resumed>) = 0x7f6713892000 [pid 8863] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] mkdir("./377", 0777 [pid 8863] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... mkdir resumed>) = 0 [pid 8863] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8864 attached [pid 5063] umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8864] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8863] <... clone3 resumed> => {parent_tid=[8864]}, 88) = 8864 [pid 8864] <... rseq resumed>) = 0 [pid 8863] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8864] set_robust_list(0x7f67138b29a0, 24 [pid 8863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8864] <... set_robust_list resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8864] rt_sigprocmask(SIG_SETMASK, [], [pid 8863] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... openat resumed>) = 3 [pid 8864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8863] <... futex resumed>) = 0 [pid 5063] newfstatat(3, "", [pid 8864] memfd_create("syzkaller", 0 [pid 8863] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8864] <... memfd_create resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] unlink("./381/binderfs" [pid 8864] <... mmap resumed>) = 0x7f670b400000 [pid 8862] <... write resumed>) = 2097152 [pid 5063] <... unlink resumed>) = 0 [pid 8862] munmap(0x7f670b400000, 138412032) = 0 [pid 8862] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8862] <... openat resumed>) = 4 [pid 8862] ioctl(4, LOOP_SET_FD, 3 [pid 8864] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8862] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./381/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] close(3 [pid 5063] openat(AT_FDCWD, "./381/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8862] close(3 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8862] <... close resumed>) = 0 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4./strace-static-x86_64: Process 8865 attached ) = 0 [pid 5063] rmdir("./381/file0" [pid 8862] close(4 [pid 8865] set_robust_list(0x5555569076a0, 24 [pid 8862] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 8862] mkdir("./file0", 0777 [pid 8865] <... set_robust_list resumed>) = 0 [pid 8865] chdir("./377") = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8865 [pid 8865] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8862] <... mkdir resumed>) = 0 [pid 5063] getdents64(3, [pid 8865] <... prctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8865] setpgid(0, 0) = 0 [pid 5063] close(3 [pid 8865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... close resumed>) = 0 [pid 8865] <... openat resumed>) = 3 [pid 5063] rmdir("./381") = 0 [pid 8865] write(3, "1000", 4 [pid 8862] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8866 ./strace-static-x86_64: Process 8866 attached [pid 8865] <... write resumed>) = 4 [pid 8866] set_robust_list(0x5555569076a0, 24 [pid 8865] close(3 [pid 5063] mkdir("./382", 0777 [pid 8866] <... set_robust_list resumed>) = 0 [pid 8865] <... close resumed>) = 0 [pid 8866] chdir("./376" [pid 8865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8866] <... chdir resumed>) = 0 [pid 8866] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8865] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8866] <... prctl resumed>) = 0 [pid 8865] <... futex resumed>) = 0 [pid 8866] setpgid(0, 0 [pid 8865] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8866] <... setpgid resumed>) = 0 [pid 8865] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8865] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... openat resumed>) = 3 [pid 8866] <... openat resumed>) = 3 [pid 8865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8866] write(3, "1000", 4 [pid 8865] <... mmap resumed>) = 0x7f6713892000 [pid 8866] <... write resumed>) = 4 [ 311.141213][ T8862] loop2: detected capacity change from 0 to 4096 [pid 8866] close(3 [pid 8865] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8866] <... close resumed>) = 0 [pid 8865] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8865] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8866] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8866] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8867 attached [pid 8866] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8865] <... clone3 resumed> => {parent_tid=[8867]}, 88) = 8867 [pid 8867] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8866] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8865] rt_sigprocmask(SIG_SETMASK, [], [pid 8867] <... rseq resumed>) = 0 [pid 8866] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8864] <... write resumed>) = 2097152 [pid 8862] <... mount resumed>) = 0 [pid 8867] set_robust_list(0x7f67138b29a0, 24 [pid 8866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8865] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8867] <... set_robust_list resumed>) = 0 [pid 8866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8865] <... futex resumed>) = 0 [pid 8867] rt_sigprocmask(SIG_SETMASK, [], [pid 8866] <... mmap resumed>) = 0x7f6713892000 [pid 8865] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8864] munmap(0x7f670b400000, 138412032 [pid 8867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8862] <... openat resumed>) = 3 [pid 8867] memfd_create("syzkaller", 0 [pid 8866] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8864] <... munmap resumed>) = 0 [pid 8862] chdir("./file0" [pid 5063] <... ioctl resumed>) = 0 [pid 8867] <... memfd_create resumed>) = 3 [pid 8866] <... mprotect resumed>) = 0 [pid 8864] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8862] <... chdir resumed>) = 0 [pid 8867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8866] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8864] <... openat resumed>) = 4 [pid 8862] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8867] <... mmap resumed>) = 0x7f670b400000 [pid 8866] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8864] ioctl(4, LOOP_SET_FD, 3 [pid 8862] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8862] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8861] <... futex resumed>) = 0 [pid 5063] close(3 [pid 8862] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8861] exit_group(0 [pid 5063] <... close resumed>) = 0 ./strace-static-x86_64: Process 8868 attached [pid 8866] <... clone3 resumed> => {parent_tid=[8868]}, 88) = 8868 [pid 8862] <... futex resumed>) = ? [pid 8861] <... exit_group resumed>) = ? [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8869 attached [pid 8868] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8866] rt_sigprocmask(SIG_SETMASK, [], [pid 8864] <... ioctl resumed>) = 0 [pid 8862] +++ exited with 0 +++ [pid 8861] +++ exited with 0 +++ [pid 8869] set_robust_list(0x5555569076a0, 24 [pid 8868] <... rseq resumed>) = 0 [pid 8867] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8864] close(3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8861, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8869 [pid 8869] <... set_robust_list resumed>) = 0 [pid 8868] set_robust_list(0x7f67138b29a0, 24 [pid 8866] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8864] <... close resumed>) = 0 [pid 8869] chdir("./382" [pid 8868] <... set_robust_list resumed>) = 0 [pid 8866] <... futex resumed>) = 0 [pid 8864] close(4 [pid 8869] <... chdir resumed>) = 0 [pid 8868] rt_sigprocmask(SIG_SETMASK, [], [pid 8866] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8864] <... close resumed>) = 0 [pid 8869] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8864] mkdir("./file0", 0777 [pid 8869] <... prctl resumed>) = 0 [pid 8868] memfd_create("syzkaller", 0 [pid 8869] setpgid(0, 0) = 0 [pid 8869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8868] <... memfd_create resumed>) = 3 [pid 8864] <... mkdir resumed>) = 0 [pid 8868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8869] <... openat resumed>) = 3 [pid 8864] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8869] write(3, "1000", 4 [pid 5064] umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8869] <... write resumed>) = 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8869] close(3 [pid 5064] openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8869] <... close resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 8869] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8869] <... symlink resumed>) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [ 311.279794][ T8864] loop0: detected capacity change from 0 to 4096 [pid 5064] umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./379/binderfs" [pid 8869] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8869] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8869] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8869] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8864] <... mount resumed>) = 0 [pid 5064] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8869] <... mmap resumed>) = 0x7f6713892000 [pid 8869] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8864] <... openat resumed>) = 3 [pid 8869] <... mprotect resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./379/file0", [pid 8864] chdir("./file0" [pid 8869] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8864] <... chdir resumed>) = 0 [pid 8864] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8869] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8864] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8864] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] openat(AT_FDCWD, "./379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8864] <... futex resumed>) = 1 [pid 8863] <... futex resumed>) = 0 [pid 8864] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8863] exit_group(0 [pid 5064] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8870 attached [pid 8869] <... clone3 resumed> => {parent_tid=[8870]}, 88) = 8870 [pid 8868] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8867] <... write resumed>) = 2097152 [pid 8864] <... futex resumed>) = ? [pid 8863] <... exit_group resumed>) = ? [pid 8870] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5064] newfstatat(4, "", [pid 8864] +++ exited with 0 +++ [pid 8870] <... rseq resumed>) = 0 [pid 8869] rt_sigprocmask(SIG_SETMASK, [], [pid 8863] +++ exited with 0 +++ [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8870] set_robust_list(0x7f67138b29a0, 24 [pid 8869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8870] <... set_robust_list resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8863, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 8869] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8870] rt_sigprocmask(SIG_SETMASK, [], [pid 8869] <... futex resumed>) = 0 [pid 5064] getdents64(4, [pid 8870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8869] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8867] munmap(0x7f670b400000, 138412032 [pid 8870] memfd_create("syzkaller", 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8870] <... memfd_create resumed>) = 3 [pid 5064] getdents64(4, [pid 8870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5062] umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8870] <... mmap resumed>) = 0x7f670b400000 [pid 5064] rmdir("./379/file0" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8867] <... munmap resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 5064] getdents64(3, [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8867] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] close(3 [pid 5062] getdents64(3, [pid 8867] <... openat resumed>) = 4 [pid 8867] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./379" [pid 5062] newfstatat(AT_FDCWD, "./374/binderfs", [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./374/binderfs" [pid 5064] mkdir("./380", 0777 [pid 5062] <... unlink resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5062] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8867] <... ioctl resumed>) = 0 [pid 8867] close(3) = 0 [pid 8867] close(4) = 0 [pid 8867] mkdir("./file0", 0777) = 0 [pid 8867] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] <... umount2 resumed>) = 0 [pid 8868] <... write resumed>) = 2097152 [pid 8870] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8867] <... mount resumed>) = 0 [pid 5062] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8868] munmap(0x7f670b400000, 138412032 [ 311.409081][ T8867] loop3: detected capacity change from 0 to 4096 [pid 5062] newfstatat(AT_FDCWD, "./374/file0", [pid 8867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8867] <... openat resumed>) = 3 [pid 5062] umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8868] <... munmap resumed>) = 0 [pid 8867] chdir("./file0" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8867] <... chdir resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8867] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] newfstatat(4, "", [pid 8867] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 8867] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8867] <... futex resumed>) = 1 [pid 8865] <... futex resumed>) = 0 [pid 8865] exit_group(0) = ? [pid 8867] +++ exited with 0 +++ [pid 8865] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8865, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5065] umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8868] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./377/binderfs", [pid 5062] getdents64(4, [pid 8868] <... openat resumed>) = 4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8868] ioctl(4, LOOP_SET_FD, 3 [pid 5065] unlink("./377/binderfs" [pid 8868] <... ioctl resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5065] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] rmdir("./374/file0" [pid 5065] <... umount2 resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5065] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./377/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./377/file0") = 0 [pid 8868] close(3) = 0 [pid 8868] close(4) = 0 [pid 8868] mkdir("./file0", 0777 [pid 5065] getdents64(3, [pid 5064] <... ioctl resumed>) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./374") = 0 [pid 5062] mkdir("./375", 0777 [pid 8870] <... write resumed>) = 2097152 [pid 8868] <... mkdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 5062] <... mkdir resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./377") = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... close resumed>) = 0 [pid 5065] mkdir("./378", 0777) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 8868] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8871 [pid 8870] munmap(0x7f670b400000, 138412032./strace-static-x86_64: Process 8872 attached ./strace-static-x86_64: Process 8871 attached [pid 8871] set_robust_list(0x5555569076a0, 24) = 0 [pid 8872] set_robust_list(0x5555569076a0, 24 [pid 8871] chdir("./380" [pid 8872] <... set_robust_list resumed>) = 0 [pid 8871] <... chdir resumed>) = 0 [pid 8870] <... munmap resumed>) = 0 [ 311.489175][ T8868] loop4: detected capacity change from 0 to 4096 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8872 [pid 8872] chdir("./378" [pid 8871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8871] <... prctl resumed>) = 0 [pid 8870] <... openat resumed>) = 4 [pid 8870] ioctl(4, LOOP_SET_FD, 3 [pid 8871] setpgid(0, 0 [pid 8872] <... chdir resumed>) = 0 [pid 8871] <... setpgid resumed>) = 0 [pid 8872] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8872] <... prctl resumed>) = 0 [pid 8871] <... openat resumed>) = 3 [pid 8872] setpgid(0, 0 [pid 8871] write(3, "1000", 4 [pid 8872] <... setpgid resumed>) = 0 [pid 8871] <... write resumed>) = 4 [pid 8872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8871] close(3) = 0 [pid 8871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8872] <... openat resumed>) = 3 [pid 8872] write(3, "1000", 4 [pid 8871] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8872] <... write resumed>) = 4 [pid 8871] <... futex resumed>) = 0 [pid 8872] close(3 [pid 8871] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8872] <... close resumed>) = 0 [pid 8871] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8872] symlink("/dev/binderfs", "./binderfs" [pid 8871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8872] <... symlink resumed>) = 0 [pid 8871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8872] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8872] <... futex resumed>) = 0 [pid 8871] <... mmap resumed>) = 0x7f6713892000 [pid 8872] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8871] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8871] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8872] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8871] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8871] <... clone3 resumed> => {parent_tid=[8873]}, 88) = 8873 ./strace-static-x86_64: Process 8873 attached [pid 8872] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8871] rt_sigprocmask(SIG_SETMASK, [], [pid 8873] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8873] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8871] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8873] rt_sigprocmask(SIG_SETMASK, [], [pid 8872] <... mprotect resumed>) = 0 [pid 8871] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8872] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8872] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8873] memfd_create("syzkaller", 0 [pid 8872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8874]}, 88) = 8874 [pid 8872] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8874 attached NULL, 8) = 0 [pid 8874] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8872] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8874] <... rseq resumed>) = 0 [pid 8872] <... futex resumed>) = 0 [pid 8874] set_robust_list(0x7f67138b29a0, 24 [pid 8872] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8874] <... set_robust_list resumed>) = 0 [pid 8874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8874] memfd_create("syzkaller", 0 [pid 8873] <... memfd_create resumed>) = 3 [pid 8873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8870] <... ioctl resumed>) = 0 [pid 8870] close(3) = 0 [pid 8873] <... mmap resumed>) = 0x7f670b400000 [pid 8870] close(4 [pid 5062] <... ioctl resumed>) = 0 [pid 8874] <... memfd_create resumed>) = 3 [pid 8870] <... close resumed>) = 0 [ 311.553135][ T8870] loop1: detected capacity change from 0 to 4096 [pid 8874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8870] mkdir("./file0", 0777 [pid 5062] close(3 [pid 8870] <... mkdir resumed>) = 0 [pid 8874] <... mmap resumed>) = 0x7f670b400000 [pid 8870] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8875 [pid 8868] <... mount resumed>) = 0 ./strace-static-x86_64: Process 8875 attached [pid 8875] set_robust_list(0x5555569076a0, 24) = 0 [pid 8875] chdir("./375" [pid 8868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8875] <... chdir resumed>) = 0 [pid 8873] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8875] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8868] <... openat resumed>) = 3 [pid 8875] <... prctl resumed>) = 0 [pid 8875] setpgid(0, 0 [pid 8868] chdir("./file0" [pid 8875] <... setpgid resumed>) = 0 [pid 8868] <... chdir resumed>) = 0 [pid 8875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8868] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8868] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8866] <... futex resumed>) = 0 [pid 8868] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8866] exit_group(0 [pid 8868] <... futex resumed>) = ? [pid 8866] <... exit_group resumed>) = ? [pid 8868] +++ exited with 0 +++ [pid 8866] +++ exited with 0 +++ [pid 8875] <... openat resumed>) = 3 [pid 8875] write(3, "1000", 4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8866, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8875] <... write resumed>) = 4 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 8875] close(3 [pid 5066] <... restart_syscall resumed>) = 0 [pid 8875] <... close resumed>) = 0 [pid 8875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8875] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", [pid 8875] <... futex resumed>) = 0 [pid 8875] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8875] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5066] getdents64(3, [pid 8875] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8874] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./376/binderfs", [pid 8875] <... clone3 resumed> => {parent_tid=[8876]}, 88) = 8876 [pid 8875] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] unlink("./376/binderfs"./strace-static-x86_64: Process 8876 attached [pid 8875] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... unlink resumed>) = 0 [pid 8876] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8875] <... futex resumed>) = 0 [pid 8876] <... rseq resumed>) = 0 [pid 8875] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8876] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8876] memfd_create("syzkaller", 0) = 3 [pid 8876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8873] <... write resumed>) = 2097152 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8874] <... write resumed>) = 2097152 [pid 8870] <... mount resumed>) = 0 [pid 8873] munmap(0x7f670b400000, 138412032 [pid 5066] newfstatat(AT_FDCWD, "./376/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8870] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8870] chdir("./file0" [pid 8874] munmap(0x7f670b400000, 138412032 [pid 5066] openat(AT_FDCWD, "./376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8870] <... chdir resumed>) = 0 [pid 8874] <... munmap resumed>) = 0 [pid 8870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... openat resumed>) = 4 [pid 8873] <... munmap resumed>) = 0 [pid 8870] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] newfstatat(4, "", [pid 8874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8874] <... openat resumed>) = 4 [pid 5066] getdents64(4, [pid 8874] ioctl(4, LOOP_SET_FD, 3 [pid 8873] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8870] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 8870] <... futex resumed>) = 1 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8873] <... openat resumed>) = 4 [pid 5066] close(4 [pid 8870] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8869] <... futex resumed>) = 0 [pid 8874] <... ioctl resumed>) = 0 [pid 8873] ioctl(4, LOOP_SET_FD, 3 [pid 8869] exit_group(0 [pid 5066] <... close resumed>) = 0 [pid 8870] <... futex resumed>) = ? [pid 8869] <... exit_group resumed>) = ? [pid 5066] rmdir("./376/file0" [pid 8870] +++ exited with 0 +++ [pid 5066] <... rmdir resumed>) = 0 [pid 8869] +++ exited with 0 +++ [pid 5066] getdents64(3, [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8869, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] close(3 [pid 5063] newfstatat(3, "", [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./376") = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] mkdir("./377", 0777 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8874] close(3 [pid 8873] <... ioctl resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5063] umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8874] <... close resumed>) = 0 [pid 8873] close(3 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8874] close(4 [pid 8873] <... close resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./382/binderfs", [pid 8874] <... close resumed>) = 0 [pid 8873] close(4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8876] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8874] mkdir("./file0", 0777 [pid 8873] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5063] unlink("./382/binderfs") = 0 [pid 5063] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8873] mkdir("./file0", 0777) = 0 [ 311.781005][ T8874] loop3: detected capacity change from 0 to 4096 [ 311.792911][ T8873] loop2: detected capacity change from 0 to 4096 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8874] <... mkdir resumed>) = 0 [pid 8873] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8874] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./382/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./382/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 8876] <... write resumed>) = 2097152 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./382/file0") = 0 [pid 8876] munmap(0x7f670b400000, 138412032 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./382") = 0 [pid 5063] mkdir("./383", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 8876] <... munmap resumed>) = 0 [pid 8874] <... mount resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8876] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8874] chdir("./file0" [pid 5066] <... ioctl resumed>) = 0 [pid 8874] <... chdir resumed>) = 0 [pid 8876] <... openat resumed>) = 4 [pid 8874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8876] ioctl(4, LOOP_SET_FD, 3 [pid 8874] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8872] <... futex resumed>) = 0 [pid 8872] exit_group(0) = ? [pid 8876] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 8876] close(3 [pid 8874] +++ exited with 0 +++ [pid 8872] +++ exited with 0 +++ [pid 5066] <... close resumed>) = 0 [pid 8876] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8872, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} --- [pid 8876] close(4) = 0 [pid 8876] mkdir("./file0", 0777 [pid 5065] umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8877 [pid 8876] <... mkdir resumed>) = 0 [pid 8876] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8873] <... mount resumed>) = 0 ./strace-static-x86_64: Process 8877 attached [pid 8873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... openat resumed>) = 3 [pid 8873] <... openat resumed>) = 3 [pid 8873] chdir("./file0") = 0 [pid 8873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8873] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8877] set_robust_list(0x5555569076a0, 24 [pid 8873] <... futex resumed>) = 1 [pid 8871] <... futex resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 8877] <... set_robust_list resumed>) = 0 [pid 8873] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8877] chdir("./377" [pid 8871] exit_group(0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8877] <... chdir resumed>) = 0 [pid 8873] <... futex resumed>) = ? [pid 8871] <... exit_group resumed>) = ? [pid 5065] getdents64(3, [pid 8877] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8873] +++ exited with 0 +++ [pid 8877] <... prctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8877] setpgid(0, 0) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] newfstatat(AT_FDCWD, "./378/binderfs", [pid 8877] <... openat resumed>) = 3 [pid 8871] +++ exited with 0 +++ [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8877] write(3, "1000", 4 [pid 5065] unlink("./378/binderfs" [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8871, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [ 311.931380][ T8876] loop0: detected capacity change from 0 to 4096 [pid 5065] <... unlink resumed>) = 0 [pid 8877] <... write resumed>) = 4 [pid 8877] close(3 [pid 5065] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8877] <... close resumed>) = 0 [pid 8877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8877] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8877] <... futex resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8877] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8877] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8877] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./380/binderfs", [pid 5065] newfstatat(AT_FDCWD, "./378/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./380/binderfs" [pid 8877] <... mmap resumed>) = 0x7f6713892000 [pid 5065] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8877] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] close(3 [pid 8877] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... unlink resumed>) = 0 [pid 8877] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8876] <... mount resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 8877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... openat resumed>) = 4 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8878 attached [pid 8876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] newfstatat(4, "", ./strace-static-x86_64: Process 8879 attached [pid 8878] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8877] <... clone3 resumed> => {parent_tid=[8878]}, 88) = 8878 [pid 8876] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8878] <... rseq resumed>) = 0 [pid 8877] rt_sigprocmask(SIG_SETMASK, [], [pid 8876] chdir("./file0" [pid 5065] getdents64(4, [pid 8879] set_robust_list(0x5555569076a0, 24 [pid 8876] <... chdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = 0 [pid 8878] set_robust_list(0x7f67138b29a0, 24 [pid 8876] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] getdents64(4, [pid 8879] <... set_robust_list resumed>) = 0 [pid 8878] <... set_robust_list resumed>) = 0 [pid 8877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8876] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8879 [pid 8879] chdir("./383" [pid 8878] rt_sigprocmask(SIG_SETMASK, [], [pid 8877] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8876] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] close(4 [pid 8879] <... chdir resumed>) = 0 [pid 8878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8877] <... futex resumed>) = 0 [pid 8876] <... futex resumed>) = 1 [pid 8875] <... futex resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8877] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8876] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8875] exit_group(0 [pid 8878] memfd_create("syzkaller", 0 [pid 5065] rmdir("./378/file0" [pid 5064] newfstatat(AT_FDCWD, "./380/file0", [pid 8879] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8876] <... futex resumed>) = ? [pid 8875] <... exit_group resumed>) = ? [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8879] <... prctl resumed>) = 0 [pid 8876] +++ exited with 0 +++ [pid 5065] getdents64(3, [pid 5064] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8875] +++ exited with 0 +++ [pid 8879] setpgid(0, 0 [pid 5065] close(3 [pid 5064] openat(AT_FDCWD, "./380/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8879] <... setpgid resumed>) = 0 [pid 8878] <... memfd_create resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8875, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 8879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] rmdir("./378" [pid 5064] newfstatat(4, "", [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8878] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8879] <... openat resumed>) = 3 [pid 5062] <... restart_syscall resumed>) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] mkdir("./379", 0777 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... mkdir resumed>) = 0 [pid 5064] close(4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8879] write(3, "1000", 4 [pid 5064] rmdir("./380/file0" [pid 5062] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... rmdir resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 5065] <... openat resumed>) = 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] getdents64(3, [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] close(3) = 0 [pid 8879] <... write resumed>) = 4 [pid 5062] umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8879] close(3) = 0 [pid 5064] rmdir("./380" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8879] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] mkdir("./381", 0777 [pid 5062] unlink("./375/binderfs" [pid 5064] <... mkdir resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8879] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8878] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8879] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... openat resumed>) = 3 [pid 5062] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8879] <... mmap resumed>) = 0x7f6713892000 [pid 5062] <... umount2 resumed>) = 0 [pid 8879] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8879] <... mprotect resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8879] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] newfstatat(AT_FDCWD, "./375/file0", [pid 8879] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8880 attached [pid 8879] <... clone3 resumed> => {parent_tid=[8880]}, 88) = 8880 [pid 5062] umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8879] rt_sigprocmask(SIG_SETMASK, [], [pid 8880] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8880] <... rseq resumed>) = 0 [pid 8879] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] openat(AT_FDCWD, "./375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8880] set_robust_list(0x7f67138b29a0, 24 [pid 8879] <... futex resumed>) = 0 [pid 8880] <... set_robust_list resumed>) = 0 [pid 8879] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... openat resumed>) = 4 [pid 8880] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] newfstatat(4, "", [pid 8880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8880] memfd_create("syzkaller", 0 [pid 5062] getdents64(4, [pid 8880] <... memfd_create resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./375/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./375") = 0 [pid 5062] mkdir("./376", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5065] <... ioctl resumed>) = 0 [pid 8880] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8878] <... write resumed>) = 2097152 [pid 8878] munmap(0x7f670b400000, 138412032 [pid 5065] close(3 [pid 5064] <... ioctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] close(3./strace-static-x86_64: Process 8881 attached [pid 8878] <... munmap resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8881] set_robust_list(0x5555569076a0, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8881 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8881] <... set_robust_list resumed>) = 0 [pid 8881] chdir("./379" [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8882 [pid 8881] <... chdir resumed>) = 0 [pid 8878] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 8882 attached [pid 8882] set_robust_list(0x5555569076a0, 24) = 0 [pid 8881] setpgid(0, 0 [pid 8878] <... openat resumed>) = 4 [pid 8882] chdir("./381" [pid 8881] <... setpgid resumed>) = 0 [pid 8878] ioctl(4, LOOP_SET_FD, 3 [pid 8882] <... chdir resumed>) = 0 [pid 8881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8882] setpgid(0, 0) = 0 [pid 8882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8882] write(3, "1000", 4 [pid 8881] <... openat resumed>) = 3 [pid 8880] <... write resumed>) = 2097152 [pid 8882] <... write resumed>) = 4 [pid 8881] write(3, "1000", 4 [pid 8878] <... ioctl resumed>) = 0 [pid 8881] <... write resumed>) = 4 [pid 8878] close(3 [pid 8881] close(3 [pid 8882] close(3 [pid 8881] <... close resumed>) = 0 [pid 8882] <... close resumed>) = 0 [pid 8881] symlink("/dev/binderfs", "./binderfs" [pid 8882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8881] <... symlink resumed>) = 0 [pid 8882] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8881] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... ioctl resumed>) = 0 [pid 8881] <... futex resumed>) = 0 [pid 8882] <... futex resumed>) = 0 [pid 8881] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8882] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8881] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8878] <... close resumed>) = 0 [pid 8882] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8882] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8878] close(4 [pid 8882] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8881] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8878] <... close resumed>) = 0 [pid 5062] close(3 [pid 8882] <... mprotect resumed>) = 0 [pid 8882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8883 attached [pid 8878] mkdir("./file0", 0777 [pid 8881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8883] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8880] munmap(0x7f670b400000, 138412032 [pid 8883] <... rseq resumed>) = 0 [pid 8882] <... clone3 resumed> => {parent_tid=[8883]}, 88) = 8883 [pid 8880] <... munmap resumed>) = 0 [pid 8878] <... mkdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8883] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8883] rt_sigprocmask(SIG_SETMASK, [], [pid 8882] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8883] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8882] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8881] <... mmap resumed>) = 0x7f6713892000 [pid 8882] <... futex resumed>) = 0 [pid 8883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8882] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8881] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8878] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8884 ./strace-static-x86_64: Process 8884 attached [pid 8883] memfd_create("syzkaller", 0 [pid 8884] set_robust_list(0x5555569076a0, 24 [pid 8881] <... mprotect resumed>) = 0 [pid 8881] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8884] <... set_robust_list resumed>) = 0 [pid 8880] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8884] chdir("./376" [pid 8881] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8880] <... openat resumed>) = 4 [ 312.213419][ T8878] loop4: detected capacity change from 0 to 4096 [pid 8884] <... chdir resumed>) = 0 [pid 8881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8880] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 8885 attached [pid 8885] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8884] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8883] <... memfd_create resumed>) = 3 [pid 8881] <... clone3 resumed> => {parent_tid=[8885]}, 88) = 8885 [pid 8885] <... rseq resumed>) = 0 [pid 8883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8881] rt_sigprocmask(SIG_SETMASK, [], [pid 8885] set_robust_list(0x7f67138b29a0, 24 [pid 8883] <... mmap resumed>) = 0x7f670b400000 [pid 8885] <... set_robust_list resumed>) = 0 [pid 8881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8885] rt_sigprocmask(SIG_SETMASK, [], [pid 8881] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8884] <... prctl resumed>) = 0 [pid 8884] setpgid(0, 0) = 0 [pid 8884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8885] memfd_create("syzkaller", 0 [pid 8884] <... openat resumed>) = 3 [pid 8881] <... futex resumed>) = 0 [pid 8884] write(3, "1000", 4 [pid 8881] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8884] <... write resumed>) = 4 [pid 8884] close(3) = 0 [pid 8884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8885] <... memfd_create resumed>) = 3 [pid 8884] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8884] <... futex resumed>) = 0 [pid 8884] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8885] <... mmap resumed>) = 0x7f670b400000 [pid 8884] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8884] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8884] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8880] <... ioctl resumed>) = 0 [pid 8884] <... mprotect resumed>) = 0 [pid 8880] close(3 [pid 8884] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8880] <... close resumed>) = 0 [pid 8884] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8880] close(4 [pid 8884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8880] <... close resumed>) = 0 [pid 8880] mkdir("./file0", 0777) = 0 ./strace-static-x86_64: Process 8886 attached [pid 8884] <... clone3 resumed> => {parent_tid=[8886]}, 88) = 8886 [pid 8886] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8884] rt_sigprocmask(SIG_SETMASK, [], [pid 8880] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8884] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8884] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8886] <... rseq resumed>) = 0 [pid 8886] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 312.273221][ T8880] loop1: detected capacity change from 0 to 4096 [pid 8886] memfd_create("syzkaller", 0) = 3 [pid 8886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8878] <... mount resumed>) = 0 [pid 8886] <... mmap resumed>) = 0x7f670b400000 [pid 8878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8880] <... mount resumed>) = 0 [pid 8880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8880] chdir("./file0") = 0 [pid 8880] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8880] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8879] <... futex resumed>) = 0 [pid 8880] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8879] exit_group(0 [pid 8880] <... futex resumed>) = ? [pid 8879] <... exit_group resumed>) = ? [pid 8880] +++ exited with 0 +++ [pid 8879] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8879, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5063] umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8878] <... openat resumed>) = 3 [pid 5063] unlink("./383/binderfs" [pid 8878] chdir("./file0" [pid 5063] <... unlink resumed>) = 0 [pid 8878] <... chdir resumed>) = 0 [pid 5063] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8878] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8878] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8885] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8883] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8878] <... futex resumed>) = 1 [pid 8877] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8878] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8877] exit_group(0) = ? [pid 8878] <... futex resumed>) = ? [pid 5063] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./383/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8886] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8878] +++ exited with 0 +++ [pid 8877] +++ exited with 0 +++ [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8877, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5066] umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(4, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] close(4 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... close resumed>) = 0 [pid 8885] <... write resumed>) = 2097152 [pid 5066] umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] rmdir("./383/file0" [pid 8885] munmap(0x7f670b400000, 138412032 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... rmdir resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./377/binderfs", [pid 5063] getdents64(3, [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] unlink("./377/binderfs" [pid 5063] close(3) = 0 [pid 5063] rmdir("./383" [pid 5066] <... unlink resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] mkdir("./384", 0777 [pid 8883] <... write resumed>) = 2097152 [pid 5063] <... mkdir resumed>) = 0 [pid 8883] munmap(0x7f670b400000, 138412032 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8885] <... munmap resumed>) = 0 [pid 8883] <... munmap resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8885] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8883] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8885] <... openat resumed>) = 4 [pid 8883] <... openat resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8885] ioctl(4, LOOP_SET_FD, 3 [pid 8883] ioctl(4, LOOP_SET_FD, 3 [pid 5066] newfstatat(AT_FDCWD, "./377/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8886] <... write resumed>) = 2097152 [pid 8886] munmap(0x7f670b400000, 138412032) = 0 [pid 8886] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8885] <... ioctl resumed>) = 0 [pid 8883] <... ioctl resumed>) = 0 [pid 5066] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8886] <... openat resumed>) = 4 [pid 8885] close(3 [pid 8883] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8883] <... close resumed>) = 0 [pid 8886] ioctl(4, LOOP_SET_FD, 3 [pid 8885] <... close resumed>) = 0 [pid 8883] close(4 [pid 5066] openat(AT_FDCWD, "./377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8886] <... ioctl resumed>) = 0 [pid 8885] close(4 [pid 8883] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 8883] mkdir("./file0", 0777 [pid 8885] <... close resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8883] <... mkdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8883] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 8885] mkdir("./file0", 0777 [pid 5066] rmdir("./377/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 8885] <... mkdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./377" [pid 8885] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./378", 0777 [pid 8886] close(3) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 8886] close(4 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8886] <... close resumed>) = 0 [pid 8886] mkdir("./file0", 0777 [pid 8883] <... mount resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [ 312.477059][ T8885] loop3: detected capacity change from 0 to 4096 [ 312.484860][ T8883] loop2: detected capacity change from 0 to 4096 [ 312.498478][ T8886] loop0: detected capacity change from 0 to 4096 [pid 8886] <... mkdir resumed>) = 0 [pid 8883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] close(3 [pid 8886] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8883] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 8883] chdir("./file0" [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8887 attached [pid 8883] <... chdir resumed>) = 0 [pid 8883] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8883] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8887 [pid 8887] set_robust_list(0x5555569076a0, 24 [pid 8883] <... futex resumed>) = 1 [pid 8882] <... futex resumed>) = 0 [pid 8887] <... set_robust_list resumed>) = 0 [pid 8883] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8882] exit_group(0 [pid 8887] chdir("./384" [pid 8883] <... futex resumed>) = ? [pid 8882] <... exit_group resumed>) = ? [pid 8887] <... chdir resumed>) = 0 [pid 8883] +++ exited with 0 +++ [pid 8882] +++ exited with 0 +++ [pid 8887] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8885] <... mount resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8882, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8887] <... prctl resumed>) = 0 [pid 8885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8887] setpgid(0, 0 [pid 8885] <... openat resumed>) = 3 [pid 8887] <... setpgid resumed>) = 0 [pid 8887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8885] chdir("./file0" [pid 8887] <... openat resumed>) = 3 [pid 8885] <... chdir resumed>) = 0 [pid 5064] umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8887] write(3, "1000", 4 [pid 8885] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8885] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8885] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... openat resumed>) = 3 [pid 8887] <... write resumed>) = 4 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8887] close(3 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8887] <... close resumed>) = 0 [pid 5064] umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8885] <... futex resumed>) = 1 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8885] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] newfstatat(AT_FDCWD, "./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./381/binderfs") = 0 [pid 5064] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8887] symlink("/dev/binderfs", "./binderfs" [pid 8881] <... futex resumed>) = 0 [pid 8887] <... symlink resumed>) = 0 [pid 8886] <... mount resumed>) = 0 [pid 8881] exit_group(0 [pid 5064] <... umount2 resumed>) = 0 [pid 8887] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8886] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8887] <... futex resumed>) = 0 [pid 8887] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8886] <... openat resumed>) = 3 [pid 8885] <... futex resumed>) = ? [pid 8881] <... exit_group resumed>) = ? [pid 8887] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8886] chdir("./file0" [pid 8887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8886] <... chdir resumed>) = 0 [pid 8887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8886] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8885] +++ exited with 0 +++ [pid 8881] +++ exited with 0 +++ [pid 5066] <... ioctl resumed>) = 0 [pid 5064] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8887] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8886] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8887] <... mprotect resumed>) = 0 [pid 8886] <... futex resumed>) = 1 [pid 8884] <... futex resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8881, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8884] exit_group(0 [pid 5064] newfstatat(AT_FDCWD, "./381/file0", [pid 8887] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8884] <... exit_group resumed>) = ? [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8887] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8886] +++ exited with 0 +++ [pid 8884] +++ exited with 0 +++ [pid 5065] umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8888 attached [pid 5065] openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] openat(AT_FDCWD, "./381/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8884, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8888] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8887] <... clone3 resumed> => {parent_tid=[8888]}, 88) = 8888 [pid 5065] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 4 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8888] <... rseq resumed>) = 0 [pid 8887] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] newfstatat(3, "", [pid 5064] newfstatat(4, "", [pid 5062] <... restart_syscall resumed>) = 0 [pid 8888] set_robust_list(0x7f67138b29a0, 24 [pid 8887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] close(3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8888] <... set_robust_list resumed>) = 0 [pid 8887] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... close resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] getdents64(4, [pid 8888] rt_sigprocmask(SIG_SETMASK, [], [pid 8887] <... futex resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8889 attached [pid 8888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8887] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] getdents64(4, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8889] set_robust_list(0x5555569076a0, 24 [pid 8888] memfd_create("syzkaller", 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8889 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(4 [pid 5062] <... openat resumed>) = 3 [pid 8889] <... set_robust_list resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./379/binderfs", [pid 5062] newfstatat(3, "", [pid 8889] chdir("./378" [pid 8888] <... memfd_create resumed>) = 3 [pid 8889] <... chdir resumed>) = 0 [pid 8888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8888] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8889] setpgid(0, 0 [pid 5065] unlink("./379/binderfs" [pid 5064] <... close resumed>) = 0 [pid 5062] getdents64(3, [pid 8889] <... setpgid resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5064] rmdir("./381/file0" [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... rmdir resumed>) = 0 [pid 5062] umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8889] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] getdents64(3, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 5062] newfstatat(AT_FDCWD, "./376/binderfs", [pid 8889] write(3, "1000", 4 [pid 5065] newfstatat(AT_FDCWD, "./379/file0", [pid 5064] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8889] <... write resumed>) = 4 [pid 5064] rmdir("./381" [pid 5062] unlink("./376/binderfs" [pid 8889] close(3 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8889] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] mkdir("./382", 0777 [pid 5062] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8889] symlink("/dev/binderfs", "./binderfs" [pid 5065] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... mkdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] openat(AT_FDCWD, "./379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... openat resumed>) = 3 [pid 8889] <... symlink resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8889] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5065] getdents64(4, [pid 5062] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8889] <... futex resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8889] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] getdents64(4, [pid 5062] newfstatat(AT_FDCWD, "./376/file0", [pid 8889] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] close(4 [pid 8889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5065] <... close resumed>) = 0 [pid 5062] umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5065] rmdir("./379/file0" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8889] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... rmdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8889] <... mprotect resumed>) = 0 [pid 5065] getdents64(3, [pid 5062] <... openat resumed>) = 4 [pid 8889] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] close(3 [pid 5062] getdents64(4, [pid 8889] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8888] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] rmdir("./379" [pid 5062] close(4 [pid 8889] <... clone3 resumed> => {parent_tid=[8890]}, 88) = 8890 [pid 5062] <... close resumed>) = 0 ./strace-static-x86_64: Process 8890 attached [pid 8889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8890] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5062] rmdir("./376/file0" [pid 8890] <... rseq resumed>) = 0 [pid 8889] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... rmdir resumed>) = 0 [pid 8890] set_robust_list(0x7f67138b29a0, 24 [pid 8889] <... futex resumed>) = 0 [pid 8890] <... set_robust_list resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 8890] rt_sigprocmask(SIG_SETMASK, [], [pid 8889] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] mkdir("./380", 0777 [pid 5062] getdents64(3, [pid 5065] <... mkdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8890] memfd_create("syzkaller", 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5062] <... close resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] rmdir("./376" [pid 8890] <... memfd_create resumed>) = 3 [pid 5062] <... rmdir resumed>) = 0 [pid 8890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] mkdir("./377", 0777) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8891 attached [pid 8891] set_robust_list(0x5555569076a0, 24) = 0 [pid 8891] chdir("./382" [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8891 [pid 8891] <... chdir resumed>) = 0 [pid 8891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8891] setpgid(0, 0) = 0 [pid 8891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8888] <... write resumed>) = 2097152 [pid 8891] write(3, "1000", 4 [pid 8888] munmap(0x7f670b400000, 138412032 [pid 8891] <... write resumed>) = 4 [pid 8890] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... ioctl resumed>) = 0 [pid 8888] <... munmap resumed>) = 0 [pid 8891] close(3) = 0 [pid 8891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8891] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8891] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8891] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8891] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8892 attached [pid 8892] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8892] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8892] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8891] <... clone3 resumed> => {parent_tid=[8892]}, 88) = 8892 [pid 8891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8891] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8892] <... futex resumed>) = 0 [pid 8891] <... futex resumed>) = 1 [pid 8892] memfd_create("syzkaller", 0 [pid 8891] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8892] <... memfd_create resumed>) = 3 [pid 8888] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8888] <... openat resumed>) = 4 [pid 5065] close(3 [pid 8888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] <... close resumed>) = 0 [pid 8888] close(3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... ioctl resumed>) = 0 [pid 8888] <... close resumed>) = 0 [pid 8888] close(4) = 0 [pid 8888] mkdir("./file0", 0777) = 0 [pid 8888] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] close(3 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8893 [pid 5062] <... close resumed>) = 0 ./strace-static-x86_64: Process 8893 attached [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8893] set_robust_list(0x5555569076a0, 24) = 0 [pid 8893] chdir("./380") = 0 [pid 8893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8893] setpgid(0, 0) = 0 [pid 8893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8894 ./strace-static-x86_64: Process 8894 attached [pid 8893] <... openat resumed>) = 3 [pid 8894] set_robust_list(0x5555569076a0, 24) = 0 [pid 8894] chdir("./377" [pid 8893] write(3, "1000", 4 [pid 8894] <... chdir resumed>) = 0 [pid 8893] <... write resumed>) = 4 [pid 8894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8893] close(3 [pid 8892] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8894] <... prctl resumed>) = 0 [pid 8893] <... close resumed>) = 0 [pid 8893] symlink("/dev/binderfs", "./binderfs" [pid 8894] setpgid(0, 0 [pid 8893] <... symlink resumed>) = 0 [pid 8894] <... setpgid resumed>) = 0 [ 312.848737][ T8888] loop1: detected capacity change from 0 to 4096 [pid 8894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8893] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8893] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8894] <... openat resumed>) = 3 [pid 8893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8893] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8894] write(3, "1000", 4 [pid 8893] <... mprotect resumed>) = 0 [pid 8890] <... write resumed>) = 2097152 [pid 8888] <... mount resumed>) = 0 [pid 8894] <... write resumed>) = 4 [pid 8893] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8894] close(3 [pid 8893] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8888] <... openat resumed>) = 3 [pid 8894] <... close resumed>) = 0 [pid 8893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8895 attached [pid 8894] symlink("/dev/binderfs", "./binderfs" [pid 8888] chdir("./file0" [pid 8895] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8894] <... symlink resumed>) = 0 [pid 8893] <... clone3 resumed> => {parent_tid=[8895]}, 88) = 8895 [pid 8888] <... chdir resumed>) = 0 [pid 8895] <... rseq resumed>) = 0 [pid 8894] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8893] rt_sigprocmask(SIG_SETMASK, [], [pid 8888] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8895] set_robust_list(0x7f67138b29a0, 24 [pid 8894] <... futex resumed>) = 0 [pid 8893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8888] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8895] <... set_robust_list resumed>) = 0 [pid 8894] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8893] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8888] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8895] rt_sigprocmask(SIG_SETMASK, [], [pid 8894] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8893] <... futex resumed>) = 0 [pid 8888] <... futex resumed>) = 1 [pid 8895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8893] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8890] munmap(0x7f670b400000, 138412032 [pid 8888] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8887] <... futex resumed>) = 0 [pid 8894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8887] exit_group(0 [pid 8895] memfd_create("syzkaller", 0 [pid 8894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8888] <... futex resumed>) = ? [pid 8887] <... exit_group resumed>) = ? [pid 8890] <... munmap resumed>) = 0 [pid 8888] +++ exited with 0 +++ [pid 8887] +++ exited with 0 +++ [pid 8894] <... mmap resumed>) = 0x7f6713892000 [pid 8894] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8887, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8894] <... mprotect resumed>) = 0 [pid 8894] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", [pid 8895] <... memfd_create resumed>) = 3 [pid 8894] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8890] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] getdents64(3, ./strace-static-x86_64: Process 8896 attached [pid 8895] <... mmap resumed>) = 0x7f670b400000 [pid 8890] <... openat resumed>) = 4 [pid 8896] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8894] <... clone3 resumed> => {parent_tid=[8896]}, 88) = 8896 [pid 8890] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8896] <... rseq resumed>) = 0 [pid 8894] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8896] set_robust_list(0x7f67138b29a0, 24 [pid 8894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] unlink("./384/binderfs" [pid 8896] <... set_robust_list resumed>) = 0 [pid 8894] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... unlink resumed>) = 0 [pid 8896] rt_sigprocmask(SIG_SETMASK, [], [pid 8894] <... futex resumed>) = 0 [pid 5063] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8894] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8896] memfd_create("syzkaller", 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8896] <... memfd_create resumed>) = 3 [pid 8892] <... write resumed>) = 2097152 [pid 8896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8892] munmap(0x7f670b400000, 138412032 [pid 8890] <... ioctl resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./384/file0", [pid 8890] close(3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8896] <... mmap resumed>) = 0x7f670b400000 [pid 8895] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8890] <... close resumed>) = 0 [pid 5063] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8890] close(4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8890] <... close resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8890] mkdir("./file0", 0777 [pid 5063] <... openat resumed>) = 4 [pid 8890] <... mkdir resumed>) = 0 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8890] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] getdents64(4, [pid 8892] <... munmap resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [ 312.957087][ T8890] loop4: detected capacity change from 0 to 4096 [pid 8892] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./384/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./384" [pid 8892] <... openat resumed>) = 4 [pid 8892] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./385", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8895] <... write resumed>) = 2097152 [pid 8896] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8892] <... ioctl resumed>) = 0 [pid 8890] <... mount resumed>) = 0 [ 313.030325][ T8892] loop2: detected capacity change from 0 to 4096 [pid 8895] munmap(0x7f670b400000, 138412032 [pid 8892] close(3 [pid 8890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8892] <... close resumed>) = 0 [pid 8892] close(4) = 0 [pid 8892] mkdir("./file0", 0777) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8892] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8890] <... openat resumed>) = 3 [pid 8890] chdir("./file0") = 0 [pid 8890] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8895] <... munmap resumed>) = 0 [pid 8890] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8897 attached [pid 8895] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8890] <... futex resumed>) = 1 [pid 8889] <... futex resumed>) = 0 [pid 8897] set_robust_list(0x5555569076a0, 24 [pid 8896] <... write resumed>) = 2097152 [pid 8895] <... openat resumed>) = 4 [pid 8890] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8889] exit_group(0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8897 [pid 8897] <... set_robust_list resumed>) = 0 [pid 8896] munmap(0x7f670b400000, 138412032 [pid 8895] ioctl(4, LOOP_SET_FD, 3 [pid 8897] chdir("./385" [pid 8890] <... futex resumed>) = ? [pid 8889] <... exit_group resumed>) = ? [pid 8890] +++ exited with 0 +++ [pid 8889] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8889, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5066] umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8897] <... chdir resumed>) = 0 [pid 8896] <... munmap resumed>) = 0 [pid 8895] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8897] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8895] close(3) = 0 [pid 8895] close(4 [pid 8897] <... prctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8897] setpgid(0, 0 [pid 5066] <... openat resumed>) = 3 [pid 8897] <... setpgid resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 8897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8897] <... openat resumed>) = 3 [pid 5066] getdents64(3, [pid 8897] write(3, "1000", 4 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8895] <... close resumed>) = 0 [pid 8895] mkdir("./file0", 0777 [pid 8897] <... write resumed>) = 4 [pid 5066] umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8897] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8897] <... close resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./378/binderfs", [pid 8897] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8897] <... symlink resumed>) = 0 [pid 5066] unlink("./378/binderfs") = 0 [pid 5066] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8895] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8895] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8897] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8896] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8897] <... futex resumed>) = 0 [pid 8896] <... openat resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8897] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8896] ioctl(4, LOOP_SET_FD, 3 [pid 5066] newfstatat(AT_FDCWD, "./378/file0", [pid 8897] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 313.118911][ T8895] loop3: detected capacity change from 0 to 4096 [pid 8897] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8896] <... ioctl resumed>) = 0 [pid 5066] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8897] <... mmap resumed>) = 0x7f6713892000 [pid 5066] openat(AT_FDCWD, "./378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8897] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8896] close(3 [pid 5066] <... openat resumed>) = 4 [pid 8897] <... mprotect resumed>) = 0 [pid 8896] <... close resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8897] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8896] close(4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8897] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8896] <... close resumed>) = 0 [pid 8892] <... mount resumed>) = 0 [pid 5066] getdents64(4, [pid 8897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8896] mkdir("./file0", 0777 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 8898 attached [pid 8896] <... mkdir resumed>) = 0 [pid 8892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] getdents64(4, [pid 8897] <... clone3 resumed> => {parent_tid=[8898]}, 88) = 8898 [pid 8892] chdir("./file0" [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8897] rt_sigprocmask(SIG_SETMASK, [], [pid 8892] <... chdir resumed>) = 0 [pid 5066] close(4 [pid 8897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8896] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8892] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... close resumed>) = 0 [pid 8892] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] rmdir("./378/file0" [pid 8892] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8892] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... rmdir resumed>) = 0 [pid 8897] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8897] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8891] <... futex resumed>) = 0 [pid 8891] exit_group(0 [pid 8892] <... futex resumed>) = ? [pid 8891] <... exit_group resumed>) = ? [pid 8898] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8892] +++ exited with 0 +++ [pid 8891] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8891, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5064] umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8898] <... rseq resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 8898] set_robust_list(0x7f67138b29a0, 24 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8898] <... set_robust_list resumed>) = 0 [pid 5064] getdents64(3, [pid 8898] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] getdents64(3, [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./382/binderfs", [ 313.162975][ T8896] loop0: detected capacity change from 0 to 4096 [pid 5066] rmdir("./378" [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8898] memfd_create("syzkaller", 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] unlink("./382/binderfs" [pid 5066] mkdir("./379", 0777 [pid 5064] <... unlink resumed>) = 0 [pid 8898] <... memfd_create resumed>) = 3 [pid 8895] <... mount resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8898] <... mmap resumed>) = 0x7f670b400000 [pid 8895] <... openat resumed>) = 3 [pid 8895] chdir("./file0") = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... umount2 resumed>) = 0 [pid 8895] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... openat resumed>) = 3 [pid 5064] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8895] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8895] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] newfstatat(AT_FDCWD, "./382/file0", [pid 8895] <... futex resumed>) = 1 [pid 8893] <... futex resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8895] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8893] exit_group(0 [pid 5064] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8895] <... futex resumed>) = ? [pid 8893] <... exit_group resumed>) = ? [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8895] +++ exited with 0 +++ [pid 5064] openat(AT_FDCWD, "./382/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8893] +++ exited with 0 +++ [pid 5064] getdents64(4, [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8893, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] rmdir("./382/file0" [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] getdents64(3, [pid 8896] <... mount resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8896] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8896] chdir("./file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 8896] <... chdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./380/binderfs", [pid 8896] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8898] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8896] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./382" [pid 8896] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] unlink("./380/binderfs" [pid 8896] <... futex resumed>) = 1 [pid 8894] <... futex resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8896] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8894] exit_group(0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] mkdir("./383", 0777 [pid 8896] <... futex resumed>) = ? [pid 8894] <... exit_group resumed>) = ? [pid 5064] <... mkdir resumed>) = 0 [pid 8896] +++ exited with 0 +++ [pid 8894] +++ exited with 0 +++ [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8894, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5065] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... restart_syscall resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./380/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "./380/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8898] <... write resumed>) = 2097152 [pid 5065] <... openat resumed>) = 4 [pid 5062] <... openat resumed>) = 3 [pid 5065] newfstatat(4, "", [pid 5062] newfstatat(3, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, [pid 8898] munmap(0x7f670b400000, 138412032 [pid 5062] umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] unlink("./377/binderfs") = 0 [pid 5062] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 8898] <... munmap resumed>) = 0 [pid 5065] close(4 [pid 5062] <... umount2 resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] rmdir("./380/file0") = 0 ./strace-static-x86_64: Process 8899 attached [pid 8898] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8899] set_robust_list(0x5555569076a0, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8899 [pid 8899] <... set_robust_list resumed>) = 0 [pid 8899] chdir("./379" [pid 5065] getdents64(3, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8898] <... openat resumed>) = 4 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] newfstatat(AT_FDCWD, "./377/file0", [pid 8899] <... chdir resumed>) = 0 [pid 5065] close(3 [pid 8899] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... close resumed>) = 0 [pid 8899] <... prctl resumed>) = 0 [pid 5065] rmdir("./380") = 0 [pid 8899] setpgid(0, 0 [pid 5065] mkdir("./381", 0777 [pid 8898] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... mkdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8899] <... setpgid resumed>) = 0 [pid 8899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 8899] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8899] write(3, "1000", 4) = 4 [pid 8899] close(3) = 0 [pid 8899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8899] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8898] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8899] <... futex resumed>) = 0 [pid 8899] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8899] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8899] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8899] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] openat(AT_FDCWD, "./377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8900 attached [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8900] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8899] <... clone3 resumed> => {parent_tid=[8900]}, 88) = 8900 [pid 5064] close(3 [pid 5062] newfstatat(4, "", [pid 8900] <... rseq resumed>) = 0 [pid 8899] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... close resumed>) = 0 [pid 8900] set_robust_list(0x7f67138b29a0, 24 [pid 8899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8900] <... set_robust_list resumed>) = 0 [pid 8899] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] getdents64(4, [pid 8900] rt_sigprocmask(SIG_SETMASK, [], [pid 8899] <... futex resumed>) = 0 [pid 8898] close(3) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8898] close(4 [pid 5062] getdents64(4, [pid 8898] <... close resumed>) = 0 [pid 8900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8900] memfd_create("syzkaller", 0 [pid 8899] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8898] mkdir("./file0", 0777 [pid 5062] close(4./strace-static-x86_64: Process 8901 attached ) = 0 [pid 5062] rmdir("./377/file0" [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8901 [pid 5062] <... rmdir resumed>) = 0 [pid 8901] set_robust_list(0x5555569076a0, 24 [pid 5062] getdents64(3, [pid 8900] <... memfd_create resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] close(3 [pid 8900] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... close resumed>) = 0 [pid 8901] <... set_robust_list resumed>) = 0 [pid 8898] <... mkdir resumed>) = 0 [pid 5062] rmdir("./377") = 0 [pid 5062] mkdir("./378", 0777 [pid 8901] chdir("./383" [pid 8898] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] <... mkdir resumed>) = 0 [pid 8901] <... chdir resumed>) = 0 [pid 8901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8901] <... prctl resumed>) = 0 [pid 8901] setpgid(0, 0 [pid 5062] <... openat resumed>) = 3 [pid 8901] <... setpgid resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8901] write(3, "1000", 4) = 4 [pid 8901] close(3) = 0 [pid 8901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8901] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8901] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [ 313.364810][ T8898] loop1: detected capacity change from 0 to 4096 [pid 8901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8901] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8902 attached => {parent_tid=[8902]}, 88) = 8902 [pid 8900] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8901] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8902] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8901] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8902] <... rseq resumed>) = 0 [pid 8902] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8902] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8902] memfd_create("syzkaller", 0) = 3 [pid 8902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8898] <... mount resumed>) = 0 [pid 8898] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] <... ioctl resumed>) = 0 [pid 8898] chdir("./file0") = 0 [pid 8898] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... ioctl resumed>) = 0 [pid 8898] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8903 [pid 8898] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8897] <... futex resumed>) = 0 [pid 8897] exit_group(0) = ? [pid 5062] close(3) = 0 ./strace-static-x86_64: Process 8903 attached [pid 8903] set_robust_list(0x5555569076a0, 24) = 0 [pid 8898] +++ exited with 0 +++ [pid 8897] +++ exited with 0 +++ [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8897, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8903] chdir("./381") = 0 [pid 8903] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 8903] <... prctl resumed>) = 0 [pid 5063] <... restart_syscall resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8904 [pid 8903] setpgid(0, 0) = 0 [pid 8903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 8904 attached ) = 3 [pid 8902] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8903] write(3, "1000", 4) = 4 [pid 8904] set_robust_list(0x5555569076a0, 24 [pid 8903] close(3) = 0 [pid 5063] umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8904] <... set_robust_list resumed>) = 0 [pid 8904] chdir("./378" [pid 8903] symlink("/dev/binderfs", "./binderfs" [pid 8900] <... write resumed>) = 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8904] <... chdir resumed>) = 0 [pid 8903] <... symlink resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8903] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... openat resumed>) = 3 [pid 8904] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] newfstatat(3, "", [pid 8904] <... prctl resumed>) = 0 [pid 8903] <... futex resumed>) = 0 [pid 8900] munmap(0x7f670b400000, 138412032 [pid 8904] setpgid(0, 0 [pid 8903] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8900] <... munmap resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8904] <... setpgid resumed>) = 0 [pid 8903] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] getdents64(3, [pid 8903] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8904] <... openat resumed>) = 3 [pid 8903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8904] write(3, "1000", 4 [pid 8903] <... mmap resumed>) = 0x7f6713892000 [pid 8903] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8904] <... write resumed>) = 4 [pid 8903] <... mprotect resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8904] close(3 [pid 8903] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] newfstatat(AT_FDCWD, "./385/binderfs", [pid 8904] <... close resumed>) = 0 [pid 8903] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8900] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8904] symlink("/dev/binderfs", "./binderfs" [pid 8903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8905 attached [pid 8904] <... symlink resumed>) = 0 [pid 8905] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8904] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8903] <... clone3 resumed> => {parent_tid=[8905]}, 88) = 8905 [pid 8900] <... openat resumed>) = 4 [pid 5063] unlink("./385/binderfs" [pid 8905] <... rseq resumed>) = 0 [pid 8904] <... futex resumed>) = 0 [pid 8903] rt_sigprocmask(SIG_SETMASK, [], [pid 8900] ioctl(4, LOOP_SET_FD, 3 [pid 8903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8903] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8903] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8905] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8905] memfd_create("syzkaller", 0 [pid 8904] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8905] <... memfd_create resumed>) = 3 [pid 8905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8904] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] <... unlink resumed>) = 0 [pid 8904] <... mmap resumed>) = 0x7f6713892000 [pid 5063] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8904] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8904] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8900] <... ioctl resumed>) = 0 [pid 5063] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8904] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8900] close(3 [pid 8904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8900] <... close resumed>) = 0 [pid 8904] <... clone3 resumed> => {parent_tid=[8906]}, 88) = 8906 [pid 8900] close(4 [pid 5063] newfstatat(AT_FDCWD, "./385/file0", [pid 8904] rt_sigprocmask(SIG_SETMASK, [], [pid 8900] <... close resumed>) = 0 ./strace-static-x86_64: Process 8906 attached [pid 8904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8900] mkdir("./file0", 0777 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8906] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8904] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8906] <... rseq resumed>) = 0 [pid 8904] <... futex resumed>) = 0 [pid 8902] <... write resumed>) = 2097152 [pid 8900] <... mkdir resumed>) = 0 [pid 8906] set_robust_list(0x7f67138b29a0, 24 [pid 8904] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8906] <... set_robust_list resumed>) = 0 [pid 8906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8906] memfd_create("syzkaller", 0 [pid 8900] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8906] <... memfd_create resumed>) = 3 [pid 8902] munmap(0x7f670b400000, 138412032 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 313.570351][ T8900] loop4: detected capacity change from 0 to 4096 [pid 8906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8902] <... munmap resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8906] <... mmap resumed>) = 0x7f670b400000 [pid 8905] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./385/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 8902] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] <... close resumed>) = 0 [pid 8902] <... openat resumed>) = 4 [pid 5063] rmdir("./385" [pid 8902] ioctl(4, LOOP_SET_FD, 3 [pid 8905] <... write resumed>) = 2097152 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./386", 0777 [pid 8905] munmap(0x7f670b400000, 138412032 [pid 5063] <... mkdir resumed>) = 0 [pid 8902] <... ioctl resumed>) = 0 [pid 8902] close(3) = 0 [pid 8902] close(4) = 0 [pid 8902] mkdir("./file0", 0777 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8902] <... mkdir resumed>) = 0 [pid 8902] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8905] <... munmap resumed>) = 0 [pid 8905] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8905] ioctl(4, LOOP_SET_FD, 3 [pid 8906] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8905] <... ioctl resumed>) = 0 [pid 8900] <... mount resumed>) = 0 [pid 8900] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8905] close(3) = 0 [pid 8900] chdir("./file0" [pid 8905] close(4 [pid 8900] <... chdir resumed>) = 0 [pid 8905] <... close resumed>) = 0 [pid 8905] mkdir("./file0", 0777) = 0 [pid 8902] <... mount resumed>) = 0 [pid 8902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8902] chdir("./file0") = 0 [pid 8902] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8902] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8901] <... futex resumed>) = 0 [pid 8902] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8901] exit_group(0 [pid 8902] <... futex resumed>) = ? [pid 8901] <... exit_group resumed>) = ? [pid 8902] +++ exited with 0 +++ [pid 8901] +++ exited with 0 +++ [ 313.659695][ T8902] loop2: detected capacity change from 0 to 4096 [ 313.697362][ T8905] loop3: detected capacity change from 0 to 4096 [pid 8905] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8901, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8900] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8900] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8900] <... futex resumed>) = 1 [pid 8899] <... futex resumed>) = 0 [pid 8900] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8899] exit_group(0 [pid 5064] <... openat resumed>) = 3 [pid 8899] <... exit_group resumed>) = ? [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8900] <... futex resumed>) = ? [pid 5064] umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./383/binderfs") = 0 [pid 8900] +++ exited with 0 +++ [pid 8899] +++ exited with 0 +++ [pid 5064] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8899, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 5066] umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./379/binderfs") = 0 [pid 5066] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8905] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5064] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8905] <... openat resumed>) = 3 [pid 5064] newfstatat(AT_FDCWD, "./383/file0", [pid 8905] chdir("./file0" [pid 5066] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] close(3 [pid 8905] <... chdir resumed>) = 0 [pid 5064] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 8905] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8905] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] newfstatat(AT_FDCWD, "./379/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "./383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8907 attached [pid 8905] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 4 [pid 8907] set_robust_list(0x5555569076a0, 24 [pid 8905] <... futex resumed>) = 1 [pid 8903] <... futex resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(4, "", [pid 8907] <... set_robust_list resumed>) = 0 [pid 8905] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8903] exit_group(0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8907 [pid 8905] <... futex resumed>) = ? [pid 8903] <... exit_group resumed>) = ? [pid 5066] openat(AT_FDCWD, "./379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(4, [pid 8907] chdir("./386" [pid 5066] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] newfstatat(4, "", [pid 5064] getdents64(4, [pid 8906] <... write resumed>) = 2097152 [pid 8905] +++ exited with 0 +++ [pid 8907] <... chdir resumed>) = 0 [pid 8903] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8907] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] getdents64(4, [pid 5064] close(4 [pid 8907] <... prctl resumed>) = 0 [pid 8906] munmap(0x7f670b400000, 138412032 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8903, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5064] <... close resumed>) = 0 [pid 8907] setpgid(0, 0 [pid 8906] <... munmap resumed>) = 0 [pid 5066] getdents64(4, [pid 5065] umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] rmdir("./383/file0" [pid 8907] <... setpgid resumed>) = 0 [pid 8907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8907] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 8907] write(3, "1000", 4) = 4 [pid 8907] close(3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(3, [pid 8907] <... close resumed>) = 0 [pid 5066] close(4 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8907] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... close resumed>) = 0 [pid 5065] umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8907] <... symlink resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] rmdir("./379/file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... rmdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./381/binderfs", [pid 5064] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] unlink("./381/binderfs" [pid 5064] close(3 [pid 8907] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] getdents64(3, [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8907] <... futex resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] rmdir("./383" [pid 8907] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] close(3 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8906] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... close resumed>) = 0 [pid 8907] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8906] <... openat resumed>) = 4 [pid 5066] rmdir("./379" [pid 5064] mkdir("./384", 0777 [pid 5065] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8906] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... mkdir resumed>) = 0 [pid 8907] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8907] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8906] <... ioctl resumed>) = 0 [pid 5066] mkdir("./380", 0777 [pid 5065] newfstatat(AT_FDCWD, "./381/file0", [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8907] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8908 attached [pid 8908] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8907] <... clone3 resumed> => {parent_tid=[8908]}, 88) = 8908 [pid 8908] <... rseq resumed>) = 0 [pid 8907] rt_sigprocmask(SIG_SETMASK, [], [pid 8908] set_robust_list(0x7f67138b29a0, 24 [pid 8907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8907] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8908] <... set_robust_list resumed>) = 0 [pid 8907] <... futex resumed>) = 0 [pid 8908] rt_sigprocmask(SIG_SETMASK, [], [pid 8907] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5066] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] openat(AT_FDCWD, "./381/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./381/file0" [pid 8908] memfd_create("syzkaller", 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8908] <... memfd_create resumed>) = 3 [pid 5065] close(3 [pid 8908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... close resumed>) = 0 [pid 8908] <... mmap resumed>) = 0x7f670b400000 [pid 5065] rmdir("./381") = 0 [pid 8906] close(3) = 0 [pid 8906] close(4) = 0 [pid 8906] mkdir("./file0", 0777) = 0 [pid 5065] mkdir("./382", 0777) = 0 [pid 8906] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 313.848433][ T8906] loop0: detected capacity change from 0 to 4096 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8908] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8906] <... mount resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 8906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8906] chdir("./file0") = 0 [pid 8906] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] close(3 [pid 5064] close(3 [pid 8906] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8906] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8909 attached [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8910 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8909 [pid 8909] set_robust_list(0x5555569076a0, 24 [pid 8906] <... futex resumed>) = 1 [pid 8904] <... futex resumed>) = 0 [pid 8909] <... set_robust_list resumed>) = 0 [pid 8909] chdir("./384"./strace-static-x86_64: Process 8910 attached ) = 0 [pid 8906] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8904] exit_group(0 [pid 8909] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8904] <... exit_group resumed>) = ? [pid 8910] set_robust_list(0x5555569076a0, 24 [pid 8909] <... prctl resumed>) = 0 [pid 8910] <... set_robust_list resumed>) = 0 [pid 8909] setpgid(0, 0) = 0 [pid 8909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8910] chdir("./380" [pid 8909] <... openat resumed>) = 3 [pid 8909] write(3, "1000", 4 [pid 8906] <... futex resumed>) = ? [pid 8909] <... write resumed>) = 4 [pid 8909] close(3) = 0 [pid 8909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8906] +++ exited with 0 +++ [pid 8904] +++ exited with 0 +++ [pid 8910] <... chdir resumed>) = 0 [pid 8909] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8910] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8909] <... futex resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8904, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8910] <... prctl resumed>) = 0 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 8910] setpgid(0, 0 [pid 8909] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... restart_syscall resumed>) = 0 [pid 8909] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8909] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8910] <... setpgid resumed>) = 0 [pid 8909] <... mprotect resumed>) = 0 [pid 8909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8908] <... write resumed>) = 2097152 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8911 attached [pid 8910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... openat resumed>) = 3 [pid 8911] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8909] <... clone3 resumed> => {parent_tid=[8911]}, 88) = 8911 [pid 8908] munmap(0x7f670b400000, 138412032 [pid 8910] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 8911] <... rseq resumed>) = 0 [pid 8910] write(3, "1000", 4 [pid 8909] rt_sigprocmask(SIG_SETMASK, [], [pid 8908] <... munmap resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8911] set_robust_list(0x7f67138b29a0, 24 [pid 8910] <... write resumed>) = 4 [pid 5062] getdents64(3, [pid 8910] close(3 [pid 8909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8910] <... close resumed>) = 0 [pid 8909] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8909] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8910] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... ioctl resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./378/binderfs", [pid 8911] <... set_robust_list resumed>) = 0 [pid 8910] <... symlink resumed>) = 0 [pid 5065] close(3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8911] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... close resumed>) = 0 [pid 5062] unlink("./378/binderfs" [pid 8911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8911] memfd_create("syzkaller", 0 [pid 5062] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8908] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8910] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8908] <... openat resumed>) = 4 [pid 8911] <... memfd_create resumed>) = 3 [pid 8908] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 8912 attached [pid 8910] <... futex resumed>) = 0 [pid 8912] set_robust_list(0x5555569076a0, 24 [pid 8911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8910] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8912 [pid 8910] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8911] <... mmap resumed>) = 0x7f670b400000 [pid 8910] <... mmap resumed>) = 0x7f6713892000 [pid 8912] <... set_robust_list resumed>) = 0 [pid 8910] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8908] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8912] chdir("./382" [pid 8910] <... mprotect resumed>) = 0 [pid 8912] <... chdir resumed>) = 0 [pid 8910] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8908] close(3 [pid 8912] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8908] <... close resumed>) = 0 [pid 8912] <... prctl resumed>) = 0 [pid 8912] setpgid(0, 0 [pid 8910] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8908] close(4 [pid 5062] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8912] <... setpgid resumed>) = 0 [pid 8910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8908] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8908] mkdir("./file0", 0777 [pid 5062] newfstatat(AT_FDCWD, "./378/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8913 attached ) = -1 EINVAL (Invalid argument) [pid 8913] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] openat(AT_FDCWD, "./378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8913] <... rseq resumed>) = 0 [pid 8913] set_robust_list(0x7f67138b29a0, 24 [pid 8912] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 4 [pid 8913] <... set_robust_list resumed>) = 0 [pid 8912] write(3, "1000", 4 [pid 8910] <... clone3 resumed> => {parent_tid=[8913]}, 88) = 8913 [pid 5062] newfstatat(4, "", [pid 8913] rt_sigprocmask(SIG_SETMASK, [], [pid 8912] <... write resumed>) = 4 [pid 8910] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] getdents64(4, [pid 8913] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8912] close(3 [pid 8910] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8912] <... close resumed>) = 0 [pid 8910] <... futex resumed>) = 0 [pid 8908] <... mkdir resumed>) = 0 [pid 5062] getdents64(4, [pid 8913] memfd_create("syzkaller", 0 [pid 8910] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8908] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8912] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./378/file0" [pid 8912] <... symlink resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8912] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8913] <... memfd_create resumed>) = 3 [pid 5062] close(3 [pid 8912] <... futex resumed>) = 0 [pid 8913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8912] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... close resumed>) = 0 [pid 8912] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8913] <... mmap resumed>) = 0x7f670b400000 [ 314.037213][ T8908] loop1: detected capacity change from 0 to 4096 [pid 5062] rmdir("./378" [pid 8912] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... rmdir resumed>) = 0 [pid 8912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5062] mkdir("./379", 0777 [pid 8912] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8911] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 8914 attached [pid 5062] <... openat resumed>) = 3 [pid 8914] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8912] <... clone3 resumed> => {parent_tid=[8914]}, 88) = 8914 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8914] <... rseq resumed>) = 0 [pid 8912] rt_sigprocmask(SIG_SETMASK, [], [pid 8914] set_robust_list(0x7f67138b29a0, 24 [pid 8912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8914] <... set_robust_list resumed>) = 0 [pid 8914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8912] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8914] memfd_create("syzkaller", 0 [pid 8912] <... futex resumed>) = 0 [pid 8912] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8914] <... memfd_create resumed>) = 3 [pid 8914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8911] <... write resumed>) = 2097152 [pid 8911] munmap(0x7f670b400000, 138412032) = 0 [pid 8911] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8911] ioctl(4, LOOP_SET_FD, 3 [pid 8913] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8914] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8915 ./strace-static-x86_64: Process 8915 attached [pid 8915] set_robust_list(0x5555569076a0, 24 [pid 8911] <... ioctl resumed>) = 0 [pid 8911] close(3) = 0 [pid 8915] <... set_robust_list resumed>) = 0 [pid 8911] close(4 [pid 8915] chdir("./379" [pid 8908] <... mount resumed>) = 0 [pid 8911] <... close resumed>) = 0 [pid 8908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8911] mkdir("./file0", 0777 [pid 8908] <... openat resumed>) = 3 [pid 8915] <... chdir resumed>) = 0 [pid 8911] <... mkdir resumed>) = 0 [pid 8908] chdir("./file0" [pid 8911] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8908] <... chdir resumed>) = 0 [pid 8915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 314.181780][ T8911] loop2: detected capacity change from 0 to 4096 [pid 8908] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8915] setpgid(0, 0 [pid 8908] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8915] <... setpgid resumed>) = 0 [pid 8908] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8908] <... futex resumed>) = 1 [pid 8907] <... futex resumed>) = 0 [pid 8915] <... openat resumed>) = 3 [pid 8907] exit_group(0) = ? [pid 8915] write(3, "1000", 4) = 4 [pid 8915] close(3) = 0 [pid 8915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8915] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8915] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8915] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8908] +++ exited with 0 +++ [pid 8907] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8907, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 8915] <... mmap resumed>) = 0x7f6713892000 [pid 8915] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8913] <... write resumed>) = 2097152 [pid 5063] umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8915] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8915] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8913] munmap(0x7f670b400000, 138412032 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8916 attached [pid 5063] getdents64(3, [pid 8916] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8915] <... clone3 resumed> => {parent_tid=[8916]}, 88) = 8916 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8916] <... rseq resumed>) = 0 [pid 8914] <... write resumed>) = 2097152 [pid 8916] set_robust_list(0x7f67138b29a0, 24 [pid 8915] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8916] <... set_robust_list resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8916] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] newfstatat(AT_FDCWD, "./386/binderfs", [pid 8915] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8916] <... futex resumed>) = 0 [pid 8915] <... futex resumed>) = 1 [pid 8914] munmap(0x7f670b400000, 138412032 [pid 8915] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] unlink("./386/binderfs" [pid 8916] memfd_create("syzkaller", 0 [pid 8914] <... munmap resumed>) = 0 [pid 8913] <... munmap resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8916] <... memfd_create resumed>) = 3 [pid 8913] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8911] <... mount resumed>) = 0 [pid 5063] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8913] <... openat resumed>) = 4 [pid 8914] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] <... umount2 resumed>) = 0 [pid 8913] ioctl(4, LOOP_SET_FD, 3 [pid 8914] <... openat resumed>) = 4 [pid 8913] <... ioctl resumed>) = 0 [pid 8911] <... openat resumed>) = 3 [pid 5063] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8914] ioctl(4, LOOP_SET_FD, 3 [pid 8913] close(3 [pid 8911] chdir("./file0" [pid 8913] <... close resumed>) = 0 [pid 8913] close(4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8913] <... close resumed>) = 0 [pid 8913] mkdir("./file0", 0777 [pid 8916] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8914] <... ioctl resumed>) = 0 [pid 8911] <... chdir resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./386/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8914] close(3 [pid 8911] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8914] <... close resumed>) = 0 [pid 8914] close(4 [pid 8911] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8914] <... close resumed>) = 0 [pid 8913] <... mkdir resumed>) = 0 [pid 8911] <... futex resumed>) = 1 [pid 8909] <... futex resumed>) = 0 [pid 5063] getdents64(4, [pid 8914] mkdir("./file0", 0777 [pid 8911] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8909] exit_group(0 [pid 8913] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8911] <... futex resumed>) = ? [pid 8909] <... exit_group resumed>) = ? [pid 8914] <... mkdir resumed>) = 0 [pid 8914] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8911] +++ exited with 0 +++ [pid 8909] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8909, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [ 314.315458][ T8913] loop4: detected capacity change from 0 to 4096 [ 314.327609][ T8914] loop3: detected capacity change from 0 to 4096 [pid 5064] umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./384/binderfs", [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] getdents64(4, [pid 5064] unlink("./384/binderfs" [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4 [pid 5064] <... unlink resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5064] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] rmdir("./386/file0") = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./386") = 0 [pid 5064] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./384/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] mkdir("./387", 0777 [pid 5064] openat(AT_FDCWD, "./384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 5063] <... mkdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./384/file0" [pid 8916] <... write resumed>) = 2097152 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 8916] munmap(0x7f670b400000, 138412032 [pid 8914] <... mount resumed>) = 0 [pid 8913] <... mount resumed>) = 0 [pid 8914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8914] <... openat resumed>) = 3 [pid 5064] close(3 [pid 8914] chdir("./file0" [pid 5064] <... close resumed>) = 0 [pid 8914] <... chdir resumed>) = 0 [pid 5064] rmdir("./384" [pid 8914] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8914] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... rmdir resumed>) = 0 [pid 8913] <... openat resumed>) = 3 [pid 8914] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8913] chdir("./file0" [pid 5064] mkdir("./385", 0777 [pid 8914] <... futex resumed>) = 1 [pid 8913] <... chdir resumed>) = 0 [pid 8912] <... futex resumed>) = 0 [pid 8914] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8913] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8912] exit_group(0 [pid 5064] <... mkdir resumed>) = 0 [pid 8914] <... futex resumed>) = ? [pid 8913] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8912] <... exit_group resumed>) = ? [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8914] +++ exited with 0 +++ [pid 8913] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8912] +++ exited with 0 +++ [pid 5064] <... openat resumed>) = 3 [pid 8916] <... munmap resumed>) = 0 [pid 8913] <... futex resumed>) = 1 [pid 8910] <... futex resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8912, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8916] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8913] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8910] exit_group(0 [pid 8913] <... futex resumed>) = ? [pid 8910] <... exit_group resumed>) = ? [pid 8913] +++ exited with 0 +++ [pid 5065] umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8916] <... openat resumed>) = 4 [pid 8910] +++ exited with 0 +++ [pid 5065] openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8910, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 8916] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./380/binderfs") = 0 [pid 5066] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 8916] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... ioctl resumed>) = 0 [pid 5066] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./380/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./380/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./380/file0") = 0 [pid 5065] umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(3, [pid 5065] newfstatat(AT_FDCWD, "./382/binderfs", [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(3 [pid 5065] unlink("./382/binderfs" [pid 5066] <... close resumed>) = 0 [pid 8916] close(3 [pid 5066] rmdir("./380" [pid 5065] <... unlink resumed>) = 0 [pid 8916] <... close resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8916] close(4) = 0 [pid 8916] mkdir("./file0", 0777 [ 314.463323][ T8916] loop0: detected capacity change from 0 to 4096 [pid 5066] mkdir("./381", 0777 [pid 8916] <... mkdir resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 8916] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5065] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./382/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./382/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 5065] close(4 [pid 5063] close(3 [pid 5065] <... close resumed>) = 0 [pid 8916] <... mount resumed>) = 0 [pid 5065] rmdir("./382/file0" [pid 5063] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 8917 [pid 5065] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8917 attached [pid 8916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] getdents64(3, [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8918 attached [pid 8917] set_robust_list(0x5555569076a0, 24 [pid 8916] <... openat resumed>) = 3 [pid 5065] close(3 [pid 8916] chdir("./file0" [pid 5065] <... close resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8918 [pid 8918] set_robust_list(0x5555569076a0, 24 [pid 8917] <... set_robust_list resumed>) = 0 [pid 8916] <... chdir resumed>) = 0 [pid 8918] <... set_robust_list resumed>) = 0 [pid 8917] chdir("./385" [pid 8916] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] rmdir("./382" [pid 8918] chdir("./387") = 0 [pid 8917] <... chdir resumed>) = 0 [pid 8916] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... rmdir resumed>) = 0 [pid 8918] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8917] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8916] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] mkdir("./383", 0777 [pid 8918] <... prctl resumed>) = 0 [pid 8917] <... prctl resumed>) = 0 [pid 8916] <... futex resumed>) = 1 [pid 8918] setpgid(0, 0 [pid 8917] setpgid(0, 0 [pid 8916] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8915] <... futex resumed>) = 0 [pid 8918] <... setpgid resumed>) = 0 [pid 8917] <... setpgid resumed>) = 0 [pid 8915] exit_group(0 [pid 5065] <... mkdir resumed>) = 0 [pid 8915] <... exit_group resumed>) = ? [pid 8917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8916] <... futex resumed>) = ? [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8917] <... openat resumed>) = 3 [pid 8918] <... openat resumed>) = 3 [pid 8917] write(3, "1000", 4 [pid 8916] +++ exited with 0 +++ [pid 8915] +++ exited with 0 +++ [pid 5066] <... ioctl resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 8918] write(3, "1000", 4 [pid 8917] <... write resumed>) = 4 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8918] <... write resumed>) = 4 [pid 8917] close(3 [pid 8918] close(3 [pid 8917] <... close resumed>) = 0 [pid 8918] <... close resumed>) = 0 [pid 8917] symlink("/dev/binderfs", "./binderfs" [pid 8918] symlink("/dev/binderfs", "./binderfs" [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8915, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5062] umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8917] <... symlink resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 8918] <... symlink resumed>) = 0 [pid 8917] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8918] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8917] <... futex resumed>) = 0 [pid 5066] close(3 [pid 5062] getdents64(3, [pid 8918] <... futex resumed>) = 0 [pid 8917] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... close resumed>) = 0 [pid 8918] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8917] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8918] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8917] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8919 attached [pid 8918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] newfstatat(AT_FDCWD, "./379/binderfs", [pid 8919] set_robust_list(0x5555569076a0, 24 [pid 8917] <... mmap resumed>) = 0x7f6713892000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8919] <... set_robust_list resumed>) = 0 [pid 5062] unlink("./379/binderfs" [pid 8918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8917] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8919] chdir("./381" [pid 8918] <... mmap resumed>) = 0x7f6713892000 [pid 8917] <... mprotect resumed>) = 0 [pid 8919] <... chdir resumed>) = 0 [pid 8918] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8917] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... unlink resumed>) = 0 [pid 8919] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8917] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8919 [pid 5062] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8919] <... prctl resumed>) = 0 [pid 8918] <... mprotect resumed>) = 0 [pid 8917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8919] setpgid(0, 0 [pid 8918] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8917] <... clone3 resumed> => {parent_tid=[8920]}, 88) = 8920 [pid 8917] rt_sigprocmask(SIG_SETMASK, [], [pid 8918] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8917] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8920 attached [pid 8919] <... setpgid resumed>) = 0 [pid 8917] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8921 attached [pid 8917] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8921] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8920] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8918] <... clone3 resumed> => {parent_tid=[8921]}, 88) = 8921 [pid 5062] <... umount2 resumed>) = 0 [pid 8921] <... rseq resumed>) = 0 [pid 8920] <... rseq resumed>) = 0 [pid 8918] rt_sigprocmask(SIG_SETMASK, [], [pid 8921] set_robust_list(0x7f67138b29a0, 24 [pid 8919] <... openat resumed>) = 3 [pid 8920] set_robust_list(0x7f67138b29a0, 24 [pid 8918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8920] <... set_robust_list resumed>) = 0 [pid 8920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8919] write(3, "1000", 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8919] <... write resumed>) = 4 [pid 5062] newfstatat(AT_FDCWD, "./379/file0", [pid 8921] <... set_robust_list resumed>) = 0 [pid 8920] memfd_create("syzkaller", 0 [pid 8919] close(3 [pid 8918] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8921] rt_sigprocmask(SIG_SETMASK, [], [pid 8920] <... memfd_create resumed>) = 3 [pid 8919] <... close resumed>) = 0 [pid 8918] <... futex resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 8921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8919] symlink("/dev/binderfs", "./binderfs" [pid 8918] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8921] memfd_create("syzkaller", 0 [pid 8920] <... mmap resumed>) = 0x7f670b400000 [pid 8919] <... symlink resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8921] <... memfd_create resumed>) = 3 [pid 5065] close(3 [pid 5062] <... openat resumed>) = 4 [pid 8921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... close resumed>) = 0 [pid 8921] <... mmap resumed>) = 0x7f670b400000 [pid 8919] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] newfstatat(4, "", [pid 8919] <... futex resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8919] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] getdents64(4, [pid 8919] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] getdents64(4, [pid 8919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5062] close(4 [pid 8919] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] <... close resumed>) = 0 [pid 8919] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] rmdir("./379/file0" [pid 8919] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] getdents64(3, [pid 8919] <... clone3 resumed> => {parent_tid=[8922]}, 88) = 8922 [pid 8919] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] close(3 [pid 8919] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... close resumed>) = 0 [pid 8919] <... futex resumed>) = 0 [pid 5062] rmdir("./379"./strace-static-x86_64: Process 8922 attached [pid 8919] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... rmdir resumed>) = 0 [pid 8922] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8922] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8922] memfd_create("syzkaller", 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] mkdir("./380", 0777 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8923 [pid 5062] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8923 attached [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8923] set_robust_list(0x5555569076a0, 24 [pid 8922] <... memfd_create resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 8923] <... set_robust_list resumed>) = 0 [pid 8922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8923] chdir("./383" [pid 8922] <... mmap resumed>) = 0x7f670b400000 [pid 8920] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8923] <... chdir resumed>) = 0 [pid 8923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8923] setpgid(0, 0) = 0 [pid 8923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8923] write(3, "1000", 4) = 4 [pid 8923] close(3) = 0 [pid 8923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8923] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8923] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8923] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8924 attached => {parent_tid=[8924]}, 88) = 8924 [pid 8921] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8924] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8923] rt_sigprocmask(SIG_SETMASK, [], [pid 8924] <... rseq resumed>) = 0 [pid 8923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8924] set_robust_list(0x7f67138b29a0, 24 [pid 8923] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8924] <... set_robust_list resumed>) = 0 [pid 8923] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8924] memfd_create("syzkaller", 0) = 3 [pid 8924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8920] <... write resumed>) = 2097152 [pid 8922] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8920] munmap(0x7f670b400000, 138412032) = 0 [pid 8920] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8920] ioctl(4, LOOP_SET_FD, 3 [pid 8921] <... write resumed>) = 2097152 [pid 8921] munmap(0x7f670b400000, 138412032) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8920] <... ioctl resumed>) = 0 [pid 8920] close(3) = 0 [pid 8920] close(4) = 0 [pid 8920] mkdir("./file0", 0777./strace-static-x86_64: Process 8925 attached [pid 8924] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8920] <... mkdir resumed>) = 0 [pid 8925] set_robust_list(0x5555569076a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8925 [pid 8925] <... set_robust_list resumed>) = 0 [pid 8925] chdir("./380") = 0 [pid 8920] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8921] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8925] setpgid(0, 0) = 0 [pid 8925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 314.794427][ T8920] loop2: detected capacity change from 0 to 4096 [pid 8921] ioctl(4, LOOP_SET_FD, 3 [pid 8925] write(3, "1000", 4) = 4 [pid 8925] close(3) = 0 [pid 8925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8925] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8925] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8921] <... ioctl resumed>) = 0 [pid 8925] <... mmap resumed>) = 0x7f6713892000 [pid 8925] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8925] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8922] <... write resumed>) = 2097152 [pid 8925] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8926 attached [pid 8926] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8926] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8926] rt_sigprocmask(SIG_SETMASK, [], [pid 8925] <... clone3 resumed> => {parent_tid=[8926]}, 88) = 8926 [pid 8926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8926] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8925] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8926] <... futex resumed>) = 0 [pid 8925] <... futex resumed>) = 1 [pid 8926] memfd_create("syzkaller", 0 [pid 8925] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8924] <... write resumed>) = 2097152 [pid 8922] munmap(0x7f670b400000, 138412032) = 0 [pid 8921] close(3 [pid 8926] <... memfd_create resumed>) = 3 [pid 8926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8922] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8921] <... close resumed>) = 0 [ 314.838919][ T8921] loop1: detected capacity change from 0 to 4096 [pid 8921] close(4) = 0 [pid 8921] mkdir("./file0", 0777 [pid 8924] munmap(0x7f670b400000, 138412032) = 0 [pid 8921] <... mkdir resumed>) = 0 [pid 8922] <... openat resumed>) = 4 [pid 8922] ioctl(4, LOOP_SET_FD, 3 [pid 8921] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8920] <... mount resumed>) = 0 [pid 8924] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8924] <... openat resumed>) = 4 [pid 8920] <... openat resumed>) = 3 [pid 8920] chdir("./file0") = 0 [pid 8920] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8924] ioctl(4, LOOP_SET_FD, 3 [pid 8920] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8922] <... ioctl resumed>) = 0 [pid 8922] close(3) = 0 [pid 8920] <... futex resumed>) = 1 [pid 8917] <... futex resumed>) = 0 [pid 8922] close(4 [pid 8920] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8917] exit_group(0 [pid 8922] <... close resumed>) = 0 [pid 8926] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8922] mkdir("./file0", 0777 [pid 8920] <... futex resumed>) = ? [pid 8917] <... exit_group resumed>) = ? [pid 8920] +++ exited with 0 +++ [pid 8924] <... ioctl resumed>) = 0 [pid 8922] <... mkdir resumed>) = 0 [pid 8924] close(3 [pid 8922] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8917] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8917, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8924] <... close resumed>) = 0 [pid 5064] umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8924] close(4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8924] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8924] mkdir("./file0", 0777 [pid 5064] <... openat resumed>) = 3 [pid 8924] <... mkdir resumed>) = 0 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8924] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./385/binderfs") = 0 [pid 5064] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 314.907401][ T8922] loop4: detected capacity change from 0 to 4096 [ 314.927765][ T8924] loop3: detected capacity change from 0 to 4096 [pid 5064] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./385/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8921] <... mount resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 8921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 8921] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8921] chdir("./file0") = 0 [pid 5064] getdents64(4, [pid 8921] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8921] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] close(4 [pid 8921] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 8921] <... futex resumed>) = 1 [pid 8918] <... futex resumed>) = 0 [pid 5064] rmdir("./385/file0" [pid 8921] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8918] exit_group(0 [pid 5064] <... rmdir resumed>) = 0 [pid 8921] <... futex resumed>) = ? [pid 8918] <... exit_group resumed>) = ? [pid 8921] +++ exited with 0 +++ [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./385") = 0 [pid 8918] +++ exited with 0 +++ [pid 5064] mkdir("./386", 0777) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8918, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8926] <... write resumed>) = 2097152 [pid 5063] openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8926] munmap(0x7f670b400000, 138412032 [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 8926] <... munmap resumed>) = 0 [pid 8924] <... mount resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8924] <... openat resumed>) = 3 [pid 8926] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8924] chdir("./file0" [pid 8922] <... mount resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8926] <... openat resumed>) = 4 [pid 5063] newfstatat(AT_FDCWD, "./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./387/binderfs" [pid 8926] ioctl(4, LOOP_SET_FD, 3 [pid 8924] <... chdir resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 8922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8922] <... openat resumed>) = 3 [pid 8922] chdir("./file0" [pid 8924] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8922] <... chdir resumed>) = 0 [pid 8926] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 8922] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8924] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8924] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8924] <... futex resumed>) = 1 [pid 8923] <... futex resumed>) = 0 [pid 8922] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] newfstatat(AT_FDCWD, "./387/file0", [pid 8924] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8923] exit_group(0 [pid 8922] <... futex resumed>) = 1 [pid 8923] <... exit_group resumed>) = ? [pid 8919] <... futex resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8926] close(3 [pid 8924] <... futex resumed>) = ? [pid 8922] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8919] exit_group(0 [pid 5063] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8926] <... close resumed>) = 0 [pid 8919] <... exit_group resumed>) = ? [pid 8922] <... futex resumed>) = ? [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8922] +++ exited with 0 +++ [pid 8919] +++ exited with 0 +++ [pid 8926] close(4 [pid 5063] openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8926] <... close resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8919, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5063] <... openat resumed>) = 4 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 8926] mkdir("./file0", 0777 [pid 5063] newfstatat(4, "", [pid 5066] <... restart_syscall resumed>) = 0 [pid 5066] umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8926] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] newfstatat(3, "", [pid 5063] getdents64(4, [pid 8926] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8924] +++ exited with 0 +++ [pid 8923] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] getdents64(4, [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8923, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5066] unlink("./381/binderfs") = 0 [pid 5066] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./387/file0" [pid 5065] umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] <... rmdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5063] close(3 [pid 5065] newfstatat(3, "", [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./387" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 315.060940][ T8926] loop0: detected capacity change from 0 to 4096 [pid 5063] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] mkdir("./388", 0777 [pid 5065] umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... mkdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] newfstatat(AT_FDCWD, "./383/binderfs", [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5065] unlink("./383/binderfs" [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... unlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./381/file0", [pid 5065] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./381/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./381/file0") = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] close(3 [pid 5066] getdents64(3, [pid 5064] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./383/file0", ./strace-static-x86_64: Process 8927 attached [pid 8927] set_robust_list(0x5555569076a0, 24 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8927] <... set_robust_list resumed>) = 0 [pid 5066] rmdir("./381" [pid 5065] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8927] chdir("./386") = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8927 [pid 8927] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] mkdir("./382", 0777 [pid 5065] <... openat resumed>) = 4 [pid 8927] <... prctl resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 8927] setpgid(0, 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8927] <... setpgid resumed>) = 0 [pid 5065] getdents64(4, [pid 5066] <... mkdir resumed>) = 0 [pid 8927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] getdents64(4, [pid 5066] <... openat resumed>) = 3 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... close resumed>) = 0 [pid 8927] <... openat resumed>) = 3 [pid 5065] rmdir("./383/file0" [pid 8927] write(3, "1000", 4 [pid 5065] <... rmdir resumed>) = 0 [pid 8927] <... write resumed>) = 4 [pid 5065] getdents64(3, [pid 8927] close(3) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8927] symlink("/dev/binderfs", "./binderfs" [pid 5065] close(3 [pid 8927] <... symlink resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 8927] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] rmdir("./383" [pid 8927] <... futex resumed>) = 0 [pid 8927] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8926] <... mount resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8927] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] close(3 [pid 8927] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] mkdir("./384", 0777./strace-static-x86_64: Process 8928 attached [pid 8927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8926] <... openat resumed>) = 3 [pid 5065] <... mkdir resumed>) = 0 [pid 8928] set_robust_list(0x5555569076a0, 24 [pid 8927] <... mmap resumed>) = 0x7f6713892000 [pid 8926] chdir("./file0" [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8928] <... set_robust_list resumed>) = 0 [pid 8927] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8926] <... chdir resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8926] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8928] chdir("./388" [pid 8927] <... mprotect resumed>) = 0 [pid 8926] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8928 [pid 8928] <... chdir resumed>) = 0 [pid 8926] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8928] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8926] <... futex resumed>) = 1 [pid 8925] <... futex resumed>) = 0 [pid 8928] <... prctl resumed>) = 0 [pid 8926] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8925] exit_group(0 [pid 8928] setpgid(0, 0 [pid 8927] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8926] <... futex resumed>) = ? [pid 8925] <... exit_group resumed>) = ? [pid 8928] <... setpgid resumed>) = 0 [pid 8926] +++ exited with 0 +++ [pid 8927] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 8929 attached ) = 3 [pid 8929] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8928] write(3, "1000", 4 [pid 8929] set_robust_list(0x7f67138b29a0, 24 [pid 8928] <... write resumed>) = 4 [pid 8929] <... set_robust_list resumed>) = 0 [pid 8928] close(3 [pid 8929] rt_sigprocmask(SIG_SETMASK, [], [pid 8928] <... close resumed>) = 0 [pid 8929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8928] symlink("/dev/binderfs", "./binderfs" [pid 8929] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8927] <... clone3 resumed> => {parent_tid=[8929]}, 88) = 8929 [pid 8928] <... symlink resumed>) = 0 [pid 8927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8925] +++ exited with 0 +++ [pid 8927] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8929] <... futex resumed>) = 0 [pid 8928] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8927] <... futex resumed>) = 1 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8925, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8927] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8929] memfd_create("syzkaller", 0 [pid 8928] <... futex resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8929] <... memfd_create resumed>) = 3 [pid 8928] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... ioctl resumed>) = 0 [pid 5062] umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8928] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8929] <... mmap resumed>) = 0x7f670b400000 [pid 8928] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] close(3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] unlink("./380/binderfs") = 0 [pid 5062] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8928] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8928] <... mprotect resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8928] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./380/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./380/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 8930 attached [pid 8928] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8930 [pid 5062] newfstatat(4, "", [pid 8930] set_robust_list(0x5555569076a0, 24 [pid 8928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8931 attached [pid 8930] <... set_robust_list resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 8931] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8930] chdir("./382" [pid 8928] <... clone3 resumed> => {parent_tid=[8931]}, 88) = 8931 [pid 5065] close(3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8931] <... rseq resumed>) = 0 [pid 8930] <... chdir resumed>) = 0 [pid 8929] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8928] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... close resumed>) = 0 [pid 5062] getdents64(4, [pid 8931] set_robust_list(0x7f67138b29a0, 24 [pid 8930] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8931] <... set_robust_list resumed>) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./380/file0"./strace-static-x86_64: Process 8932 attached [pid 8931] rt_sigprocmask(SIG_SETMASK, [], [pid 8928] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8930] <... prctl resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 8932] set_robust_list(0x5555569076a0, 24 [pid 8931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8930] setpgid(0, 0 [pid 8928] <... futex resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8932 [pid 8932] <... set_robust_list resumed>) = 0 [pid 8930] <... setpgid resumed>) = 0 [pid 8928] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8932] chdir("./384" [pid 5062] getdents64(3, [pid 8930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8932] <... chdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] close(3 [pid 8932] setpgid(0, 0 [pid 8931] memfd_create("syzkaller", 0 [pid 8930] <... openat resumed>) = 3 [pid 5062] <... close resumed>) = 0 [pid 8932] <... setpgid resumed>) = 0 [pid 8931] <... memfd_create resumed>) = 3 [pid 8930] write(3, "1000", 4 [pid 8932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8930] <... write resumed>) = 4 [pid 5062] rmdir("./380" [pid 8932] <... openat resumed>) = 3 [pid 8931] <... mmap resumed>) = 0x7f670b400000 [pid 8930] close(3 [pid 5062] <... rmdir resumed>) = 0 [pid 8932] write(3, "1000", 4) = 4 [pid 8932] close(3 [pid 8930] <... close resumed>) = 0 [pid 8932] <... close resumed>) = 0 [pid 8930] symlink("/dev/binderfs", "./binderfs" [pid 5062] mkdir("./381", 0777 [pid 8932] symlink("/dev/binderfs", "./binderfs" [pid 8930] <... symlink resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8932] <... symlink resumed>) = 0 [pid 8930] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8932] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8930] <... futex resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8932] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8930] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8932] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8930] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8932] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8932] <... mmap resumed>) = 0x7f6713892000 [pid 8932] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8930] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8932] <... mprotect resumed>) = 0 [pid 8930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8932] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8930] <... mmap resumed>) = 0x7f6713892000 [pid 8930] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8932] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8930] <... mprotect resumed>) = 0 [pid 8932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8930] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8932] <... clone3 resumed> => {parent_tid=[8933]}, 88) = 8933 [pid 8932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8932] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8932] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8933 attached [pid 8930] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8933] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8933] <... rseq resumed>) = 0 [pid 8933] set_robust_list(0x7f67138b29a0, 24./strace-static-x86_64: Process 8934 attached ) = 0 [pid 8934] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8933] rt_sigprocmask(SIG_SETMASK, [], [pid 8934] <... rseq resumed>) = 0 [pid 8933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8934] set_robust_list(0x7f67138b29a0, 24 [pid 8933] memfd_create("syzkaller", 0 [pid 8930] <... clone3 resumed> => {parent_tid=[8934]}, 88) = 8934 [pid 8934] <... set_robust_list resumed>) = 0 [pid 8934] rt_sigprocmask(SIG_SETMASK, [], [pid 8930] rt_sigprocmask(SIG_SETMASK, [], [pid 8934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8934] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8933] <... memfd_create resumed>) = 3 [pid 8930] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8934] <... futex resumed>) = 0 [pid 8933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8930] <... futex resumed>) = 1 [pid 8933] <... mmap resumed>) = 0x7f670b400000 [pid 8934] memfd_create("syzkaller", 0 [pid 8930] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8934] <... memfd_create resumed>) = 3 [pid 8929] <... write resumed>) = 2097152 [pid 8934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8929] munmap(0x7f670b400000, 138412032 [pid 8931] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8929] <... munmap resumed>) = 0 [pid 8929] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8929] ioctl(4, LOOP_SET_FD, 3 [pid 8934] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8929] <... ioctl resumed>) = 0 [pid 8929] close(3 [pid 5062] <... ioctl resumed>) = 0 [pid 8929] <... close resumed>) = 0 [pid 8933] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8929] close(4) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8929] mkdir("./file0", 0777 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8935 [pid 8929] <... mkdir resumed>) = 0 [pid 8931] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 8935 attached [pid 8935] set_robust_list(0x5555569076a0, 24) = 0 [pid 8935] chdir("./381") = 0 [pid 8935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8935] setpgid(0, 0) = 0 [pid 8935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8935] write(3, "1000", 4) = 4 [pid 8935] close(3) = 0 [pid 8935] symlink("/dev/binderfs", "./binderfs" [pid 8929] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8935] <... symlink resumed>) = 0 [ 315.418247][ T8929] loop2: detected capacity change from 0 to 4096 [pid 8935] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8931] munmap(0x7f670b400000, 138412032 [pid 8935] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8935] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8931] <... munmap resumed>) = 0 [pid 8935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8936]}, 88) = 8936 ./strace-static-x86_64: Process 8936 attached [pid 8935] rt_sigprocmask(SIG_SETMASK, [], [pid 8936] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8934] <... write resumed>) = 2097152 [pid 8935] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8936] <... rseq resumed>) = 0 [pid 8936] set_robust_list(0x7f67138b29a0, 24 [pid 8935] <... futex resumed>) = 0 [pid 8936] <... set_robust_list resumed>) = 0 [pid 8935] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8936] memfd_create("syzkaller", 0) = 3 [pid 8934] munmap(0x7f670b400000, 138412032 [pid 8933] <... write resumed>) = 2097152 [pid 8931] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8933] munmap(0x7f670b400000, 138412032 [pid 8931] <... openat resumed>) = 4 [pid 8936] <... mmap resumed>) = 0x7f670b400000 [pid 8934] <... munmap resumed>) = 0 [pid 8933] <... munmap resumed>) = 0 [pid 8929] <... mount resumed>) = 0 [pid 8931] ioctl(4, LOOP_SET_FD, 3 [pid 8934] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8934] <... openat resumed>) = 4 [pid 8929] chdir("./file0" [pid 8934] ioctl(4, LOOP_SET_FD, 3 [pid 8929] <... chdir resumed>) = 0 [pid 8933] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8933] ioctl(4, LOOP_SET_FD, 3 [pid 8934] <... ioctl resumed>) = 0 [pid 8929] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8934] close(3) = 0 [pid 8929] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8934] close(4 [pid 8929] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8927] <... futex resumed>) = 0 [pid 8931] <... ioctl resumed>) = 0 [pid 8929] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8927] exit_group(0 [pid 8931] close(3 [pid 8929] <... futex resumed>) = ? [pid 8927] <... exit_group resumed>) = ? [pid 8934] <... close resumed>) = 0 [pid 8934] mkdir("./file0", 0777 [pid 8931] <... close resumed>) = 0 [pid 8929] +++ exited with 0 +++ [pid 8931] close(4 [pid 8927] +++ exited with 0 +++ [pid 8931] <... close resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8927, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 8934] <... mkdir resumed>) = 0 [pid 8931] mkdir("./file0", 0777) = 0 [pid 8934] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8931] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8936] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./386/binderfs", [pid 8933] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8933] close(3 [pid 5064] unlink("./386/binderfs" [pid 8933] <... close resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8933] close(4 [pid 5064] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8933] <... close resumed>) = 0 [pid 8933] mkdir("./file0", 0777 [pid 5064] <... umount2 resumed>) = 0 [pid 8933] <... mkdir resumed>) = 0 [ 315.548566][ T8931] loop1: detected capacity change from 0 to 4096 [ 315.556595][ T8934] loop4: detected capacity change from 0 to 4096 [ 315.561099][ T8933] loop3: detected capacity change from 0 to 4096 [pid 8933] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5064] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./386/file0", [pid 8934] <... mount resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8934] chdir("./file0") = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8934] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] openat(AT_FDCWD, "./386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8934] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./386/file0" [pid 8934] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... rmdir resumed>) = 0 [pid 8934] <... futex resumed>) = 1 [pid 8930] <... futex resumed>) = 0 [pid 5064] getdents64(3, [pid 8934] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8930] exit_group(0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8934] <... futex resumed>) = ? [pid 8930] <... exit_group resumed>) = ? [pid 5064] close(3 [pid 8934] +++ exited with 0 +++ [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./386") = 0 [pid 8930] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8930, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5064] mkdir("./387", 0777 [pid 8936] <... write resumed>) = 2097152 [pid 8931] <... mount resumed>) = 0 [pid 8933] <... mount resumed>) = 0 [pid 5066] umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8936] munmap(0x7f670b400000, 138412032 [pid 5066] openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8933] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8933] chdir("./file0") = 0 [pid 8933] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5064] <... mkdir resumed>) = 0 [pid 8933] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 8933] <... futex resumed>) = 1 [pid 8932] <... futex resumed>) = 0 [pid 8931] <... openat resumed>) = 3 [pid 8932] exit_group(0 [pid 8931] chdir("./file0" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8933] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8931] <... chdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8931] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] newfstatat(3, "", [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8931] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8931] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8928] <... futex resumed>) = 0 [pid 5066] getdents64(3, [pid 8933] <... futex resumed>) = ? [pid 8932] <... exit_group resumed>) = ? [pid 8931] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8928] exit_group(0 [pid 8936] <... munmap resumed>) = 0 [pid 8933] +++ exited with 0 +++ [pid 8932] +++ exited with 0 +++ [pid 8931] <... futex resumed>) = ? [pid 8928] <... exit_group resumed>) = ? [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8931] +++ exited with 0 +++ [pid 5066] umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8932, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./382/binderfs", [pid 8936] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8928] +++ exited with 0 +++ [pid 5065] umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8936] <... openat resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8928, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8936] ioctl(4, LOOP_SET_FD, 3 [pid 5066] unlink("./382/binderfs" [pid 5065] openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 5063] umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5065] getdents64(3, [pid 5066] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(AT_FDCWD, "./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./388/binderfs") = 0 [pid 5063] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] unlink("./384/binderfs") = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5065] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./388/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 5066] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8936] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8936] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8936] <... close resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./382/file0", [pid 8936] close(4) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8936] mkdir("./file0", 0777 [pid 5066] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8936] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] close(4 [pid 8936] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] openat(AT_FDCWD, "./382/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5065] newfstatat(AT_FDCWD, "./384/file0", [pid 5063] rmdir("./388/file0" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] getdents64(4, [pid 5065] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 5063] getdents64(3, [pid 5066] getdents64(4, [pid 5065] openat(AT_FDCWD, "./384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... close resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] close(3./strace-static-x86_64: Process 8937 attached [pid 5066] close(4 [pid 5065] newfstatat(4, "", [pid 5063] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [ 315.717507][ T8936] loop0: detected capacity change from 0 to 4096 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8937 [pid 5063] rmdir("./388" [pid 8937] set_robust_list(0x5555569076a0, 24 [pid 5066] rmdir("./382/file0" [pid 5065] getdents64(4, [pid 8937] <... set_robust_list resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] mkdir("./389", 0777 [pid 8937] chdir("./387" [pid 5066] getdents64(3, [pid 5065] getdents64(4, [pid 8937] <... chdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8937] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] close(3 [pid 5065] close(4 [pid 8937] <... prctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 8937] setpgid(0, 0 [pid 5065] rmdir("./384/file0" [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... close resumed>) = 0 [pid 8937] <... setpgid resumed>) = 0 [pid 5066] rmdir("./382" [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5065] getdents64(3, [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] mkdir("./383", 0777 [pid 5065] close(3) = 0 [pid 8937] <... openat resumed>) = 3 [pid 5065] rmdir("./384") = 0 [pid 5065] mkdir("./385", 0777 [pid 8937] write(3, "1000", 4 [pid 5066] <... mkdir resumed>) = 0 [pid 8936] <... mount resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 8937] <... write resumed>) = 4 [pid 8936] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8937] close(3 [pid 8936] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8937] <... close resumed>) = 0 [pid 8936] chdir("./file0" [pid 5066] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 8937] symlink("/dev/binderfs", "./binderfs" [pid 8936] <... chdir resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8936] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8937] <... symlink resumed>) = 0 [pid 8937] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8936] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8937] <... futex resumed>) = 0 [pid 8936] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8937] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8936] <... futex resumed>) = 1 [pid 8935] <... futex resumed>) = 0 [pid 8937] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8936] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8935] exit_group(0 [pid 8937] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8936] <... futex resumed>) = ? [pid 8935] <... exit_group resumed>) = ? [pid 8937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8936] +++ exited with 0 +++ [pid 8937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8937] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8937] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8935] +++ exited with 0 +++ [pid 8937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8935, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- ./strace-static-x86_64: Process 8938 attached [pid 5063] <... ioctl resumed>) = 0 [pid 8938] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] close(3 [pid 8938] <... rseq resumed>) = 0 [pid 8937] <... clone3 resumed> => {parent_tid=[8938]}, 88) = 8938 [pid 8937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8937] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8938] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8938] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8937] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8938] memfd_create("syzkaller", 0 [pid 5063] <... close resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 8938] <... memfd_create resumed>) = 3 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] getdents64(3, [pid 8938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8939 attached [pid 8938] <... mmap resumed>) = 0x7f670b400000 [pid 8939] set_robust_list(0x5555569076a0, 24 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8939 [pid 5062] umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8939] <... set_robust_list resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8940 attached [pid 8939] chdir("./389" [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8940 [pid 5062] newfstatat(AT_FDCWD, "./381/binderfs", [pid 8940] set_robust_list(0x5555569076a0, 24) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8940] chdir("./383" [pid 8939] <... chdir resumed>) = 0 [pid 5062] unlink("./381/binderfs" [pid 8940] <... chdir resumed>) = 0 [pid 8940] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8939] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... unlink resumed>) = 0 [pid 8940] <... prctl resumed>) = 0 [pid 8939] <... prctl resumed>) = 0 [pid 5065] close(3 [pid 5062] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8940] setpgid(0, 0 [pid 8939] setpgid(0, 0 [pid 8940] <... setpgid resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 8940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8940] <... openat resumed>) = 3 [pid 8939] <... setpgid resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8940] write(3, "1000", 4 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8941 [pid 8940] <... write resumed>) = 4 [pid 8939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 8941 attached [pid 8940] close(3 [pid 8941] set_robust_list(0x5555569076a0, 24 [pid 8940] <... close resumed>) = 0 [pid 8941] <... set_robust_list resumed>) = 0 [pid 8940] symlink("/dev/binderfs", "./binderfs" [pid 5062] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8941] chdir("./385" [pid 8940] <... symlink resumed>) = 0 [pid 8939] <... openat resumed>) = 3 [pid 8941] <... chdir resumed>) = 0 [pid 8940] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8939] write(3, "1000", 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8941] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8940] <... futex resumed>) = 0 [pid 8939] <... write resumed>) = 4 [pid 8941] <... prctl resumed>) = 0 [pid 8940] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8939] close(3 [pid 5062] newfstatat(AT_FDCWD, "./381/file0", [pid 8941] setpgid(0, 0 [pid 8940] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8941] <... setpgid resumed>) = 0 [pid 8940] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8939] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8939] symlink("/dev/binderfs", "./binderfs" [pid 8941] <... openat resumed>) = 3 [pid 8940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8939] <... symlink resumed>) = 0 [pid 5062] umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8939] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8941] write(3, "1000", 4 [pid 8940] <... mmap resumed>) = 0x7f6713892000 [pid 5062] openat(AT_FDCWD, "./381/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8941] <... write resumed>) = 4 [pid 8940] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8939] <... futex resumed>) = 0 [pid 8941] close(3 [pid 8940] <... mprotect resumed>) = 0 [pid 8939] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... openat resumed>) = 4 [pid 8941] <... close resumed>) = 0 [pid 8939] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] newfstatat(4, "", [pid 8941] symlink("/dev/binderfs", "./binderfs" [pid 8940] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8939] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8941] <... symlink resumed>) = 0 [pid 5062] getdents64(4, [pid 8939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8941] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8940] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8941] <... futex resumed>) = 0 [pid 8940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8939] <... mmap resumed>) = 0x7f6713892000 [pid 5062] getdents64(4, ./strace-static-x86_64: Process 8942 attached [pid 8941] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8939] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 8939] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... close resumed>) = 0 [pid 8942] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8941] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8940] <... clone3 resumed> => {parent_tid=[8942]}, 88) = 8942 [pid 5062] rmdir("./381/file0" [pid 8939] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8942] <... rseq resumed>) = 0 [pid 8941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8940] rt_sigprocmask(SIG_SETMASK, [], [pid 8942] set_robust_list(0x7f67138b29a0, 24 [pid 8939] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... rmdir resumed>) = 0 [pid 8942] <... set_robust_list resumed>) = 0 [pid 8941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8942] rt_sigprocmask(SIG_SETMASK, [], [pid 8941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8940] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8943 attached [pid 8942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8939] <... clone3 resumed> => {parent_tid=[8943]}, 88) = 8943 [pid 5062] getdents64(3, [pid 8943] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8942] memfd_create("syzkaller", 0 [pid 8939] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8940] <... futex resumed>) = 0 [pid 8941] <... mmap resumed>) = 0x7f6713892000 [pid 8940] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8941] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8942] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 8944 attached [pid 8942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8944] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8943] <... rseq resumed>) = 0 [pid 8941] <... clone3 resumed> => {parent_tid=[8944]}, 88) = 8944 [pid 8939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] close(3 [pid 8944] <... rseq resumed>) = 0 [pid 8943] set_robust_list(0x7f67138b29a0, 24 [pid 8942] <... mmap resumed>) = 0x7f670b400000 [pid 8941] rt_sigprocmask(SIG_SETMASK, [], [pid 8939] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... close resumed>) = 0 [pid 8944] set_robust_list(0x7f67138b29a0, 24 [pid 8943] <... set_robust_list resumed>) = 0 [pid 8941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8939] <... futex resumed>) = 0 [pid 8938] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] rmdir("./381" [pid 8944] <... set_robust_list resumed>) = 0 [pid 8943] rt_sigprocmask(SIG_SETMASK, [], [pid 8941] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8939] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... rmdir resumed>) = 0 [pid 8944] rt_sigprocmask(SIG_SETMASK, [], [pid 8943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8941] <... futex resumed>) = 0 [pid 8944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8943] memfd_create("syzkaller", 0 [pid 8941] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] mkdir("./382", 0777 [pid 8944] memfd_create("syzkaller", 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8943] <... memfd_create resumed>) = 3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8944] <... memfd_create resumed>) = 3 [pid 8943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... openat resumed>) = 3 [pid 8944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8943] <... mmap resumed>) = 0x7f670b400000 [pid 8944] <... mmap resumed>) = 0x7f670b400000 [pid 8942] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8943] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8938] <... write resumed>) = 2097152 [pid 8938] munmap(0x7f670b400000, 138412032 [pid 8942] <... write resumed>) = 2097152 [pid 8944] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8942] munmap(0x7f670b400000, 138412032 [pid 8938] <... munmap resumed>) = 0 [pid 8938] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8938] ioctl(4, LOOP_SET_FD, 3 [pid 8942] <... munmap resumed>) = 0 [pid 8938] <... ioctl resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8942] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] close(3 [pid 8942] <... openat resumed>) = 4 [pid 5062] <... close resumed>) = 0 [pid 8942] ioctl(4, LOOP_SET_FD, 3 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8938] close(3./strace-static-x86_64: Process 8945 attached [pid 8942] <... ioctl resumed>) = 0 [pid 8938] <... close resumed>) = 0 [pid 8938] close(4 [pid 8942] close(3 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8945 [pid 8942] <... close resumed>) = 0 [pid 8938] <... close resumed>) = 0 [pid 8942] close(4 [pid 8945] set_robust_list(0x5555569076a0, 24 [pid 8938] mkdir("./file0", 0777 [pid 8942] <... close resumed>) = 0 [pid 8945] <... set_robust_list resumed>) = 0 [pid 8938] <... mkdir resumed>) = 0 [pid 8945] chdir("./382" [pid 8942] mkdir("./file0", 0777 [pid 8938] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8945] <... chdir resumed>) = 0 [pid 8945] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8944] <... write resumed>) = 2097152 [pid 8942] <... mkdir resumed>) = 0 [pid 8945] <... prctl resumed>) = 0 [pid 8945] setpgid(0, 0 [pid 8944] munmap(0x7f670b400000, 138412032 [pid 8942] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8945] <... setpgid resumed>) = 0 [pid 8945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8943] <... write resumed>) = 2097152 [ 316.059121][ T8938] loop2: detected capacity change from 0 to 4096 [ 316.077483][ T8942] loop4: detected capacity change from 0 to 4096 [pid 8945] <... openat resumed>) = 3 [pid 8945] write(3, "1000", 4) = 4 [pid 8945] close(3) = 0 [pid 8945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8945] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8944] <... munmap resumed>) = 0 [pid 8943] munmap(0x7f670b400000, 138412032 [pid 8945] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8945] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8944] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8945] <... mmap resumed>) = 0x7f6713892000 [pid 8945] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8944] <... openat resumed>) = 4 [pid 8938] <... mount resumed>) = 0 [pid 8945] <... mprotect resumed>) = 0 [pid 8944] ioctl(4, LOOP_SET_FD, 3 [pid 8942] <... mount resumed>) = 0 [pid 8938] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8943] <... munmap resumed>) = 0 [pid 8945] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8942] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8938] <... openat resumed>) = 3 [pid 8945] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8944] <... ioctl resumed>) = 0 [pid 8945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8942] <... openat resumed>) = 3 [pid 8944] close(3 [pid 8938] chdir("./file0"./strace-static-x86_64: Process 8946 attached [pid 8944] <... close resumed>) = 0 [pid 8943] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8942] chdir("./file0" [pid 8938] <... chdir resumed>) = 0 [pid 8946] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8945] <... clone3 resumed> => {parent_tid=[8946]}, 88) = 8946 [pid 8944] close(4 [pid 8943] <... openat resumed>) = 4 [pid 8942] <... chdir resumed>) = 0 [pid 8938] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8946] <... rseq resumed>) = 0 [pid 8945] rt_sigprocmask(SIG_SETMASK, [], [pid 8944] <... close resumed>) = 0 [pid 8943] ioctl(4, LOOP_SET_FD, 3 [pid 8942] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8946] set_robust_list(0x7f67138b29a0, 24 [pid 8945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8944] mkdir("./file0", 0777 [pid 8943] <... ioctl resumed>) = 0 [pid 8938] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8946] <... set_robust_list resumed>) = 0 [pid 8945] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8942] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8945] <... futex resumed>) = 0 [pid 8946] rt_sigprocmask(SIG_SETMASK, [], [pid 8945] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8944] <... mkdir resumed>) = 0 [pid 8942] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8938] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8938] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8937] <... futex resumed>) = 0 [pid 8944] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8937] exit_group(0 [pid 8946] memfd_create("syzkaller", 0 [pid 8942] <... futex resumed>) = 1 [pid 8940] <... futex resumed>) = 0 [pid 8942] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8940] exit_group(0 [pid 8938] <... futex resumed>) = ? [pid 8937] <... exit_group resumed>) = ? [pid 8946] <... memfd_create resumed>) = 3 [pid 8940] <... exit_group resumed>) = ? [pid 8938] +++ exited with 0 +++ [pid 8943] close(3 [pid 8946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8942] <... futex resumed>) = ? [pid 8937] +++ exited with 0 +++ [pid 8946] <... mmap resumed>) = 0x7f670b400000 [pid 8943] <... close resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8937, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 8943] close(4) = 0 [pid 8943] mkdir("./file0", 0777 [pid 5064] umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8943] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 316.151638][ T8944] loop3: detected capacity change from 0 to 4096 [ 316.179329][ T8943] loop1: detected capacity change from 0 to 4096 [pid 8942] +++ exited with 0 +++ [pid 8940] +++ exited with 0 +++ [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8943] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8940, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5064] umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./387/binderfs" [pid 5066] umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... unlink resumed>) = 0 [pid 8944] <... mount resumed>) = 0 [pid 8944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8944] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8944] chdir("./file0") = 0 [pid 5066] <... openat resumed>) = 3 [pid 8944] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] newfstatat(3, "", [pid 8944] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8944] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] getdents64(3, [pid 8944] <... futex resumed>) = 1 [pid 8941] <... futex resumed>) = 0 [pid 8944] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8941] exit_group(0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8944] <... futex resumed>) = ? [pid 8941] <... exit_group resumed>) = ? [pid 5066] umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8944] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./383/binderfs" [pid 8946] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8941] +++ exited with 0 +++ [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8941, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(3, "", [pid 5066] newfstatat(AT_FDCWD, "./383/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(AT_FDCWD, "./387/file0", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... openat resumed>) = 4 [pid 5065] newfstatat(AT_FDCWD, "./385/binderfs", [pid 5064] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(4, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] unlink("./385/binderfs" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5065] <... unlink resumed>) = 0 [pid 5064] getdents64(4, [pid 8943] <... mount resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5064] getdents64(4, [pid 8943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8943] <... openat resumed>) = 3 [pid 5066] close(4 [pid 5064] close(4 [pid 8943] chdir("./file0" [pid 5066] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8943] <... chdir resumed>) = 0 [pid 5066] rmdir("./383/file0" [pid 5064] rmdir("./387/file0" [pid 8943] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8943] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] getdents64(3, [pid 5064] getdents64(3, [pid 8943] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8943] <... futex resumed>) = 1 [pid 8939] <... futex resumed>) = 0 [pid 5066] close(3 [pid 5064] close(3 [pid 8943] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8939] exit_group(0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8943] <... futex resumed>) = ? [pid 8939] <... exit_group resumed>) = ? [pid 5066] rmdir("./383" [pid 8943] +++ exited with 0 +++ [pid 8939] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./387" [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./385/file0", [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8939, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8946] <... write resumed>) = 2097152 [pid 5066] mkdir("./384", 0777 [pid 5064] mkdir("./388", 0777 [pid 5063] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8946] munmap(0x7f670b400000, 138412032 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... mkdir resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8946] <... munmap resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 8946] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... openat resumed>) = 4 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8946] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5064] <... openat resumed>) = 3 [pid 5063] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8946] ioctl(4, LOOP_SET_FD, 3 [pid 5065] getdents64(4, [pid 5063] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8946] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8946] close(3 [pid 5065] getdents64(4, [pid 5063] newfstatat(AT_FDCWD, "./389/binderfs", [pid 8946] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8946] close(4 [pid 5065] close(4 [pid 8946] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... close resumed>) = 0 [pid 5063] unlink("./389/binderfs" [pid 5065] rmdir("./385/file0" [pid 8946] mkdir("./file0", 0777 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5063] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8946] <... mkdir resumed>) = 0 [pid 5065] getdents64(3, [pid 8946] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./385") = 0 [pid 5065] mkdir("./386", 0777) = 0 [pid 5063] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./389/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 316.361346][ T8946] loop0: detected capacity change from 0 to 4096 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./389/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 5066] <... ioctl resumed>) = 0 [pid 8946] <... mount resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] close(3 [pid 5063] rmdir("./389" [pid 5066] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] mkdir("./390", 0777 [pid 8946] <... openat resumed>) = 3 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 8946] chdir("./file0") = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8947 [pid 5064] close(3 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8946] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... close resumed>) = 0 ./strace-static-x86_64: Process 8947 attached [pid 8946] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... openat resumed>) = 3 [pid 8946] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8947] set_robust_list(0x5555569076a0, 24 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8947] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 8948 attached [pid 8947] chdir("./384" [pid 8946] <... futex resumed>) = 1 [pid 8945] <... futex resumed>) = 0 [pid 8948] set_robust_list(0x5555569076a0, 24 [pid 8947] <... chdir resumed>) = 0 [pid 8946] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8945] exit_group(0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8948 [pid 8948] <... set_robust_list resumed>) = 0 [pid 8947] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8946] <... futex resumed>) = ? [pid 8945] <... exit_group resumed>) = ? [pid 8948] chdir("./388" [pid 8947] <... prctl resumed>) = 0 [pid 8946] +++ exited with 0 +++ [pid 8948] <... chdir resumed>) = 0 [pid 8947] setpgid(0, 0 [pid 8948] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8947] <... setpgid resumed>) = 0 [pid 8948] <... prctl resumed>) = 0 [pid 8947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8945] +++ exited with 0 +++ [pid 8948] setpgid(0, 0) = 0 [pid 8947] write(3, "1000", 4) = 4 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8945, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8947] close(3) = 0 [pid 8947] symlink("/dev/binderfs", "./binderfs" [pid 8948] <... openat resumed>) = 3 [pid 8947] <... symlink resumed>) = 0 [pid 8948] write(3, "1000", 4 [pid 8947] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8947] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8948] <... write resumed>) = 4 [pid 8948] close(3 [pid 8947] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] <... openat resumed>) = 3 [pid 8948] <... close resumed>) = 0 [pid 8947] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] newfstatat(3, "", [pid 8948] symlink("/dev/binderfs", "./binderfs" [pid 8947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8947] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./382/binderfs", [pid 8947] <... clone3 resumed> => {parent_tid=[8949]}, 88) = 8949 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8947] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] unlink("./382/binderfs" [pid 8947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8947] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8949 attached [pid 8947] <... futex resumed>) = 0 [pid 8949] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8947] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8949] <... rseq resumed>) = 0 [pid 8948] <... symlink resumed>) = 0 [pid 8949] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8949] memfd_create("syzkaller", 0) = 3 [pid 8948] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8948] <... futex resumed>) = 0 [pid 8949] <... mmap resumed>) = 0x7f670b400000 [pid 5062] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8948] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./382/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8948] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8950 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./382/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, ./strace-static-x86_64: Process 8950 attached [pid 8948] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8950] set_robust_list(0x5555569076a0, 24 [pid 8948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5062] getdents64(4, [pid 8948] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 8950] <... set_robust_list resumed>) = 0 [pid 8948] <... mprotect resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./382/file0" [pid 8950] chdir("./386" [pid 8948] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... rmdir resumed>) = 0 [pid 8950] <... chdir resumed>) = 0 [pid 8948] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8950] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8950] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 8951 attached [pid 8950] setpgid(0, 0 [pid 5062] getdents64(3, [pid 8951] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8950] <... setpgid resumed>) = 0 [pid 8948] <... clone3 resumed> => {parent_tid=[8951]}, 88) = 8951 [pid 8951] <... rseq resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8951] set_robust_list(0x7f67138b29a0, 24 [pid 8950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8948] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] close(3 [pid 8951] <... set_robust_list resumed>) = 0 [pid 8950] <... openat resumed>) = 3 [pid 8948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... close resumed>) = 0 [pid 8951] rt_sigprocmask(SIG_SETMASK, [], [pid 8950] write(3, "1000", 4 [pid 8948] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... ioctl resumed>) = 0 [pid 5062] rmdir("./382" [pid 8950] <... write resumed>) = 4 [pid 8948] <... futex resumed>) = 0 [pid 8950] close(3 [pid 8948] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... rmdir resumed>) = 0 [pid 8950] <... close resumed>) = 0 [pid 8951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] mkdir("./383", 0777 [pid 8951] memfd_create("syzkaller", 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8950] symlink("/dev/binderfs", "./binderfs" [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8950] <... symlink resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8951] <... memfd_create resumed>) = 3 [pid 8950] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] close(3 [pid 8950] <... futex resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 8951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8950] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8951] <... mmap resumed>) = 0x7f670b400000 ./strace-static-x86_64: Process 8952 attached [pid 8950] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8952] set_robust_list(0x5555569076a0, 24 [pid 8950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8952 [pid 8952] <... set_robust_list resumed>) = 0 [pid 8950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8952] chdir("./390" [pid 8950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8950] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8952] <... chdir resumed>) = 0 [pid 8950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8952] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 8953 attached ) = 0 [pid 8953] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8952] setpgid(0, 0 [pid 8950] <... clone3 resumed> => {parent_tid=[8953]}, 88) = 8953 [pid 8949] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8950] rt_sigprocmask(SIG_SETMASK, [], [pid 8953] <... rseq resumed>) = 0 [pid 8952] <... setpgid resumed>) = 0 [pid 8950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8953] set_robust_list(0x7f67138b29a0, 24 [pid 8952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8950] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8953] <... set_robust_list resumed>) = 0 [pid 8950] <... futex resumed>) = 0 [pid 8953] rt_sigprocmask(SIG_SETMASK, [], [pid 8952] <... openat resumed>) = 3 [pid 8950] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8952] write(3, "1000", 4 [pid 8953] memfd_create("syzkaller", 0 [pid 8952] <... write resumed>) = 4 [pid 8952] close(3) = 0 [pid 8952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8953] <... memfd_create resumed>) = 3 [pid 8953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8952] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8953] <... mmap resumed>) = 0x7f670b400000 [pid 8952] <... futex resumed>) = 0 [pid 8952] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8952] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8954]}, 88) = 8954 [pid 8952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8952] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8952] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8954 attached [pid 8949] <... write resumed>) = 2097152 [pid 8954] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8951] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8954] <... rseq resumed>) = 0 [pid 8954] set_robust_list(0x7f67138b29a0, 24 [pid 8949] munmap(0x7f670b400000, 138412032 [pid 8954] <... set_robust_list resumed>) = 0 [pid 8954] rt_sigprocmask(SIG_SETMASK, [], [pid 8949] <... munmap resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8954] memfd_create("syzkaller", 0) = 3 [pid 8949] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8949] <... openat resumed>) = 4 [pid 8954] <... mmap resumed>) = 0x7f670b400000 [pid 8949] ioctl(4, LOOP_SET_FD, 3 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8953] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 8955 attached [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8955 [pid 8955] set_robust_list(0x5555569076a0, 24) = 0 [pid 8955] chdir("./383" [pid 8949] <... ioctl resumed>) = 0 [pid 8949] close(3 [pid 8955] <... chdir resumed>) = 0 [pid 8955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8955] setpgid(0, 0) = 0 [pid 8949] <... close resumed>) = 0 [pid 8955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8949] close(4 [pid 8955] <... openat resumed>) = 3 [pid 8949] <... close resumed>) = 0 [pid 8955] write(3, "1000", 4 [pid 8949] mkdir("./file0", 0777 [pid 8955] <... write resumed>) = 4 [pid 8955] close(3) = 0 [pid 8949] <... mkdir resumed>) = 0 [pid 8955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8951] <... write resumed>) = 2097152 [pid 8955] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8955] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8955] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8949] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [ 316.684020][ T8949] loop4: detected capacity change from 0 to 4096 [pid 8955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8954] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8955] <... mmap resumed>) = 0x7f6713892000 [pid 8955] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8956 attached [pid 8956] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8951] munmap(0x7f670b400000, 138412032 [pid 8956] set_robust_list(0x7f67138b29a0, 24 [pid 8955] <... clone3 resumed> => {parent_tid=[8956]}, 88) = 8956 [pid 8956] <... set_robust_list resumed>) = 0 [pid 8955] rt_sigprocmask(SIG_SETMASK, [], [pid 8956] rt_sigprocmask(SIG_SETMASK, [], [pid 8955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8956] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8955] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8955] <... futex resumed>) = 0 [pid 8955] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8956] memfd_create("syzkaller", 0 [pid 8951] <... munmap resumed>) = 0 [pid 8949] <... mount resumed>) = 0 [pid 8951] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8956] <... memfd_create resumed>) = 3 [pid 8951] <... openat resumed>) = 4 [pid 8949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8951] ioctl(4, LOOP_SET_FD, 3 [pid 8949] <... openat resumed>) = 3 [pid 8956] <... mmap resumed>) = 0x7f670b400000 [pid 8953] <... write resumed>) = 2097152 [pid 8951] <... ioctl resumed>) = 0 [pid 8949] chdir("./file0" [pid 8951] close(3 [pid 8953] munmap(0x7f670b400000, 138412032 [pid 8949] <... chdir resumed>) = 0 [pid 8949] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8951] <... close resumed>) = 0 [pid 8951] close(4) = 0 [pid 8949] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8947] <... futex resumed>) = 0 [pid 8951] mkdir("./file0", 0777 [pid 8949] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8947] exit_group(0 [pid 8954] <... write resumed>) = 2097152 [pid 8953] <... munmap resumed>) = 0 [pid 8951] <... mkdir resumed>) = 0 [pid 8947] <... exit_group resumed>) = ? [pid 8953] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8949] <... futex resumed>) = ? [pid 8953] <... openat resumed>) = 4 [ 316.778069][ T8951] loop2: detected capacity change from 0 to 4096 [pid 8951] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8954] munmap(0x7f670b400000, 138412032 [pid 8953] ioctl(4, LOOP_SET_FD, 3 [pid 8949] +++ exited with 0 +++ [pid 8947] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8947, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5066] umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8956] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8953] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./384/binderfs", [pid 8953] close(3 [pid 8954] <... munmap resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8954] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8953] <... close resumed>) = 0 [pid 5066] unlink("./384/binderfs") = 0 [pid 8953] close(4 [pid 8954] <... openat resumed>) = 4 [pid 8953] <... close resumed>) = 0 [pid 5066] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8953] mkdir("./file0", 0777 [pid 5066] <... umount2 resumed>) = 0 [pid 8954] ioctl(4, LOOP_SET_FD, 3 [pid 8953] <... mkdir resumed>) = 0 [pid 8953] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5066] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./384/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 8954] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8954] close(3 [pid 5066] getdents64(4, [pid 8954] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8954] close(4 [pid 5066] close(4) = 0 [pid 8954] <... close resumed>) = 0 [pid 5066] rmdir("./384/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 8954] mkdir("./file0", 0777 [pid 5066] <... close resumed>) = 0 [pid 8954] <... mkdir resumed>) = 0 [pid 5066] rmdir("./384") = 0 [pid 8954] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8953] <... mount resumed>) = 0 [ 316.832732][ T8953] loop3: detected capacity change from 0 to 4096 [ 316.865656][ T8954] loop1: detected capacity change from 0 to 4096 [pid 5066] mkdir("./385", 0777 [pid 8953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] <... mkdir resumed>) = 0 [pid 8951] <... mount resumed>) = 0 [pid 8953] chdir("./file0") = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8953] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... openat resumed>) = 3 [pid 8953] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8951] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8953] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8951] chdir("./file0" [pid 8953] <... futex resumed>) = 1 [pid 8951] <... chdir resumed>) = 0 [pid 8950] <... futex resumed>) = 0 [pid 8956] <... write resumed>) = 2097152 [pid 8953] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8951] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8950] exit_group(0 [pid 8953] <... futex resumed>) = ? [pid 8951] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8950] <... exit_group resumed>) = ? [pid 8951] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8948] <... futex resumed>) = 0 [pid 8951] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8948] exit_group(0 [pid 8956] munmap(0x7f670b400000, 138412032 [pid 8951] <... futex resumed>) = ? [pid 8948] <... exit_group resumed>) = ? [pid 8951] +++ exited with 0 +++ [pid 8956] <... munmap resumed>) = 0 [pid 8953] +++ exited with 0 +++ [pid 8950] +++ exited with 0 +++ [pid 8948] +++ exited with 0 +++ [pid 8956] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8950, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8948, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8956] <... openat resumed>) = 4 [pid 8956] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8956] close(3 [pid 5065] umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8956] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 8956] close(4) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8956] mkdir("./file0", 0777 [pid 5065] umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./386/binderfs", [pid 5064] getdents64(3, [pid 8956] <... mkdir resumed>) = 0 [pid 8956] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] unlink("./386/binderfs") = 0 [pid 5064] umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./388/binderfs", [pid 5065] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8954] <... mount resumed>) = 0 [pid 5064] unlink("./388/binderfs" [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [ 316.968837][ T8956] loop0: detected capacity change from 0 to 4096 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8954] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] newfstatat(AT_FDCWD, "./386/file0", [pid 8954] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8954] chdir("./file0" [pid 5065] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8954] <... chdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8954] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] openat(AT_FDCWD, "./386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8954] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 8954] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] close(3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8954] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 8952] <... futex resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = 0 [pid 8952] exit_group(0 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8957 attached [pid 8954] <... futex resumed>) = ? [pid 8952] <... exit_group resumed>) = ? [pid 5065] close(4 [pid 5064] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8957] set_robust_list(0x5555569076a0, 24 [pid 8954] +++ exited with 0 +++ [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8957 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8957] <... set_robust_list resumed>) = 0 [pid 8957] chdir("./385" [pid 5065] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./388/file0", [pid 8957] <... chdir resumed>) = 0 [pid 5065] rmdir("./386/file0" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8957] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... rmdir resumed>) = 0 [pid 5064] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8957] <... prctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8957] setpgid(0, 0 [pid 8952] +++ exited with 0 +++ [pid 5064] openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8957] <... setpgid resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] <... openat resumed>) = 4 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8952, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(4, "", [pid 8957] <... openat resumed>) = 3 [pid 5065] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8957] write(3, "1000", 4 [pid 5064] getdents64(4, [pid 5063] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8957] <... write resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8957] close(3 [pid 5064] getdents64(4, [pid 5063] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8957] <... close resumed>) = 0 [pid 5065] rmdir("./386" [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... openat resumed>) = 3 [pid 8957] symlink("/dev/binderfs", "./binderfs" [pid 8956] <... mount resumed>) = 0 [pid 5064] close(4 [pid 5063] newfstatat(3, "", [pid 8957] <... symlink resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] getdents64(3, [pid 8956] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 5064] rmdir("./388/file0" [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8957] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8956] <... openat resumed>) = 3 [pid 5065] mkdir("./387", 0777 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8957] <... futex resumed>) = 0 [pid 8956] chdir("./file0" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8957] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8956] <... chdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] getdents64(3, [pid 5063] newfstatat(AT_FDCWD, "./390/binderfs", [pid 8957] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8956] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] unlink("./390/binderfs" [pid 8957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] close(3 [pid 5063] <... unlink resumed>) = 0 [pid 8957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8957] <... mmap resumed>) = 0x7f6713892000 [pid 5064] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./390/file0", [pid 8957] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] rmdir("./388" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8957] <... mprotect resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8957] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... openat resumed>) = 3 [pid 8956] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8956] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8957] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8956] <... futex resumed>) = 1 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] mkdir("./389", 0777 [pid 5063] <... openat resumed>) = 4 [pid 8957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8956] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... mkdir resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 8955] <... futex resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8957] <... clone3 resumed> => {parent_tid=[8958]}, 88) = 8958 [pid 5063] getdents64(4, [pid 8957] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] close(4 [pid 8957] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... close resumed>) = 0 ./strace-static-x86_64: Process 8958 attached [pid 8957] <... futex resumed>) = 0 [pid 8955] exit_group(0 [pid 5064] <... openat resumed>) = 3 [pid 5063] rmdir("./390/file0" [pid 8958] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8957] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8956] <... futex resumed>) = ? [pid 8955] <... exit_group resumed>) = ? [pid 5063] <... rmdir resumed>) = 0 [pid 8956] +++ exited with 0 +++ [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./390") = 0 [pid 5063] mkdir("./391", 0777 [pid 8958] <... rseq resumed>) = 0 [pid 8955] +++ exited with 0 +++ [pid 8958] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8955, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 8958] memfd_create("syzkaller", 0 [pid 5062] umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8958] <... memfd_create resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5062] getdents64(3, [pid 8958] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./383/binderfs") = 0 [pid 5062] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./383/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./383/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8959 [pid 5062] rmdir("./383") = 0 ./strace-static-x86_64: Process 8959 attached [pid 8959] set_robust_list(0x5555569076a0, 24) = 0 [pid 8959] chdir("./387" [pid 5062] mkdir("./384", 0777) = 0 [pid 8959] <... chdir resumed>) = 0 [pid 8959] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8959] <... prctl resumed>) = 0 [pid 8959] setpgid(0, 0) = 0 [pid 8959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8959] write(3, "1000", 4) = 4 [pid 8959] close(3) = 0 [pid 8959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8959] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8959] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8959] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5064] <... ioctl resumed>) = 0 [pid 8959] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8960]}, 88) = 8960 [pid 8959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8959] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8960 attached [pid 8959] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8960] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8960] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8958] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 8960] memfd_create("syzkaller", 0 [pid 5064] <... close resumed>) = 0 [pid 5063] close(3 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8960] <... memfd_create resumed>) = 3 [pid 8960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 ./strace-static-x86_64: Process 8961 attached [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8961] set_robust_list(0x5555569076a0, 24 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8962 ./strace-static-x86_64: Process 8962 attached [pid 8962] set_robust_list(0x5555569076a0, 24) = 0 [pid 8962] chdir("./391") = 0 [pid 8962] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8961] <... set_robust_list resumed>) = 0 [pid 8962] <... prctl resumed>) = 0 [pid 8962] setpgid(0, 0) = 0 [pid 8962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8961] chdir("./389" [pid 8962] write(3, "1000", 4 [pid 8961] <... chdir resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8961 [pid 8962] <... write resumed>) = 4 [pid 8958] <... write resumed>) = 2097152 [pid 8961] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... ioctl resumed>) = 0 [pid 8962] close(3) = 0 [pid 8961] <... prctl resumed>) = 0 [pid 8958] munmap(0x7f670b400000, 138412032 [pid 8962] symlink("/dev/binderfs", "./binderfs" [pid 8961] setpgid(0, 0 [pid 8962] <... symlink resumed>) = 0 [pid 8961] <... setpgid resumed>) = 0 [pid 8962] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8962] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8961] <... openat resumed>) = 3 [pid 8962] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8961] write(3, "1000", 4 [pid 8962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8961] <... write resumed>) = 4 [pid 8962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8961] close(3 [pid 8962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8961] <... close resumed>) = 0 [pid 8962] <... mmap resumed>) = 0x7f6713892000 [pid 5062] close(3 [pid 8961] symlink("/dev/binderfs", "./binderfs" [pid 8962] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... close resumed>) = 0 [pid 8962] <... mprotect resumed>) = 0 [pid 8961] <... symlink resumed>) = 0 [pid 8960] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8958] <... munmap resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8961] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8961] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8963 [pid 8961] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8962] <... clone3 resumed> => {parent_tid=[8964]}, 88) = 8964 [pid 8961] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8962] rt_sigprocmask(SIG_SETMASK, [], [pid 8961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 8963 attached [pid 8962] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8961] <... mmap resumed>) = 0x7f6713892000 ./strace-static-x86_64: Process 8964 attached [pid 8963] set_robust_list(0x5555569076a0, 24 [pid 8962] <... futex resumed>) = 0 [pid 8958] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8963] <... set_robust_list resumed>) = 0 [pid 8962] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8961] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8964] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8963] chdir("./384" [pid 8961] <... mprotect resumed>) = 0 [pid 8958] <... openat resumed>) = 4 [pid 8963] <... chdir resumed>) = 0 [pid 8963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8964] <... rseq resumed>) = 0 [pid 8963] setpgid(0, 0 [pid 8961] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8958] ioctl(4, LOOP_SET_FD, 3 [pid 8963] <... setpgid resumed>) = 0 [pid 8964] set_robust_list(0x7f67138b29a0, 24 [pid 8963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8963] write(3, "1000", 4) = 4 [pid 8963] close(3) = 0 [pid 8963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8963] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8964] <... set_robust_list resumed>) = 0 [pid 8963] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8961] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8960] <... write resumed>) = 2097152 [pid 8958] <... ioctl resumed>) = 0 [pid 8964] rt_sigprocmask(SIG_SETMASK, [], [pid 8963] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8960] munmap(0x7f670b400000, 138412032 [pid 8958] close(3./strace-static-x86_64: Process 8965 attached [pid 8964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8963] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8958] <... close resumed>) = 0 [pid 8965] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8964] memfd_create("syzkaller", 0 [pid 8963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8961] <... clone3 resumed> => {parent_tid=[8965]}, 88) = 8965 [pid 8958] close(4 [pid 8965] <... rseq resumed>) = 0 [pid 8963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8961] rt_sigprocmask(SIG_SETMASK, [], [pid 8958] <... close resumed>) = 0 [pid 8965] set_robust_list(0x7f67138b29a0, 24 [pid 8964] <... memfd_create resumed>) = 3 [pid 8961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8958] mkdir("./file0", 0777 [pid 8965] <... set_robust_list resumed>) = 0 [pid 8964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8963] <... mmap resumed>) = 0x7f6713892000 [pid 8961] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8960] <... munmap resumed>) = 0 [pid 8958] <... mkdir resumed>) = 0 [pid 8965] rt_sigprocmask(SIG_SETMASK, [], [pid 8964] <... mmap resumed>) = 0x7f670b400000 [pid 8963] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8961] <... futex resumed>) = 0 [pid 8960] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8963] <... mprotect resumed>) = 0 [pid 8960] <... openat resumed>) = 4 [pid 8958] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8961] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8963] rt_sigprocmask(SIG_BLOCK, ~[], [ 317.329402][ T8958] loop4: detected capacity change from 0 to 4096 [pid 8960] ioctl(4, LOOP_SET_FD, 3 [pid 8965] memfd_create("syzkaller", 0 [pid 8963] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8966]}, 88) = 8966 [pid 8963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8963] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8963] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8966 attached [pid 8966] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8960] <... ioctl resumed>) = 0 [pid 8966] set_robust_list(0x7f67138b29a0, 24 [pid 8960] close(3 [pid 8966] <... set_robust_list resumed>) = 0 [pid 8960] <... close resumed>) = 0 [pid 8966] rt_sigprocmask(SIG_SETMASK, [], [pid 8965] <... memfd_create resumed>) = 3 [pid 8960] close(4) = 0 [pid 8966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8960] mkdir("./file0", 0777 [pid 8965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8960] <... mkdir resumed>) = 0 [pid 8960] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8966] memfd_create("syzkaller", 0) = 3 [pid 8966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8958] <... mount resumed>) = 0 [ 317.371392][ T8960] loop3: detected capacity change from 0 to 4096 [pid 8958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8958] chdir("./file0") = 0 [pid 8958] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8958] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8958] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8957] <... futex resumed>) = 0 [pid 8957] exit_group(0 [pid 8964] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8958] <... futex resumed>) = ? [pid 8957] <... exit_group resumed>) = ? [pid 8958] +++ exited with 0 +++ [pid 8957] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8957, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8960] <... mount resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8960] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8960] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./385/binderfs", [pid 8960] chdir("./file0" [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8960] <... chdir resumed>) = 0 [pid 5066] unlink("./385/binderfs" [pid 8960] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... unlink resumed>) = 0 [pid 8960] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8960] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8960] <... futex resumed>) = 1 [pid 8959] <... futex resumed>) = 0 [pid 8960] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8959] exit_group(0) = ? [pid 8960] <... futex resumed>) = ? [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./385/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8960] +++ exited with 0 +++ [pid 8959] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8959, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5065] umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] close(4 [pid 5065] openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5066] rmdir("./385/file0" [pid 5065] newfstatat(3, "", [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5066] getdents64(3, [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8966] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3) = 0 [pid 5066] rmdir("./385") = 0 [pid 8965] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] mkdir("./386", 0777) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] newfstatat(AT_FDCWD, "./387/binderfs", [pid 5066] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] unlink("./387/binderfs") = 0 [pid 5065] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5065] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./387/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8964] <... write resumed>) = 2097152 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./387/file0") = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./387") = 0 [pid 5065] mkdir("./388", 0777) = 0 [pid 8966] <... write resumed>) = 2097152 [pid 8965] <... write resumed>) = 2097152 [pid 8964] munmap(0x7f670b400000, 138412032 [pid 8966] munmap(0x7f670b400000, 138412032 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8965] munmap(0x7f670b400000, 138412032 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8964] <... munmap resumed>) = 0 [pid 8966] <... munmap resumed>) = 0 [pid 8965] <... munmap resumed>) = 0 [pid 8965] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8966] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8964] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8966] <... openat resumed>) = 4 [pid 8965] <... openat resumed>) = 4 [pid 8964] <... openat resumed>) = 4 [pid 8964] ioctl(4, LOOP_SET_FD, 3 [pid 8965] ioctl(4, LOOP_SET_FD, 3 [pid 8964] <... ioctl resumed>) = 0 [pid 8966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8966] close(3 [pid 8965] <... ioctl resumed>) = 0 [pid 8964] close(3 [pid 5066] <... ioctl resumed>) = 0 [pid 8964] <... close resumed>) = 0 [pid 8964] close(4 [pid 5066] close(3 [pid 8966] <... close resumed>) = 0 [pid 8966] close(4) = 0 [pid 8965] close(3 [pid 8964] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8966] mkdir("./file0", 0777) = 0 [pid 8966] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8965] <... close resumed>) = 0 [pid 8964] mkdir("./file0", 0777 [pid 8965] close(4) = 0 [pid 8965] mkdir("./file0", 0777./strace-static-x86_64: Process 8967 attached [pid 8967] set_robust_list(0x5555569076a0, 24) = 0 [pid 8967] chdir("./386" [pid 8964] <... mkdir resumed>) = 0 [pid 8965] <... mkdir resumed>) = 0 [pid 8964] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8967 [ 317.569201][ T8964] loop1: detected capacity change from 0 to 4096 [ 317.578496][ T8966] loop0: detected capacity change from 0 to 4096 [ 317.579146][ T8965] loop2: detected capacity change from 0 to 4096 [pid 8965] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8967] <... chdir resumed>) = 0 [pid 8967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8967] setpgid(0, 0) = 0 [pid 8967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8967] write(3, "1000", 4) = 4 [pid 8967] close(3) = 0 [pid 8967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8967] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8967] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8967] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8968]}, 88) = 8968 [pid 8967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8967] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8967] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 8968 attached [pid 8968] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8968] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8968] memfd_create("syzkaller", 0 [pid 8965] <... mount resumed>) = 0 [pid 8968] <... memfd_create resumed>) = 3 [pid 8968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] close(3 [pid 8968] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... close resumed>) = 0 [pid 8966] <... mount resumed>) = 0 [pid 8965] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8964] <... mount resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8965] <... openat resumed>) = 3 [pid 8964] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 8969 attached [pid 8965] chdir("./file0" [pid 8964] <... openat resumed>) = 3 [pid 8965] <... chdir resumed>) = 0 [pid 8969] set_robust_list(0x5555569076a0, 24 [pid 8964] chdir("./file0" [pid 8966] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8964] <... chdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8969 [pid 8969] <... set_robust_list resumed>) = 0 [pid 8966] <... openat resumed>) = 3 [pid 8964] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8965] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8966] chdir("./file0") = 0 [pid 8965] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8964] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8969] chdir("./388" [pid 8966] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8965] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8964] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8969] <... chdir resumed>) = 0 [pid 8966] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8965] <... futex resumed>) = 1 [pid 8964] <... futex resumed>) = 1 [pid 8962] <... futex resumed>) = 0 [pid 8961] <... futex resumed>) = 0 [pid 8965] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8964] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8962] exit_group(0 [pid 8961] exit_group(0 [pid 8965] <... futex resumed>) = ? [pid 8964] <... futex resumed>) = ? [pid 8962] <... exit_group resumed>) = ? [pid 8961] <... exit_group resumed>) = ? [pid 8965] +++ exited with 0 +++ [pid 8966] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8964] +++ exited with 0 +++ [pid 8962] +++ exited with 0 +++ [pid 8969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8966] <... futex resumed>) = 1 [pid 8963] <... futex resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8962, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8963] exit_group(0) = ? [pid 8969] <... prctl resumed>) = 0 [pid 8969] setpgid(0, 0 [pid 8966] +++ exited with 0 +++ [pid 8963] +++ exited with 0 +++ [pid 8961] +++ exited with 0 +++ [pid 8969] <... setpgid resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8961, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8963, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 3 [pid 5063] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8969] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 5062] openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 5063] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 8969] write(3, "1000", 4 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] newfstatat(3, "", [pid 5062] newfstatat(3, "", [pid 8969] <... write resumed>) = 4 [pid 5064] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8969] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8969] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./389/binderfs", [pid 5063] getdents64(3, [pid 5062] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./389/binderfs") = 0 [pid 5064] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5064] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./389/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8969] symlink("/dev/binderfs", "./binderfs" [pid 8968] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8969] <... symlink resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 5063] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8969] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] getdents64(4, [pid 5063] newfstatat(AT_FDCWD, "./391/binderfs", [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8969] <... futex resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] newfstatat(AT_FDCWD, "./384/binderfs", [pid 8969] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] unlink("./391/binderfs" [pid 8969] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... unlink resumed>) = 0 [pid 5062] unlink("./384/binderfs" [pid 5063] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, [pid 8969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8969] <... mmap resumed>) = 0x7f6713892000 [pid 5064] close(4 [pid 8969] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... close resumed>) = 0 [pid 8969] <... mprotect resumed>) = 0 [pid 5064] rmdir("./389/file0") = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 8969] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./389" [pid 8969] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] mkdir("./390", 0777) = 0 [pid 5063] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8970 attached [pid 8969] <... clone3 resumed> => {parent_tid=[8970]}, 88) = 8970 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8970] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8969] rt_sigprocmask(SIG_SETMASK, [], [pid 8970] <... rseq resumed>) = 0 [pid 8969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8971 [pid 5063] newfstatat(AT_FDCWD, "./391/file0", ./strace-static-x86_64: Process 8971 attached [pid 8970] set_robust_list(0x7f67138b29a0, 24 [pid 8971] set_robust_list(0x5555569076a0, 24 [pid 8970] <... set_robust_list resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8971] <... set_robust_list resumed>) = 0 [pid 8970] rt_sigprocmask(SIG_SETMASK, [], [pid 8971] chdir("./390" [pid 8969] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = 0 [pid 8971] <... chdir resumed>) = 0 [pid 8971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8971] setpgid(0, 0) = 0 [pid 8971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8969] <... futex resumed>) = 0 [pid 8968] <... write resumed>) = 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8971] write(3, "1000", 4 [pid 8968] munmap(0x7f670b400000, 138412032 [pid 8971] <... write resumed>) = 4 [pid 8970] memfd_create("syzkaller", 0 [pid 8969] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8968] <... munmap resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8971] close(3 [pid 5062] newfstatat(AT_FDCWD, "./384/file0", [pid 8971] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(4, "", [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] openat(AT_FDCWD, "./384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8971] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] <... openat resumed>) = 4 [pid 8971] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] newfstatat(4, "", [pid 8971] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8971] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8971] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8968] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 8972 attached ) = 4 [pid 8972] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8971] <... clone3 resumed> => {parent_tid=[8972]}, 88) = 8972 [pid 8972] <... rseq resumed>) = 0 [pid 8971] rt_sigprocmask(SIG_SETMASK, [], [pid 8968] ioctl(4, LOOP_SET_FD, 3 [pid 8972] set_robust_list(0x7f67138b29a0, 24 [pid 8971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8970] <... memfd_create resumed>) = 3 [pid 5063] getdents64(4, [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, [pid 8972] <... set_robust_list resumed>) = 0 [pid 8971] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8970] <... mmap resumed>) = 0x7f670b400000 [pid 5063] getdents64(4, [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] getdents64(4, [pid 5063] close(4 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8972] rt_sigprocmask(SIG_SETMASK, [], [pid 8971] <... futex resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5062] close(4 [pid 8972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8971] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8972] memfd_create("syzkaller", 0 [pid 5063] rmdir("./391/file0" [pid 5062] <... close resumed>) = 0 [pid 8972] <... memfd_create resumed>) = 3 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] rmdir("./384/file0" [pid 8972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./384" [pid 8968] <... ioctl resumed>) = 0 [pid 5063] getdents64(3, [pid 5062] <... rmdir resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8968] close(3 [pid 5063] close(3 [pid 5062] mkdir("./385", 0777 [pid 5063] <... close resumed>) = 0 [pid 8968] <... close resumed>) = 0 [pid 8968] close(4 [pid 5063] rmdir("./391" [pid 5062] <... mkdir resumed>) = 0 [pid 8968] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [ 317.827486][ T8968] loop4: detected capacity change from 0 to 4096 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8968] mkdir("./file0", 0777 [pid 8970] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8968] <... mkdir resumed>) = 0 [pid 5063] mkdir("./392", 0777 [pid 5062] <... openat resumed>) = 3 [pid 8968] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] <... mkdir resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 8972] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8968] <... mount resumed>) = 0 [pid 8968] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8968] chdir("./file0") = 0 [pid 8968] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8968] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8967] <... futex resumed>) = 0 [pid 8968] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8967] exit_group(0 [pid 8968] <... futex resumed>) = ? [pid 8967] <... exit_group resumed>) = ? [pid 8970] <... write resumed>) = 2097152 [pid 8970] munmap(0x7f670b400000, 138412032 [pid 8968] +++ exited with 0 +++ [pid 8967] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8967, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 8972] <... write resumed>) = 2097152 [pid 5066] umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8970] <... munmap resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", [pid 5062] <... ioctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 5063] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8972] munmap(0x7f670b400000, 138412032 [pid 5066] umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8970] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8970] <... openat resumed>) = 4 [pid 8970] ioctl(4, LOOP_SET_FD, 3 [pid 8972] <... munmap resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./386/binderfs" [pid 5062] close(3 [pid 5066] <... unlink resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5066] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8973 attached , child_tidptr=0x555556907690) = 8973 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./386/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8970] <... ioctl resumed>) = 0 [pid 8970] close(3 [pid 5066] <... openat resumed>) = 4 [pid 8970] <... close resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8973] set_robust_list(0x5555569076a0, 24 [pid 8970] close(4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] close(3 [pid 8973] <... set_robust_list resumed>) = 0 [pid 8970] <... close resumed>) = 0 [pid 5066] getdents64(4, [pid 8973] chdir("./385" [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... close resumed>) = 0 [pid 8973] <... chdir resumed>) = 0 [pid 8972] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8970] mkdir("./file0", 0777 [pid 5066] getdents64(4, [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8973] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8973] <... prctl resumed>) = 0 [pid 5066] close(4) = 0 [pid 8973] setpgid(0, 0 [pid 8970] <... mkdir resumed>) = 0 [pid 5066] rmdir("./386/file0" [pid 8973] <... setpgid resumed>) = 0 [pid 8972] <... openat resumed>) = 4 [pid 8970] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8972] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... rmdir resumed>) = 0 [pid 8973] <... openat resumed>) = 3 [pid 5066] getdents64(3, [pid 8973] write(3, "1000", 4 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8973] <... write resumed>) = 4 [pid 5066] close(3./strace-static-x86_64: Process 8974 attached [pid 8973] close(3 [pid 8972] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 8974] set_robust_list(0x5555569076a0, 24 [pid 8973] <... close resumed>) = 0 [pid 5066] rmdir("./386" [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8974 [pid 8973] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... rmdir resumed>) = 0 [pid 8973] <... symlink resumed>) = 0 [pid 8974] <... set_robust_list resumed>) = 0 [pid 8973] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] mkdir("./387", 0777 [pid 8974] chdir("./392" [pid 8973] <... futex resumed>) = 0 [pid 8972] close(3 [pid 5066] <... mkdir resumed>) = 0 [pid 8974] <... chdir resumed>) = 0 [pid 8973] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8972] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8974] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8973] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8972] close(4 [pid 5066] <... openat resumed>) = 3 [pid 8974] <... prctl resumed>) = 0 [pid 8973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8972] <... close resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8974] setpgid(0, 0 [pid 8973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8972] mkdir("./file0", 0777 [pid 8974] <... setpgid resumed>) = 0 [pid 8973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8973] <... mmap resumed>) = 0x7f6713892000 [ 317.999339][ T8970] loop3: detected capacity change from 0 to 4096 [ 318.032695][ T8972] loop2: detected capacity change from 0 to 4096 [pid 8974] <... openat resumed>) = 3 [pid 8973] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8972] <... mkdir resumed>) = 0 [pid 8973] <... mprotect resumed>) = 0 [pid 8973] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8970] <... mount resumed>) = 0 [pid 8974] write(3, "1000", 4 [pid 8973] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8972] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8974] <... write resumed>) = 4 [pid 8973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8975 attached [pid 8974] close(3 [pid 8970] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8975] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8974] <... close resumed>) = 0 [pid 8973] <... clone3 resumed> => {parent_tid=[8975]}, 88) = 8975 [pid 8975] set_robust_list(0x7f67138b29a0, 24 [pid 8974] symlink("/dev/binderfs", "./binderfs" [pid 8973] rt_sigprocmask(SIG_SETMASK, [], [pid 8970] chdir("./file0" [pid 8975] <... set_robust_list resumed>) = 0 [pid 8974] <... symlink resumed>) = 0 [pid 8973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8975] rt_sigprocmask(SIG_SETMASK, [], [pid 8973] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8970] <... chdir resumed>) = 0 [pid 8975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8974] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8973] <... futex resumed>) = 0 [pid 8970] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8974] <... futex resumed>) = 0 [pid 8973] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8974] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8975] memfd_create("syzkaller", 0 [pid 8974] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8970] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8970] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8975] <... memfd_create resumed>) = 3 [pid 8970] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8969] <... futex resumed>) = 0 [pid 8969] exit_group(0 [pid 8970] <... futex resumed>) = ? [pid 8969] <... exit_group resumed>) = ? [pid 8970] +++ exited with 0 +++ [pid 8969] +++ exited with 0 +++ [pid 8974] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8969, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=5 /* 0.05 s */} --- [pid 8974] <... mmap resumed>) = 0x7f6713892000 [pid 8974] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8974] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... ioctl resumed>) = 0 [pid 8974] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8976 attached [pid 5065] openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8976] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8974] <... clone3 resumed> => {parent_tid=[8976]}, 88) = 8976 [pid 5065] <... openat resumed>) = 3 [pid 8974] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] newfstatat(3, "", [pid 8976] set_robust_list(0x7f67138b29a0, 24 [pid 8974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8976] <... set_robust_list resumed>) = 0 [pid 8974] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] getdents64(3, [pid 8976] rt_sigprocmask(SIG_SETMASK, [], [pid 8974] <... futex resumed>) = 0 [pid 8976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8974] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8976] memfd_create("syzkaller", 0 [pid 8975] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8972] <... mount resumed>) = 0 [pid 5065] umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8976] <... memfd_create resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8972] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] newfstatat(AT_FDCWD, "./388/binderfs", [pid 8976] <... mmap resumed>) = 0x7f670b400000 [pid 8972] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8977 attached [pid 5065] unlink("./388/binderfs" [pid 8977] set_robust_list(0x5555569076a0, 24) = 0 [pid 8972] chdir("./file0" [pid 5065] <... unlink resumed>) = 0 [pid 8977] chdir("./387" [pid 8972] <... chdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8977 [pid 8972] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8972] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8977] <... chdir resumed>) = 0 [pid 8977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8972] <... futex resumed>) = 1 [pid 8971] <... futex resumed>) = 0 [pid 5065] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8977] setpgid(0, 0 [pid 8972] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8971] exit_group(0 [pid 8977] <... setpgid resumed>) = 0 [pid 8972] <... futex resumed>) = ? [pid 8971] <... exit_group resumed>) = ? [pid 8972] +++ exited with 0 +++ [pid 8977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8971] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8971, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 8977] <... openat resumed>) = 3 [pid 5064] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8977] write(3, "1000", 4 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8977] <... write resumed>) = 4 [pid 5064] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8977] close(3 [pid 5065] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8977] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8977] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./390/binderfs", [pid 8977] <... symlink resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./388/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8977] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] unlink("./390/binderfs" [pid 8977] <... futex resumed>) = 0 [pid 8977] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8977] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8977] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8977] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8977] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] getdents64(4, [pid 5064] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] newfstatat(AT_FDCWD, "./390/file0", [pid 5065] getdents64(4, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8977] <... clone3 resumed> => {parent_tid=[8978]}, 88) = 8978 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8977] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] close(4 [pid 5064] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... close resumed>) = 0 [pid 8977] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] rmdir("./388/file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8977] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8978 attached [pid 8977] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... rmdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8978] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5065] getdents64(3, [pid 5064] <... openat resumed>) = 4 [pid 8978] <... rseq resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(4, "", [pid 8978] set_robust_list(0x7f67138b29a0, 24 [pid 5065] close(3 [pid 8978] <... set_robust_list resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8978] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] rmdir("./388" [pid 5064] getdents64(4, [pid 8978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8978] memfd_create("syzkaller", 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8978] <... memfd_create resumed>) = 3 [pid 5064] getdents64(4, [pid 8978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] mkdir("./389", 0777 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8978] <... mmap resumed>) = 0x7f670b400000 [pid 8976] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8975] <... write resumed>) = 2097152 [pid 5064] close(4 [pid 8975] munmap(0x7f670b400000, 138412032 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./390/file0") = 0 [pid 5064] getdents64(3, [pid 8975] <... munmap resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./390" [pid 8975] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./391", 0777 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8975] <... openat resumed>) = 4 [pid 8975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8975] close(3) = 0 [pid 8975] close(4) = 0 [pid 8975] mkdir("./file0", 0777 [pid 8978] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8976] <... write resumed>) = 2097152 [pid 8975] <... mkdir resumed>) = 0 [pid 8975] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8976] munmap(0x7f670b400000, 138412032) = 0 [ 318.268120][ T8975] loop0: detected capacity change from 0 to 4096 [pid 8978] <... write resumed>) = 2097152 [pid 8976] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8976] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... ioctl resumed>) = 0 [pid 8978] munmap(0x7f670b400000, 138412032 [pid 5064] <... ioctl resumed>) = 0 [pid 8978] <... munmap resumed>) = 0 [pid 8978] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] close(3 [pid 8978] <... openat resumed>) = 4 [pid 8976] <... ioctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] close(3 [pid 8978] ioctl(4, LOOP_SET_FD, 3 [pid 8976] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... close resumed>) = 0 [pid 8976] close(4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8976] <... close resumed>) = 0 ./strace-static-x86_64: Process 8980 attached [pid 8978] <... ioctl resumed>) = 0 [pid 8976] mkdir("./file0", 0777) = 0 ./strace-static-x86_64: Process 8979 attached [pid 8980] set_robust_list(0x5555569076a0, 24) = 0 [pid 8979] set_robust_list(0x5555569076a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8979 [pid 8979] <... set_robust_list resumed>) = 0 [pid 8980] chdir("./389" [pid 8979] chdir("./391" [pid 8976] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 8980] <... chdir resumed>) = 0 [pid 8979] <... chdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8980 [pid 8980] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8978] close(3 [pid 8980] <... prctl resumed>) = 0 [pid 8979] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8980] setpgid(0, 0) = 0 [pid 8979] <... prctl resumed>) = 0 [pid 8979] setpgid(0, 0 [pid 8980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8979] <... setpgid resumed>) = 0 [pid 8980] write(3, "1000", 4) = 4 [pid 8979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8979] write(3, "1000", 4 [pid 8980] close(3 [pid 8979] <... write resumed>) = 4 [pid 8978] <... close resumed>) = 0 [pid 8980] <... close resumed>) = 0 [pid 8979] close(3 [pid 8978] close(4 [pid 8980] symlink("/dev/binderfs", "./binderfs" [pid 8979] <... close resumed>) = 0 [pid 8980] <... symlink resumed>) = 0 [pid 8979] symlink("/dev/binderfs", "./binderfs" [ 318.339564][ T8976] loop1: detected capacity change from 0 to 4096 [ 318.377863][ T8978] loop4: detected capacity change from 0 to 4096 [pid 8980] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8979] <... symlink resumed>) = 0 [pid 8978] <... close resumed>) = 0 [pid 8980] <... futex resumed>) = 0 [pid 8979] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8978] mkdir("./file0", 0777 [pid 8975] <... mount resumed>) = 0 [pid 8980] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8979] <... futex resumed>) = 0 [pid 8978] <... mkdir resumed>) = 0 [pid 8975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8980] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8980] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8979] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8978] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8975] <... openat resumed>) = 3 [pid 8980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8975] chdir("./file0" [pid 8980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8975] <... chdir resumed>) = 0 [pid 8980] <... mmap resumed>) = 0x7f6713892000 [pid 8979] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8975] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8980] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8979] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8980] <... mprotect resumed>) = 0 [pid 8979] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8980] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8979] <... mmap resumed>) = 0x7f6713892000 [pid 8976] <... mount resumed>) = 0 [pid 8979] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8979] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8976] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8980] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8979] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8976] <... openat resumed>) = 3 [pid 8975] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8979] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8976] chdir("./file0" [pid 8975] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8982 attached ./strace-static-x86_64: Process 8981 attached [pid 8976] <... chdir resumed>) = 0 [pid 8982] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8981] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8980] <... clone3 resumed> => {parent_tid=[8981]}, 88) = 8981 [pid 8979] <... clone3 resumed> => {parent_tid=[8982]}, 88) = 8982 [pid 8976] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8975] <... futex resumed>) = 1 [pid 8973] <... futex resumed>) = 0 [pid 8982] <... rseq resumed>) = 0 [pid 8981] <... rseq resumed>) = 0 [pid 8980] rt_sigprocmask(SIG_SETMASK, [], [pid 8979] rt_sigprocmask(SIG_SETMASK, [], [pid 8976] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8975] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8973] exit_group(0 [pid 8982] set_robust_list(0x7f67138b29a0, 24 [pid 8981] set_robust_list(0x7f67138b29a0, 24 [pid 8980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8979] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8976] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8975] <... futex resumed>) = ? [pid 8973] <... exit_group resumed>) = ? [pid 8982] <... set_robust_list resumed>) = 0 [pid 8981] <... set_robust_list resumed>) = 0 [pid 8980] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8979] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8976] <... futex resumed>) = 1 [pid 8974] <... futex resumed>) = 0 [pid 8982] rt_sigprocmask(SIG_SETMASK, [], [pid 8981] rt_sigprocmask(SIG_SETMASK, [], [pid 8980] <... futex resumed>) = 0 [pid 8979] <... futex resumed>) = 0 [pid 8976] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8974] exit_group(0 [pid 8982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8980] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8979] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8976] <... futex resumed>) = ? [pid 8974] <... exit_group resumed>) = ? [pid 8981] memfd_create("syzkaller", 0 [pid 8982] memfd_create("syzkaller", 0) = 3 [pid 8982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8981] <... memfd_create resumed>) = 3 [pid 8975] +++ exited with 0 +++ [pid 8973] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8973, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 8981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8981] <... mmap resumed>) = 0x7f670b400000 [pid 8976] +++ exited with 0 +++ [pid 8974] +++ exited with 0 +++ [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8974, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5062] openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8978] <... mount resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 5063] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] getdents64(3, [pid 5063] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... openat resumed>) = 3 [pid 5062] umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8978] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8978] chdir("./file0") = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] newfstatat(AT_FDCWD, "./385/binderfs", [pid 8978] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] getdents64(3, [pid 8978] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8978] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8978] <... futex resumed>) = 1 [pid 5062] unlink("./385/binderfs" [pid 8978] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... unlink resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8981] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8977] <... futex resumed>) = 0 [pid 5063] unlink("./392/binderfs" [pid 8977] exit_group(0) = ? [pid 8978] <... futex resumed>) = ? [pid 5063] <... unlink resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8978] +++ exited with 0 +++ [pid 8977] +++ exited with 0 +++ [pid 5063] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8977, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./385/file0", [pid 5066] umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./392/file0", [pid 5066] newfstatat(3, "", [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] openat(AT_FDCWD, "./385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(3, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... openat resumed>) = 4 [pid 8982] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] newfstatat(AT_FDCWD, "./387/binderfs", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(4, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] unlink("./387/binderfs" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5066] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5063] newfstatat(4, "", [pid 5062] getdents64(4, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(4, [pid 5062] getdents64(4, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./387/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(4, [pid 5062] close(4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] close(4 [pid 5062] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5063] <... close resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5063] rmdir("./392/file0" [pid 5062] rmdir("./385/file0" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 8981] <... write resumed>) = 2097152 [pid 5066] getdents64(4, [pid 5063] <... rmdir resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./387/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./387") = 0 [pid 5066] mkdir("./388", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8981] munmap(0x7f670b400000, 138412032 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5063] getdents64(3, [pid 5062] getdents64(3, [pid 5066] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5063] close(3 [pid 5062] close(3 [pid 5063] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./385") = 0 [pid 5062] mkdir("./386", 0777) = 0 [pid 8982] <... write resumed>) = 2097152 [pid 8981] <... munmap resumed>) = 0 [pid 5063] rmdir("./392" [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./393", 0777 [pid 5062] <... openat resumed>) = 3 [pid 5063] <... mkdir resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8981] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8982] munmap(0x7f670b400000, 138412032 [pid 8981] <... openat resumed>) = 4 [pid 5063] <... openat resumed>) = 3 [pid 8981] ioctl(4, LOOP_SET_FD, 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] <... close resumed>) = 0 [pid 8982] <... munmap resumed>) = 0 [pid 8981] <... ioctl resumed>) = 0 [pid 8982] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8981] close(3 [pid 8982] <... openat resumed>) = 4 [pid 8981] <... close resumed>) = 0 [pid 8982] ioctl(4, LOOP_SET_FD, 3 [pid 8981] close(4 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8981] <... close resumed>) = 0 [pid 8981] mkdir("./file0", 0777./strace-static-x86_64: Process 8983 attached ) = 0 [pid 8983] set_robust_list(0x5555569076a0, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8983 [pid 8983] <... set_robust_list resumed>) = 0 [pid 8983] chdir("./388") = 0 [pid 8983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8983] setpgid(0, 0) = 0 [pid 8983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8983] write(3, "1000", 4) = 4 [pid 8983] close(3) = 0 [pid 8982] <... ioctl resumed>) = 0 [pid 8981] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 8983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8983] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8982] close(3 [pid 8983] <... futex resumed>) = 0 [pid 8982] <... close resumed>) = 0 [pid 8983] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8983] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8982] close(4) = 0 [pid 8982] mkdir("./file0", 0777 [pid 8983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8983] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8982] <... mkdir resumed>) = 0 [pid 8983] <... mprotect resumed>) = 0 [pid 8983] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8982] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8983] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8984 attached [pid 8984] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8983] <... clone3 resumed> => {parent_tid=[8984]}, 88) = 8984 [pid 8984] <... rseq resumed>) = 0 [ 318.615978][ T8981] loop3: detected capacity change from 0 to 4096 [ 318.638976][ T8982] loop2: detected capacity change from 0 to 4096 [pid 8983] rt_sigprocmask(SIG_SETMASK, [], [pid 8984] set_robust_list(0x7f67138b29a0, 24 [pid 8983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 8984] <... set_robust_list resumed>) = 0 [pid 8983] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8984] rt_sigprocmask(SIG_SETMASK, [], [pid 8983] <... futex resumed>) = 0 [pid 8984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8983] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8984] memfd_create("syzkaller", 0) = 3 [pid 8984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... ioctl resumed>) = 0 [pid 8981] <... mount resumed>) = 0 [pid 8981] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] close(3 [pid 5062] close(3 [pid 5063] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8981] <... openat resumed>) = 3 [pid 8981] chdir("./file0" [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 8985 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8986 ./strace-static-x86_64: Process 8985 attached [pid 8981] <... chdir resumed>) = 0 [pid 8985] set_robust_list(0x5555569076a0, 24 [pid 8981] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8985] <... set_robust_list resumed>) = 0 [pid 8981] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8986 attached [pid 8985] chdir("./386" [pid 8981] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8986] set_robust_list(0x5555569076a0, 24 [pid 8985] <... chdir resumed>) = 0 [pid 8985] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8986] <... set_robust_list resumed>) = 0 [pid 8985] <... prctl resumed>) = 0 [pid 8981] <... futex resumed>) = 1 [pid 8980] <... futex resumed>) = 0 [pid 8986] chdir("./393" [pid 8985] setpgid(0, 0 [pid 8981] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8980] exit_group(0) = ? [pid 8986] <... chdir resumed>) = 0 [pid 8985] <... setpgid resumed>) = 0 [pid 8981] <... futex resumed>) = ? [pid 8986] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8981] +++ exited with 0 +++ [pid 8980] +++ exited with 0 +++ [pid 8986] <... prctl resumed>) = 0 [pid 8985] <... openat resumed>) = 3 [pid 8986] setpgid(0, 0 [pid 8985] write(3, "1000", 4 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8980, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5065] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8986] <... setpgid resumed>) = 0 [pid 8985] <... write resumed>) = 4 [pid 8986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8985] close(3 [pid 5065] <... openat resumed>) = 3 [pid 8985] <... close resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 8986] <... openat resumed>) = 3 [pid 8985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8986] write(3, "1000", 4) = 4 [pid 8986] close(3 [pid 8985] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8986] <... close resumed>) = 0 [pid 8985] <... futex resumed>) = 0 [pid 5065] getdents64(3, [pid 8986] symlink("/dev/binderfs", "./binderfs" [pid 8985] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8986] <... symlink resumed>) = 0 [pid 8985] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8985] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8985] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8986] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8985] <... mprotect resumed>) = 0 [pid 5065] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8986] <... futex resumed>) = 0 [pid 8986] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8985] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8982] <... mount resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./389/binderfs", [pid 8982] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8986] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8985] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8982] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8986] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8982] chdir("./file0" [pid 8986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8985] <... clone3 resumed> => {parent_tid=[8987]}, 88) = 8987 [pid 8986] <... mmap resumed>) = 0x7f6713892000 [pid 8985] rt_sigprocmask(SIG_SETMASK, [], [pid 8986] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 8985] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8987 attached [pid 8986] <... mprotect resumed>) = 0 [pid 8985] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8987] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8986] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8985] <... futex resumed>) = 0 [pid 8982] <... chdir resumed>) = 0 [pid 5065] unlink("./389/binderfs" [pid 8987] <... rseq resumed>) = 0 [pid 8985] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8984] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8982] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8987] set_robust_list(0x7f67138b29a0, 24 [pid 8986] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 8987] <... set_robust_list resumed>) = 0 [pid 8986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8982] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8987] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8988 attached [pid 8987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8988] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8987] memfd_create("syzkaller", 0 [pid 8988] <... rseq resumed>) = 0 [pid 8986] <... clone3 resumed> => {parent_tid=[8988]}, 88) = 8988 [pid 8982] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8988] set_robust_list(0x7f67138b29a0, 24 [pid 8987] <... memfd_create resumed>) = 3 [pid 8986] rt_sigprocmask(SIG_SETMASK, [], [pid 8982] <... futex resumed>) = 1 [pid 8979] <... futex resumed>) = 0 [pid 8988] <... set_robust_list resumed>) = 0 [pid 8987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8982] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8979] exit_group(0 [pid 8988] rt_sigprocmask(SIG_SETMASK, [], [pid 8987] <... mmap resumed>) = 0x7f670b400000 [pid 8986] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8979] <... exit_group resumed>) = ? [pid 8988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8986] <... futex resumed>) = 0 [pid 8982] <... futex resumed>) = ? [pid 8988] memfd_create("syzkaller", 0 [pid 5065] <... umount2 resumed>) = 0 [pid 8986] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8988] <... memfd_create resumed>) = 3 [pid 8988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./389/file0", [pid 8988] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8982] +++ exited with 0 +++ [pid 8979] +++ exited with 0 +++ [pid 5065] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8979, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5065] <... openat resumed>) = 4 [pid 5064] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8984] <... write resumed>) = 2097152 [pid 5065] newfstatat(4, "", [pid 8984] munmap(0x7f670b400000, 138412032 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./391/binderfs", [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] unlink("./391/binderfs" [pid 5065] rmdir("./389/file0" [pid 8987] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8988] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8984] <... munmap resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 8984] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8984] <... openat resumed>) = 4 [pid 5065] close(3 [pid 8984] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./389") = 0 [pid 8984] <... ioctl resumed>) = 0 [pid 5065] mkdir("./390", 0777 [pid 8984] close(3) = 0 [pid 8987] <... write resumed>) = 2097152 [pid 8984] close(4 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8987] munmap(0x7f670b400000, 138412032 [pid 8984] <... close resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8987] <... munmap resumed>) = 0 [pid 8984] mkdir("./file0", 0777 [pid 5065] <... openat resumed>) = 3 [pid 5064] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8984] <... mkdir resumed>) = 0 [pid 8984] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5064] newfstatat(AT_FDCWD, "./391/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8987] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8987] <... openat resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 318.902652][ T8984] loop4: detected capacity change from 0 to 4096 [pid 8987] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... openat resumed>) = 4 [pid 8988] <... write resumed>) = 2097152 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8988] munmap(0x7f670b400000, 138412032 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./391/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 8988] <... munmap resumed>) = 0 [pid 8987] <... ioctl resumed>) = 0 [pid 8984] <... mount resumed>) = 0 [pid 5064] close(3 [pid 8988] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5064] <... close resumed>) = 0 [pid 8987] close(3) = 0 [pid 8987] close(4) = 0 [pid 8987] mkdir("./file0", 0777) = 0 [pid 8987] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8984] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] rmdir("./391") = 0 [pid 8984] <... openat resumed>) = 3 [ 318.947317][ T8987] loop0: detected capacity change from 0 to 4096 [pid 8988] ioctl(4, LOOP_SET_FD, 3 [pid 8984] chdir("./file0" [pid 5064] mkdir("./392", 0777 [pid 8984] <... chdir resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 8984] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8984] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... openat resumed>) = 3 [pid 8988] <... ioctl resumed>) = 0 [pid 8984] <... futex resumed>) = 1 [pid 8983] <... futex resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 8984] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8983] exit_group(0 [pid 8988] close(3 [pid 8984] <... futex resumed>) = ? [pid 8983] <... exit_group resumed>) = ? [pid 8984] +++ exited with 0 +++ [pid 5065] close(3 [pid 8987] <... mount resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8983] +++ exited with 0 +++ [pid 8987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 8989 attached [pid 8988] <... close resumed>) = 0 [pid 8987] <... openat resumed>) = 3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8983, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8987] chdir("./file0" [pid 8988] close(4 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 8988] <... close resumed>) = 0 [pid 8987] <... chdir resumed>) = 0 [pid 5066] <... restart_syscall resumed>) = 0 [pid 8988] mkdir("./file0", 0777 [pid 8987] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8989] set_robust_list(0x5555569076a0, 24 [pid 8987] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8989] <... set_robust_list resumed>) = 0 [pid 8987] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8989 [pid 8989] chdir("./390" [pid 8988] <... mkdir resumed>) = 0 [pid 8987] <... futex resumed>) = 1 [pid 8985] <... futex resumed>) = 0 [pid 5066] umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8989] <... chdir resumed>) = 0 [pid 8987] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8985] exit_group(0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8987] <... futex resumed>) = ? [pid 8985] <... exit_group resumed>) = ? [pid 5066] openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8988] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] <... openat resumed>) = 3 [pid 8989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] newfstatat(3, "", [pid 8989] setpgid(0, 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8989] <... setpgid resumed>) = 0 [pid 8989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] getdents64(3, [pid 8989] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [ 319.004681][ T8988] loop1: detected capacity change from 0 to 4096 [pid 5066] umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8989] write(3, "1000", 4) = 4 [pid 8989] close(3 [pid 8987] +++ exited with 0 +++ [pid 8985] +++ exited with 0 +++ [pid 8989] <... close resumed>) = 0 [pid 8989] symlink("/dev/binderfs", "./binderfs" [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8985, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 8989] <... symlink resumed>) = 0 [pid 5062] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 8989] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8989] <... futex resumed>) = 0 [pid 8989] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8989] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] unlink("./386/binderfs" [pid 8989] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... unlink resumed>) = 0 [pid 8989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] newfstatat(AT_FDCWD, "./388/binderfs", [pid 8989] <... mmap resumed>) = 0x7f6713892000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8989] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] unlink("./388/binderfs") = 0 [pid 5066] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8989] <... mprotect resumed>) = 0 [pid 8989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 8989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8990]}, 88) = 8990 [pid 8989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8989] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8989] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8990 attached [pid 8990] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 8990] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5062] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8990] memfd_create("syzkaller", 0 [pid 5062] newfstatat(AT_FDCWD, "./386/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8990] <... memfd_create resumed>) = 3 [pid 5062] getdents64(4, [pid 8990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8990] <... mmap resumed>) = 0x7f670b400000 [pid 5062] getdents64(4, [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] newfstatat(AT_FDCWD, "./388/file0", [pid 5064] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] close(4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] rmdir("./386/file0") = 0 [pid 5066] openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] getdents64(3, ./strace-static-x86_64: Process 8991 attached [pid 5066] <... openat resumed>) = 4 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 8991 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8991] set_robust_list(0x5555569076a0, 24 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 8991] <... set_robust_list resumed>) = 0 [pid 5062] close(3 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8991] chdir("./392" [pid 5066] close(4) = 0 [pid 5066] rmdir("./388/file0" [pid 8991] <... chdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 8991] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] rmdir("./386" [pid 8991] <... prctl resumed>) = 0 [pid 8991] setpgid(0, 0 [pid 8988] <... mount resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 8991] <... setpgid resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] mkdir("./387", 0777 [pid 8991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] close(3 [pid 8991] <... openat resumed>) = 3 [pid 5062] <... mkdir resumed>) = 0 [pid 8988] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 8988] chdir("./file0" [pid 5066] rmdir("./388" [pid 8991] write(3, "1000", 4 [pid 8988] <... chdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8988] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 8988] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] mkdir("./389", 0777 [pid 8988] <... futex resumed>) = 1 [pid 8986] <... futex resumed>) = 0 [pid 8988] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8991] <... write resumed>) = 4 [pid 8990] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8986] exit_group(0 [pid 8991] close(3) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 8986] <... exit_group resumed>) = ? [pid 8988] <... futex resumed>) = ? [pid 8991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8991] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... openat resumed>) = 3 [pid 8991] <... futex resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8991] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8991] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[8992]}, 88) = 8992 ./strace-static-x86_64: Process 8992 attached [pid 8991] rt_sigprocmask(SIG_SETMASK, [], [pid 8992] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8988] +++ exited with 0 +++ [pid 8986] +++ exited with 0 +++ [pid 8992] <... rseq resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8986, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5063] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8992] set_robust_list(0x7f67138b29a0, 24 [pid 8991] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... openat resumed>) = 3 [pid 8991] <... futex resumed>) = 0 [pid 5063] newfstatat(3, "", [pid 8992] <... set_robust_list resumed>) = 0 [pid 8991] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8992] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] getdents64(3, [pid 8992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8992] memfd_create("syzkaller", 0 [pid 5063] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./393/binderfs", [pid 8992] <... memfd_create resumed>) = 3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] unlink("./393/binderfs" [pid 8992] <... mmap resumed>) = 0x7f670b400000 [pid 5063] <... unlink resumed>) = 0 [pid 5063] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5063] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./393/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 8990] <... write resumed>) = 2097152 [pid 5063] close(4 [pid 5062] <... ioctl resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./393/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./393") = 0 [pid 5063] mkdir("./394", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5062] close(3 [pid 8990] munmap(0x7f670b400000, 138412032 [pid 5062] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8993 attached , child_tidptr=0x555556907690) = 8993 [pid 8993] set_robust_list(0x5555569076a0, 24) = 0 [pid 8993] chdir("./387") = 0 [pid 8993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8993] setpgid(0, 0) = 0 [pid 8993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8990] <... munmap resumed>) = 0 [pid 8993] <... openat resumed>) = 3 [pid 8992] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... ioctl resumed>) = 0 [pid 8993] write(3, "1000", 4) = 4 [pid 5066] close(3 [pid 8993] close(3 [pid 5066] <... close resumed>) = 0 [pid 8993] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8993] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8993] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8993] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8993] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8993] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 8994 ./strace-static-x86_64: Process 8994 attached [pid 8993] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8990] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8994] set_robust_list(0x5555569076a0, 24) = 0 [pid 8990] <... openat resumed>) = 4 [pid 8994] chdir("./389" [pid 8993] <... clone3 resumed> => {parent_tid=[8995]}, 88) = 8995 [pid 8993] rt_sigprocmask(SIG_SETMASK, [], [pid 8990] ioctl(4, LOOP_SET_FD, 3 [pid 8994] <... chdir resumed>) = 0 [pid 8994] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8993] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8993] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8994] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 8995 attached [pid 8994] setpgid(0, 0 [pid 8995] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8994] <... setpgid resumed>) = 0 [pid 8995] <... rseq resumed>) = 0 [pid 8994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8995] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8994] <... openat resumed>) = 3 [pid 8995] rt_sigprocmask(SIG_SETMASK, [], [pid 8994] write(3, "1000", 4 [pid 8995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8994] <... write resumed>) = 4 [pid 8995] memfd_create("syzkaller", 0 [pid 8994] close(3 [pid 8995] <... memfd_create resumed>) = 3 [pid 8994] <... close resumed>) = 0 [pid 8995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8994] symlink("/dev/binderfs", "./binderfs" [pid 8995] <... mmap resumed>) = 0x7f670b400000 [pid 8990] <... ioctl resumed>) = 0 [pid 8994] <... symlink resumed>) = 0 [pid 8994] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8990] close(3 [pid 8994] <... futex resumed>) = 0 [pid 8990] <... close resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 8990] close(4 [pid 8994] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8990] <... close resumed>) = 0 [pid 8994] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8990] mkdir("./file0", 0777 [pid 8994] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 319.296870][ T8990] loop3: detected capacity change from 0 to 4096 [pid 8992] <... write resumed>) = 2097152 [pid 5063] close(3 [pid 8994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8990] <... mkdir resumed>) = 0 [pid 8992] munmap(0x7f670b400000, 138412032 [pid 8994] <... mmap resumed>) = 0x7f6713892000 [pid 8992] <... munmap resumed>) = 0 [pid 8990] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] <... close resumed>) = 0 [pid 8994] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8994] <... mprotect resumed>) = 0 [pid 8992] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 8996 attached [pid 8995] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8994] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 8996 [pid 8996] set_robust_list(0x5555569076a0, 24 [pid 8994] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8992] <... openat resumed>) = 4 [pid 8996] <... set_robust_list resumed>) = 0 [pid 8994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 8997 attached [pid 8996] chdir("./394" [pid 8992] ioctl(4, LOOP_SET_FD, 3 [pid 8997] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8996] <... chdir resumed>) = 0 [pid 8994] <... clone3 resumed> => {parent_tid=[8997]}, 88) = 8997 [pid 8997] <... rseq resumed>) = 0 [pid 8996] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8994] rt_sigprocmask(SIG_SETMASK, [], [pid 8997] set_robust_list(0x7f67138b29a0, 24 [pid 8996] <... prctl resumed>) = 0 [pid 8994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8997] <... set_robust_list resumed>) = 0 [pid 8996] setpgid(0, 0 [pid 8994] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8997] rt_sigprocmask(SIG_SETMASK, [], [pid 8996] <... setpgid resumed>) = 0 [pid 8994] <... futex resumed>) = 0 [pid 8997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8994] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8997] memfd_create("syzkaller", 0 [pid 8996] <... openat resumed>) = 3 [pid 8997] <... memfd_create resumed>) = 3 [pid 8996] write(3, "1000", 4 [pid 8997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8996] <... write resumed>) = 4 [pid 8997] <... mmap resumed>) = 0x7f670b400000 [pid 8996] close(3) = 0 [pid 8996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8996] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8996] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 8996] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 8996] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8996] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 8992] <... ioctl resumed>) = 0 [pid 8992] close(3) = 0 [pid 8992] close(4 [pid 8996] <... clone3 resumed> => {parent_tid=[8998]}, 88) = 8998 [pid 8992] <... close resumed>) = 0 [pid 8996] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8998 attached NULL, 8) = 0 [pid 8998] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 8996] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8996] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8998] <... rseq resumed>) = 0 [pid 8998] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 8998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8998] memfd_create("syzkaller", 0 [pid 8992] mkdir("./file0", 0777 [pid 8998] <... memfd_create resumed>) = 3 [pid 8998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 8992] <... mkdir resumed>) = 0 [pid 8990] <... mount resumed>) = 0 [pid 8992] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 8990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 319.395590][ T8992] loop2: detected capacity change from 0 to 4096 [pid 8995] <... write resumed>) = 2097152 [pid 8990] chdir("./file0") = 0 [pid 8990] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8995] munmap(0x7f670b400000, 138412032 [pid 8990] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8990] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8990] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8989] <... futex resumed>) = 0 [pid 8989] exit_group(0 [pid 8990] <... futex resumed>) = ? [pid 8989] <... exit_group resumed>) = ? [pid 8990] +++ exited with 0 +++ [pid 8997] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8989] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8989, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5065] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8995] <... munmap resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8998] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 8997] <... write resumed>) = 2097152 [pid 8992] <... mount resumed>) = 0 [pid 8995] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... openat resumed>) = 3 [pid 8995] <... openat resumed>) = 4 [pid 5065] newfstatat(3, "", [pid 8995] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 8997] munmap(0x7f670b400000, 138412032 [pid 8995] <... ioctl resumed>) = 0 [pid 8992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8992] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8992] chdir("./file0" [pid 5065] newfstatat(AT_FDCWD, "./390/binderfs", [pid 8992] <... chdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8992] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] unlink("./390/binderfs" [pid 8995] close(3 [pid 8992] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8995] <... close resumed>) = 0 [pid 8992] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... unlink resumed>) = 0 [pid 8995] close(4 [pid 8992] <... futex resumed>) = 1 [pid 8991] <... futex resumed>) = 0 [pid 5065] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8998] <... write resumed>) = 2097152 [pid 8997] <... munmap resumed>) = 0 [pid 8995] <... close resumed>) = 0 [pid 8992] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8991] exit_group(0 [pid 5065] <... umount2 resumed>) = 0 [pid 8995] mkdir("./file0", 0777 [pid 8992] <... futex resumed>) = ? [pid 8991] <... exit_group resumed>) = ? [pid 8995] <... mkdir resumed>) = 0 [pid 8992] +++ exited with 0 +++ [pid 5065] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8998] munmap(0x7f670b400000, 138412032 [pid 8997] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8995] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 8991] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8991, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5065] newfstatat(AT_FDCWD, "./390/file0", [pid 8997] <... openat resumed>) = 4 [ 319.518102][ T8995] loop0: detected capacity change from 0 to 4096 [pid 8997] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8998] <... munmap resumed>) = 0 [pid 5065] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 5065] newfstatat(4, "", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5064] getdents64(3, [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./392/binderfs") = 0 [pid 5064] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8997] <... ioctl resumed>) = 0 [pid 8998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] getdents64(4, [pid 5064] <... umount2 resumed>) = 0 [pid 8998] <... openat resumed>) = 4 [pid 8997] close(3 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 8997] <... close resumed>) = 0 [pid 8998] ioctl(4, LOOP_SET_FD, 3 [pid 8997] close(4 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./390/file0" [pid 5064] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(AT_FDCWD, "./392/file0", [pid 8997] <... close resumed>) = 0 [pid 5065] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./390") = 0 [pid 5064] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] mkdir("./391", 0777 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8997] mkdir("./file0", 0777 [pid 8995] <... mount resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8998] <... ioctl resumed>) = 0 [pid 8995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... openat resumed>) = 4 [pid 8998] close(3 [pid 8997] <... mkdir resumed>) = 0 [pid 8995] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5064] newfstatat(4, "", [pid 8998] <... close resumed>) = 0 [pid 8997] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 8995] chdir("./file0" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8998] close(4 [pid 8995] <... chdir resumed>) = 0 [pid 8998] <... close resumed>) = 0 [pid 8995] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] getdents64(4, [pid 8995] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8998] mkdir("./file0", 0777 [pid 8995] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] getdents64(4, [pid 8995] <... futex resumed>) = 1 [pid 8993] <... futex resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8995] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8993] exit_group(0 [pid 5064] close(4 [pid 8995] <... futex resumed>) = ? [pid 8993] <... exit_group resumed>) = ? [pid 5064] <... close resumed>) = 0 [pid 8995] +++ exited with 0 +++ [pid 5064] rmdir("./392/file0" [pid 8998] <... mkdir resumed>) = 0 [pid 8998] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... rmdir resumed>) = 0 [pid 8993] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8993, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 319.565643][ T8997] loop4: detected capacity change from 0 to 4096 [ 319.600341][ T8998] loop1: detected capacity change from 0 to 4096 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./392" [pid 5062] openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 5064] mkdir("./393", 0777 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, [pid 8997] <... mount resumed>) = 0 [pid 8997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... mkdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./387/binderfs", [pid 8997] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] unlink("./387/binderfs" [pid 8997] chdir("./file0") = 0 [pid 5062] <... unlink resumed>) = 0 [pid 8997] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8997] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... ioctl resumed>) = 0 [pid 8997] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8994] <... futex resumed>) = 0 [pid 8994] exit_group(0) = ? [pid 5062] <... umount2 resumed>) = 0 [pid 5065] close(3 [pid 5062] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] newfstatat(AT_FDCWD, "./387/file0", [pid 8997] +++ exited with 0 +++ [pid 8994] +++ exited with 0 +++ [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8994, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5062] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8999 attached ) = -1 EINVAL (Invalid argument) [pid 8999] set_robust_list(0x5555569076a0, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 8999 [pid 5062] openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8999] <... set_robust_list resumed>) = 0 [pid 5066] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8999] chdir("./391" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... openat resumed>) = 4 [pid 8999] <... chdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] newfstatat(4, "", [pid 8999] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... openat resumed>) = 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8999] <... prctl resumed>) = 0 [pid 8998] <... mount resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 5062] getdents64(4, [pid 8999] setpgid(0, 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8999] <... setpgid resumed>) = 0 [pid 5066] getdents64(3, [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 8999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] getdents64(4, [pid 8999] <... openat resumed>) = 3 [pid 8998] <... openat resumed>) = 3 [pid 5066] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 8999] write(3, "1000", 4) = 4 [pid 5062] close(4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... close resumed>) = 0 [pid 8999] close(3) = 0 [pid 5066] newfstatat(AT_FDCWD, "./389/binderfs", [pid 5062] rmdir("./387/file0" [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./389/binderfs" [pid 5062] <... rmdir resumed>) = 0 [pid 8999] symlink("/dev/binderfs", "./binderfs" [pid 8998] chdir("./file0" [pid 5066] <... unlink resumed>) = 0 [pid 5062] getdents64(3, [pid 8998] <... chdir resumed>) = 0 [pid 8999] <... symlink resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 8998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8999] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... close resumed>) = 0 [pid 8999] <... futex resumed>) = 0 [pid 8998] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] rmdir("./387" [pid 8998] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... rmdir resumed>) = 0 [pid 8999] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 8998] <... futex resumed>) = 1 [pid 8996] <... futex resumed>) = 0 [pid 5062] mkdir("./388", 0777 [pid 8999] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8998] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8996] exit_group(0 [pid 8998] <... futex resumed>) = ? [pid 8996] <... exit_group resumed>) = ? [pid 8999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8998] +++ exited with 0 +++ [pid 8996] +++ exited with 0 +++ [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 8999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] close(3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8996, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8999] <... mmap resumed>) = 0x7f6713892000 [pid 5066] newfstatat(AT_FDCWD, "./389/file0", [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9000 [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 5062] <... openat resumed>) = 3 [pid 8999] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... restart_syscall resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 9000 attached [pid 8999] <... mprotect resumed>) = 0 [pid 5066] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9000] set_robust_list(0x5555569076a0, 24 [pid 8999] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(4, "", [pid 8999] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9000] <... set_robust_list resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9000] chdir("./393" [pid 5066] getdents64(4, [pid 5063] <... openat resumed>) = 3 [pid 8999] <... clone3 resumed> => {parent_tid=[9001]}, 88) = 9001 [pid 8999] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 9001 attached [pid 9000] <... chdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] newfstatat(3, "", [pid 9001] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9000] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] getdents64(4, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9001] <... rseq resumed>) = 0 [pid 9000] <... prctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9001] set_robust_list(0x7f67138b29a0, 24 [pid 9000] setpgid(0, 0 [pid 9001] <... set_robust_list resumed>) = 0 [pid 9000] <... setpgid resumed>) = 0 [pid 9001] rt_sigprocmask(SIG_SETMASK, [], [pid 9000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9001] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9000] <... openat resumed>) = 3 [pid 8999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] close(4 [pid 5063] getdents64(3, [pid 9001] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9000] write(3, "1000", 4 [pid 5066] <... close resumed>) = 0 [pid 9000] <... write resumed>) = 4 [pid 5066] rmdir("./389/file0" [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 8999] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9000] close(3 [pid 5066] <... rmdir resumed>) = 0 [pid 9001] <... futex resumed>) = 0 [pid 8999] <... futex resumed>) = 1 [pid 5063] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9001] memfd_create("syzkaller", 0 [pid 9000] <... close resumed>) = 0 [pid 8999] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] getdents64(3, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9000] symlink("/dev/binderfs", "./binderfs" [pid 5063] newfstatat(AT_FDCWD, "./394/binderfs", [pid 9000] <... symlink resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(3 [pid 5063] unlink("./394/binderfs" [pid 5066] <... close resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5066] rmdir("./389" [pid 5063] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9000] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 9000] <... futex resumed>) = 0 [pid 9001] <... memfd_create resumed>) = 3 [pid 9000] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] mkdir("./390", 0777 [pid 9001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9000] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 9001] <... mmap resumed>) = 0x7f670b400000 [pid 9000] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9000] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9000] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9000] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5063] newfstatat(AT_FDCWD, "./394/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9000] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 9002 attached [pid 9000] <... clone3 resumed> => {parent_tid=[9002]}, 88) = 9002 [pid 5063] <... openat resumed>) = 4 [pid 5062] <... ioctl resumed>) = 0 [pid 9002] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9000] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] newfstatat(4, "", [pid 5062] close(3 [pid 9002] <... rseq resumed>) = 0 [pid 9000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9002] set_robust_list(0x7f67138b29a0, 24 [pid 5062] <... close resumed>) = 0 [pid 9002] <... set_robust_list resumed>) = 0 [pid 9002] rt_sigprocmask(SIG_SETMASK, [], [pid 9000] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(4, [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4 [pid 9000] <... futex resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 9000] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] rmdir("./394/file0" [pid 9002] memfd_create("syzkaller", 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./394" [pid 9002] <... memfd_create resumed>) = 3 [pid 5063] <... rmdir resumed>) = 0 [pid 9002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] mkdir("./395", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 9003 attached [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9003 [pid 9003] set_robust_list(0x5555569076a0, 24) = 0 [pid 9003] chdir("./388") = 0 [pid 9003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9003] setpgid(0, 0) = 0 [pid 9003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9003] write(3, "1000", 4 [pid 9001] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9003] <... write resumed>) = 4 [pid 9003] close(3) = 0 [pid 9003] symlink("/dev/binderfs", "./binderfs" [pid 9002] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9003] <... symlink resumed>) = 0 [pid 9003] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9003] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9003] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 9002] <... write resumed>) = 2097152 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9002] munmap(0x7f670b400000, 138412032 [pid 9003] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9004 [pid 9003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9005 attached ./strace-static-x86_64: Process 9004 attached [pid 9005] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9003] <... clone3 resumed> => {parent_tid=[9005]}, 88) = 9005 [pid 9002] <... munmap resumed>) = 0 [pid 9001] <... write resumed>) = 2097152 [pid 5063] <... ioctl resumed>) = 0 [pid 9005] <... rseq resumed>) = 0 [pid 9004] set_robust_list(0x5555569076a0, 24 [pid 9003] rt_sigprocmask(SIG_SETMASK, [], [pid 9005] set_robust_list(0x7f67138b29a0, 24 [pid 9003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9002] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9003] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9004] <... set_robust_list resumed>) = 0 [pid 9003] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9005] <... set_robust_list resumed>) = 0 [pid 9004] chdir("./390" [pid 9002] <... openat resumed>) = 4 [pid 9005] rt_sigprocmask(SIG_SETMASK, [], [pid 9002] ioctl(4, LOOP_SET_FD, 3 [pid 9005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9004] <... chdir resumed>) = 0 [pid 5063] close(3 [pid 9004] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] <... close resumed>) = 0 [pid 9004] <... prctl resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9004] setpgid(0, 0) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9006 [pid 9004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9004] write(3, "1000", 4) = 4 [pid 9004] close(3) = 0 [pid 9004] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 9006 attached [pid 9006] set_robust_list(0x5555569076a0, 24) = 0 [pid 9004] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9006] chdir("./395" [pid 9005] memfd_create("syzkaller", 0 [pid 9004] <... futex resumed>) = 0 [pid 9006] <... chdir resumed>) = 0 [pid 9004] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9006] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9005] <... memfd_create resumed>) = 3 [pid 9004] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9006] <... prctl resumed>) = 0 [pid 9004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9001] munmap(0x7f670b400000, 138412032 [pid 9006] setpgid(0, 0 [pid 9004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9001] <... munmap resumed>) = 0 [pid 9006] <... setpgid resumed>) = 0 [pid 9004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9005] <... mmap resumed>) = 0x7f670b400000 [pid 9004] <... mmap resumed>) = 0x7f6713892000 [pid 9006] <... openat resumed>) = 3 [pid 9004] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9006] write(3, "1000", 4 [pid 9004] <... mprotect resumed>) = 0 [pid 9002] <... ioctl resumed>) = 0 [pid 9002] close(3) = 0 [pid 9006] <... write resumed>) = 4 [pid 9004] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9002] close(4 [pid 9006] close(3 [pid 9004] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9006] <... close resumed>) = 0 [pid 9004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9002] <... close resumed>) = 0 [pid 9006] symlink("/dev/binderfs", "./binderfs" [pid 9002] mkdir("./file0", 0777 [pid 9006] <... symlink resumed>) = 0 [pid 9004] <... clone3 resumed> => {parent_tid=[9007]}, 88) = 9007 ./strace-static-x86_64: Process 9007 attached [pid 9006] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9004] rt_sigprocmask(SIG_SETMASK, [], [pid 9002] <... mkdir resumed>) = 0 [pid 9007] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9006] <... futex resumed>) = 0 [pid 9004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9001] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9007] <... rseq resumed>) = 0 [pid 9006] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9004] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9007] set_robust_list(0x7f67138b29a0, 24 [pid 9006] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9004] <... futex resumed>) = 0 [pid 9001] <... openat resumed>) = 4 [pid 9007] <... set_robust_list resumed>) = 0 [pid 9006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9004] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9002] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9007] rt_sigprocmask(SIG_SETMASK, [], [pid 9006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9001] ioctl(4, LOOP_SET_FD, 3 [pid 9007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9007] memfd_create("syzkaller", 0 [pid 9006] <... mmap resumed>) = 0x7f6713892000 [pid 9006] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9008 attached [pid 9008] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9008] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9007] <... memfd_create resumed>) = 3 [pid 9006] <... clone3 resumed> => {parent_tid=[9008]}, 88) = 9008 [pid 9008] rt_sigprocmask(SIG_SETMASK, [], [pid 9007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9006] rt_sigprocmask(SIG_SETMASK, [], [pid 9008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9007] <... mmap resumed>) = 0x7f670b400000 [pid 9006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9008] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9006] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9008] <... futex resumed>) = 0 [pid 9006] <... futex resumed>) = 1 [pid 9008] memfd_create("syzkaller", 0 [pid 9006] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9001] <... ioctl resumed>) = 0 [pid 9001] close(3) = 0 [pid 9001] close(4) = 0 [pid 9001] mkdir("./file0", 0777) = 0 [pid 9008] <... memfd_create resumed>) = 3 [pid 9008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 319.944915][ T9002] loop2: detected capacity change from 0 to 4096 [ 319.982840][ T9001] loop3: detected capacity change from 0 to 4096 [pid 9001] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9008] <... mmap resumed>) = 0x7f670b400000 [pid 9002] <... mount resumed>) = 0 [pid 9002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9002] chdir("./file0") = 0 [pid 9002] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9002] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9000] <... futex resumed>) = 0 [pid 9002] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9000] exit_group(0 [pid 9002] <... futex resumed>) = ? [pid 9000] <... exit_group resumed>) = ? [pid 9005] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9002] +++ exited with 0 +++ [pid 9000] +++ exited with 0 +++ [pid 9007] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9000, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./393/binderfs") = 0 [pid 5064] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5064] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./393/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 9008] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9001] <... mount resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9001] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9001] chdir("./file0") = 0 [pid 9001] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9001] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./393/file0" [pid 9001] <... futex resumed>) = 1 [pid 8999] <... futex resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 9001] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8999] exit_group(0 [pid 5064] getdents64(3, [pid 9001] <... futex resumed>) = ? [pid 8999] <... exit_group resumed>) = ? [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9001] +++ exited with 0 +++ [pid 8999] +++ exited with 0 +++ [pid 5064] close(3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8999, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./393") = 0 [pid 5065] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] mkdir("./394", 0777) = 0 [pid 5065] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 5065] getdents64(3, [pid 5064] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9009 attached , child_tidptr=0x555556907690) = 9009 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9009] set_robust_list(0x5555569076a0, 24 [pid 5065] newfstatat(AT_FDCWD, "./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9009] <... set_robust_list resumed>) = 0 [pid 5065] unlink("./391/binderfs" [pid 9009] chdir("./394" [pid 9005] <... write resumed>) = 2097152 [pid 9009] <... chdir resumed>) = 0 [pid 9005] munmap(0x7f670b400000, 138412032 [pid 5065] <... unlink resumed>) = 0 [pid 9009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9008] <... write resumed>) = 2097152 [pid 9007] <... write resumed>) = 2097152 [pid 5065] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9009] <... prctl resumed>) = 0 [pid 9009] setpgid(0, 0 [pid 9007] munmap(0x7f670b400000, 138412032 [pid 9009] <... setpgid resumed>) = 0 [pid 9007] <... munmap resumed>) = 0 [pid 9005] <... munmap resumed>) = 0 [pid 9009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9007] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9007] ioctl(4, LOOP_SET_FD, 3 [pid 9009] <... openat resumed>) = 3 [pid 9005] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... umount2 resumed>) = 0 [pid 9005] <... openat resumed>) = 4 [pid 9005] ioctl(4, LOOP_SET_FD, 3 [pid 9008] munmap(0x7f670b400000, 138412032) = 0 [pid 9008] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9009] write(3, "1000", 4 [pid 9007] <... ioctl resumed>) = 0 [pid 9005] <... ioctl resumed>) = 0 [pid 5065] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9009] <... write resumed>) = 4 [pid 9008] <... openat resumed>) = 4 [pid 9007] close(3 [pid 9005] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9009] close(3 [pid 9008] ioctl(4, LOOP_SET_FD, 3 [pid 9007] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./391/file0", [pid 9009] <... close resumed>) = 0 [pid 9007] close(4 [pid 9005] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9005] close(4 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 9009] symlink("/dev/binderfs", "./binderfs" [pid 9007] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 9007] mkdir("./file0", 0777 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9007] <... mkdir resumed>) = 0 [pid 5065] close(4 [pid 9007] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5065] <... close resumed>) = 0 [pid 9005] <... close resumed>) = 0 [pid 5065] rmdir("./391/file0" [pid 9009] <... symlink resumed>) = 0 [pid 9005] mkdir("./file0", 0777 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 9005] <... mkdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./391") = 0 [pid 9009] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9009] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5065] mkdir("./392", 0777 [pid 9009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 9009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9008] <... ioctl resumed>) = 0 [pid 9005] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9009] <... mmap resumed>) = 0x7f6713892000 [pid 9008] close(3 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9009] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9008] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 9009] <... mprotect resumed>) = 0 [pid 9009] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9008] close(4 [pid 9009] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9008] <... close resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9008] mkdir("./file0", 0777./strace-static-x86_64: Process 9010 attached [pid 9010] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9009] <... clone3 resumed> => {parent_tid=[9010]}, 88) = 9010 [pid 9010] <... rseq resumed>) = 0 [pid 9009] rt_sigprocmask(SIG_SETMASK, [], [pid 9008] <... mkdir resumed>) = 0 [pid 9010] set_robust_list(0x7f67138b29a0, 24 [pid 9009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9008] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9010] <... set_robust_list resumed>) = 0 [pid 9009] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9010] rt_sigprocmask(SIG_SETMASK, [], [pid 9009] <... futex resumed>) = 0 [pid 9010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9010] memfd_create("syzkaller", 0 [ 320.192539][ T9007] loop4: detected capacity change from 0 to 4096 [ 320.200948][ T9005] loop0: detected capacity change from 0 to 4096 [ 320.224889][ T9008] loop1: detected capacity change from 0 to 4096 [pid 9009] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9010] <... memfd_create resumed>) = 3 [pid 9010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9005] <... mount resumed>) = 0 [pid 9005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9005] chdir("./file0") = 0 [pid 9005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9005] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9003] <... futex resumed>) = 0 [pid 9005] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9003] exit_group(0) = ? [pid 9005] <... futex resumed>) = ? [pid 9005] +++ exited with 0 +++ [pid 9003] +++ exited with 0 +++ [pid 9007] <... mount resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9003, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5062] umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9007] chdir("./file0") = 0 [pid 9007] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9007] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9007] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", [pid 9004] <... futex resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9004] exit_group(0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9004] <... exit_group resumed>) = ? [pid 5062] umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9007] <... futex resumed>) = ? [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9007] +++ exited with 0 +++ [pid 9004] +++ exited with 0 +++ [pid 5062] newfstatat(AT_FDCWD, "./388/binderfs", [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9004, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./388/binderfs") = 0 [pid 5062] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./390/binderfs") = 0 [pid 5066] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9010] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./388/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9008] <... mount resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9008] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9008] <... openat resumed>) = 3 [pid 5062] getdents64(4, [pid 9008] chdir("./file0" [pid 5066] <... umount2 resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9008] <... chdir resumed>) = 0 [pid 5062] getdents64(4, [pid 9008] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9008] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] close(4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... close resumed>) = 0 [pid 9008] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(AT_FDCWD, "./390/file0", [pid 5062] rmdir("./388/file0" [pid 5065] <... ioctl resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9008] <... futex resumed>) = 1 [pid 9006] <... futex resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... close resumed>) = 0 [pid 9006] exit_group(0 [pid 5066] <... openat resumed>) = 4 [pid 5062] rmdir("./388" [pid 9006] <... exit_group resumed>) = ? [pid 5066] newfstatat(4, "", [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] mkdir("./389", 0777 [pid 5066] getdents64(4, [pid 5065] close(3 [pid 5062] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... close resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] getdents64(4, [pid 5062] <... openat resumed>) = 3 [pid 9008] +++ exited with 0 +++ [pid 9006] +++ exited with 0 +++ [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5066] close(4) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9006, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5066] rmdir("./390/file0" [pid 5063] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... rmdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(3, [pid 5063] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] newfstatat(3, "", [pid 5066] close(3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... close resumed>) = 0 [pid 5063] getdents64(3, [pid 5066] rmdir("./390" [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] mkdir("./391", 0777 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./395/binderfs") = 0 [pid 5063] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... mkdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9011 ./strace-static-x86_64: Process 9011 attached [pid 5063] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9011] set_robust_list(0x5555569076a0, 24 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9011] <... set_robust_list resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./395/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9011] chdir("./392" [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5063] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] close(3) = 0 [pid 9011] <... chdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] newfstatat(4, "", [pid 9011] setpgid(0, 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9011] <... setpgid resumed>) = 0 [pid 5063] getdents64(4, [pid 9011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9012 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 9012 attached [pid 9011] <... openat resumed>) = 3 [pid 5063] getdents64(4, [pid 9012] set_robust_list(0x5555569076a0, 24 [pid 9011] write(3, "1000", 4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9012] <... set_robust_list resumed>) = 0 [pid 9011] <... write resumed>) = 4 [pid 5063] close(4 [pid 9012] chdir("./391" [pid 9011] close(3 [pid 5063] <... close resumed>) = 0 [pid 9011] <... close resumed>) = 0 [pid 5063] rmdir("./395/file0" [pid 9011] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... rmdir resumed>) = 0 [pid 9012] <... chdir resumed>) = 0 [pid 9011] <... symlink resumed>) = 0 [pid 9012] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9011] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(3, [pid 9012] <... prctl resumed>) = 0 [pid 9011] <... futex resumed>) = 0 [pid 9010] <... write resumed>) = 2097152 [pid 9012] setpgid(0, 0) = 0 [pid 9011] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9011] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9012] <... openat resumed>) = 3 [pid 9011] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9012] write(3, "1000", 4 [pid 9011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9010] munmap(0x7f670b400000, 138412032 [pid 5063] close(3 [pid 5062] <... ioctl resumed>) = 0 [pid 9011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] <... close resumed>) = 0 [pid 9011] <... mmap resumed>) = 0x7f6713892000 [pid 5063] rmdir("./395" [pid 9011] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... rmdir resumed>) = 0 [pid 9012] <... write resumed>) = 4 [pid 9011] <... mprotect resumed>) = 0 [pid 9012] close(3 [pid 9011] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] mkdir("./396", 0777 [pid 9012] <... close resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5062] close(3 [pid 9012] symlink("/dev/binderfs", "./binderfs" [pid 9011] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] ioctl(3, LOOP_CLR_FD) = 0 [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9010] <... munmap resumed>) = 0 [pid 9011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9012] <... symlink resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9013 ./strace-static-x86_64: Process 9013 attached [pid 9013] set_robust_list(0x5555569076a0, 24 [pid 9012] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9011] <... clone3 resumed> => {parent_tid=[9015]}, 88) = 9015 [pid 9013] <... set_robust_list resumed>) = 0 [pid 9012] <... futex resumed>) = 0 [pid 9011] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9014 [pid 9013] chdir("./389" [pid 9012] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9011] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 9014 attached [pid 9013] <... chdir resumed>) = 0 [pid 9012] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9011] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 9015 attached [pid 9014] set_robust_list(0x5555569076a0, 24 [pid 9013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9013] setpgid(0, 0 [pid 9014] <... set_robust_list resumed>) = 0 [pid 9014] chdir("./396" [pid 9013] <... setpgid resumed>) = 0 [pid 9011] <... futex resumed>) = 0 [pid 9013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9012] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9011] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9013] <... openat resumed>) = 3 [pid 9012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9014] <... chdir resumed>) = 0 [pid 9013] write(3, "1000", 4 [pid 9012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9013] <... write resumed>) = 4 [pid 9013] close(3 [pid 9012] <... mmap resumed>) = 0x7f6713892000 [pid 9014] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9013] <... close resumed>) = 0 [pid 9012] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9014] <... prctl resumed>) = 0 [pid 9013] symlink("/dev/binderfs", "./binderfs" [pid 9012] <... mprotect resumed>) = 0 [pid 9015] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9013] <... symlink resumed>) = 0 [pid 9012] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9015] <... rseq resumed>) = 0 [pid 9015] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9015] rt_sigprocmask(SIG_SETMASK, [], [pid 9014] setpgid(0, 0 [pid 9015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9013] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9012] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9014] <... setpgid resumed>) = 0 [pid 9013] <... futex resumed>) = 0 [pid 9012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9016 attached [pid 9014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9013] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9014] <... openat resumed>) = 3 [pid 9015] memfd_create("syzkaller", 0 [pid 9013] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9012] <... clone3 resumed> => {parent_tid=[9016]}, 88) = 9016 [pid 9016] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9014] write(3, "1000", 4 [pid 9013] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9012] rt_sigprocmask(SIG_SETMASK, [], [pid 9010] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9016] <... rseq resumed>) = 0 [pid 9014] <... write resumed>) = 4 [pid 9013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9016] set_robust_list(0x7f67138b29a0, 24 [pid 9014] close(3 [pid 9013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9012] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9010] <... openat resumed>) = 4 [pid 9016] <... set_robust_list resumed>) = 0 [pid 9014] <... close resumed>) = 0 [pid 9015] <... memfd_create resumed>) = 3 [pid 9013] <... mmap resumed>) = 0x7f6713892000 [pid 9016] rt_sigprocmask(SIG_SETMASK, [], [pid 9012] <... futex resumed>) = 0 [pid 9016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9012] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9016] memfd_create("syzkaller", 0 [pid 9015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9010] ioctl(4, LOOP_SET_FD, 3 [pid 9016] <... memfd_create resumed>) = 3 [pid 9014] symlink("/dev/binderfs", "./binderfs" [pid 9013] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9014] <... symlink resumed>) = 0 [pid 9013] <... mprotect resumed>) = 0 [pid 9016] <... mmap resumed>) = 0x7f670b400000 [pid 9013] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9014] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9015] <... mmap resumed>) = 0x7f670b400000 [pid 9013] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9014] <... futex resumed>) = 0 [pid 9013] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9014] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9013] <... clone3 resumed> => {parent_tid=[9017]}, 88) = 9017 [pid 9014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9013] rt_sigprocmask(SIG_SETMASK, [], [pid 9014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9013] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 9017 attached [pid 9014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9013] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9017] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9014] <... mmap resumed>) = 0x7f6713892000 [pid 9013] <... futex resumed>) = 0 [pid 9017] <... rseq resumed>) = 0 [pid 9014] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9013] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9014] <... mprotect resumed>) = 0 [pid 9010] <... ioctl resumed>) = 0 [pid 9017] set_robust_list(0x7f67138b29a0, 24 [pid 9014] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9017] <... set_robust_list resumed>) = 0 [pid 9014] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9017] rt_sigprocmask(SIG_SETMASK, [], [pid 9014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9017] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 9018 attached [pid 9017] memfd_create("syzkaller", 0 [pid 9010] close(3 [pid 9018] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9010] <... close resumed>) = 0 [pid 9018] <... rseq resumed>) = 0 [pid 9010] close(4 [pid 9017] <... memfd_create resumed>) = 3 [pid 9014] <... clone3 resumed> => {parent_tid=[9018]}, 88) = 9018 [pid 9014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9014] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9014] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9010] <... close resumed>) = 0 [ 320.511767][ T9010] loop2: detected capacity change from 0 to 4096 [pid 9018] set_robust_list(0x7f67138b29a0, 24 [pid 9010] mkdir("./file0", 0777 [pid 9018] <... set_robust_list resumed>) = 0 [pid 9010] <... mkdir resumed>) = 0 [pid 9018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9018] memfd_create("syzkaller", 0 [pid 9010] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9018] <... memfd_create resumed>) = 3 [pid 9018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9016] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9015] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9017] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9010] <... mount resumed>) = 0 [pid 9010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9018] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9010] chdir("./file0") = 0 [pid 9010] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9015] <... write resumed>) = 2097152 [pid 9010] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9010] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9015] munmap(0x7f670b400000, 138412032 [pid 9010] <... futex resumed>) = 1 [pid 9010] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9009] <... futex resumed>) = 0 [pid 9009] exit_group(0) = ? [pid 9010] <... futex resumed>) = ? [pid 9016] <... write resumed>) = 2097152 [pid 9015] <... munmap resumed>) = 0 [pid 9010] +++ exited with 0 +++ [pid 9009] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9009, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 9018] <... write resumed>) = 2097152 [pid 9015] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 9016] munmap(0x7f670b400000, 138412032 [pid 5064] newfstatat(3, "", [pid 9018] munmap(0x7f670b400000, 138412032 [pid 9017] <... write resumed>) = 2097152 [pid 9015] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9017] munmap(0x7f670b400000, 138412032 [pid 9016] <... munmap resumed>) = 0 [pid 5064] getdents64(3, [pid 9018] <... munmap resumed>) = 0 [pid 9017] <... munmap resumed>) = 0 [pid 9016] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9015] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9018] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9017] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9016] <... openat resumed>) = 4 [pid 9017] <... openat resumed>) = 4 [pid 9016] ioctl(4, LOOP_SET_FD, 3 [pid 9018] <... openat resumed>) = 4 [pid 9017] ioctl(4, LOOP_SET_FD, 3 [pid 9015] <... ioctl resumed>) = 0 [pid 5064] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9018] ioctl(4, LOOP_SET_FD, 3 [pid 9016] <... ioctl resumed>) = 0 [pid 9015] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./394/binderfs", [pid 9018] <... ioctl resumed>) = 0 [pid 9016] close(3 [pid 9015] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9018] close(3 [pid 9016] <... close resumed>) = 0 [pid 9015] close(4 [pid 5064] unlink("./394/binderfs" [pid 9018] <... close resumed>) = 0 [pid 9017] <... ioctl resumed>) = 0 [pid 9016] close(4 [pid 9015] <... close resumed>) = 0 [pid 9017] close(3) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 9017] close(4 [pid 9016] <... close resumed>) = 0 [pid 9017] <... close resumed>) = 0 [pid 9016] mkdir("./file0", 0777 [pid 9015] mkdir("./file0", 0777 [pid 5064] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9017] mkdir("./file0", 0777) = 0 [pid 9017] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9018] close(4 [pid 9016] <... mkdir resumed>) = 0 [pid 9015] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 9018] <... close resumed>) = 0 [pid 9018] mkdir("./file0", 0777 [pid 9016] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9018] <... mkdir resumed>) = 0 [pid 5064] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./394/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9018] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9015] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./394/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [ 320.751134][ T9015] loop3: detected capacity change from 0 to 4096 [ 320.754205][ T9016] loop4: detected capacity change from 0 to 4096 [ 320.765200][ T9018] loop1: detected capacity change from 0 to 4096 [ 320.765503][ T9017] loop0: detected capacity change from 0 to 4096 [pid 5064] close(3) = 0 [pid 5064] rmdir("./394") = 0 [pid 9016] <... mount resumed>) = 0 [pid 5064] mkdir("./395", 0777) = 0 [pid 9016] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9016] chdir("./file0" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9016] <... chdir resumed>) = 0 [pid 9016] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... openat resumed>) = 3 [pid 9016] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9018] <... mount resumed>) = 0 [pid 9016] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9018] chdir("./file0") = 0 [pid 9016] <... futex resumed>) = 1 [pid 9012] <... futex resumed>) = 0 [pid 9018] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9016] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9018] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9012] exit_group(0 [pid 9018] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9016] <... futex resumed>) = ? [pid 9012] <... exit_group resumed>) = ? [pid 9018] <... futex resumed>) = 1 [pid 9016] +++ exited with 0 +++ [pid 9012] +++ exited with 0 +++ [pid 9018] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9014] <... futex resumed>) = 0 [pid 9014] exit_group(0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9012, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 9018] <... futex resumed>) = ? [pid 9014] <... exit_group resumed>) = ? [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 9018] +++ exited with 0 +++ [pid 5066] <... restart_syscall resumed>) = 0 [pid 9014] +++ exited with 0 +++ [pid 9015] <... mount resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9014, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 9017] <... mount resumed>) = 0 [pid 9015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... restart_syscall resumed>) = 0 [pid 9015] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9015] chdir("./file0" [pid 5066] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9015] <... chdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 9017] <... openat resumed>) = 3 [pid 9015] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9015] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] getdents64(3, [pid 9017] chdir("./file0") = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9015] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9017] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9015] <... futex resumed>) = 1 [pid 9011] <... futex resumed>) = 0 [pid 9011] exit_group(0) = ? [pid 9017] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9015] +++ exited with 0 +++ [pid 9011] +++ exited with 0 +++ [pid 5066] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9017] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9017] <... futex resumed>) = 1 [pid 9013] <... futex resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./391/binderfs", [pid 9013] exit_group(0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9013] <... exit_group resumed>) = ? [pid 5066] unlink("./391/binderfs" [pid 9017] +++ exited with 0 +++ [pid 9013] +++ exited with 0 +++ [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9013, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5063] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9011, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5063] <... openat resumed>) = 3 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 5063] newfstatat(3, "", [pid 5062] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... restart_syscall resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] getdents64(3, [pid 5062] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] newfstatat(AT_FDCWD, "./391/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(3, "", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(4, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./396/binderfs", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] getdents64(3, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5063] unlink("./396/binderfs" [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] getdents64(4, [pid 5065] newfstatat(3, "", [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... unlink resumed>) = 0 [pid 5062] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5065] getdents64(3, [pid 5066] rmdir("./391/file0") = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] newfstatat(AT_FDCWD, "./389/binderfs", [pid 5066] getdents64(3, [pid 5065] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./391") = 0 [pid 5066] mkdir("./392", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] unlink("./389/binderfs" [pid 5066] <... mkdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./392/binderfs", [pid 5063] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... unlink resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] unlink("./392/binderfs" [pid 5066] <... openat resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./396/file0", [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] newfstatat(AT_FDCWD, "./389/file0", [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9019 attached [pid 5063] <... openat resumed>) = 4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9019] set_robust_list(0x5555569076a0, 24 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9019 [pid 5063] newfstatat(4, "", [pid 5062] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9019] <... set_robust_list resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9019] chdir("./395" [pid 5062] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9019] <... chdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... openat resumed>) = 4 [pid 9019] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] newfstatat(4, "", [pid 9019] <... prctl resumed>) = 0 [pid 9019] setpgid(0, 0 [pid 5063] getdents64(4, [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 9019] <... setpgid resumed>) = 0 [pid 9019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9019] <... openat resumed>) = 3 [pid 5065] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 9019] write(3, "1000", 4 [pid 5063] close(4 [pid 5062] getdents64(4, [pid 9019] <... write resumed>) = 4 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9019] close(3) = 0 [pid 5062] close(4 [pid 9019] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./389/file0" [pid 9019] <... symlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./392/file0", [pid 5063] rmdir("./396/file0" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5065] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(3, [pid 9019] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] getdents64(3, [pid 9019] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] close(3 [pid 9019] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9019] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] close(3 [pid 9019] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./389" [pid 9019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5063] <... close resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 9019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] mkdir("./390", 0777 [pid 5065] newfstatat(4, "", [pid 5063] rmdir("./396" [pid 9019] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 9019] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] getdents64(4, [pid 5063] mkdir("./397", 0777 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... mkdir resumed>) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./392/file0") = 0 [pid 5065] getdents64(3, [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9019] <... mprotect resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 9019] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] close(3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9019] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] <... close resumed>) = 0 [pid 9019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] rmdir("./392"./strace-static-x86_64: Process 9020 attached ) = 0 [pid 9020] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9019] <... clone3 resumed> => {parent_tid=[9020]}, 88) = 9020 [pid 5066] <... ioctl resumed>) = 0 [pid 5065] mkdir("./393", 0777 [pid 9020] <... rseq resumed>) = 0 [pid 9019] rt_sigprocmask(SIG_SETMASK, [], [pid 9020] set_robust_list(0x7f67138b29a0, 24 [pid 9019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] close(3 [pid 9020] <... set_robust_list resumed>) = 0 [pid 9019] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... close resumed>) = 0 [pid 9020] rt_sigprocmask(SIG_SETMASK, [], [pid 9019] <... futex resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9019] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9020] memfd_create("syzkaller", 0) = 3 [pid 9020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9021 [pid 5065] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 9021 attached [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 9021] set_robust_list(0x5555569076a0, 24 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9021] <... set_robust_list resumed>) = 0 [pid 9021] chdir("./392") = 0 [pid 9021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9021] setpgid(0, 0) = 0 [pid 9021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9021] write(3, "1000", 4) = 4 [pid 9021] close(3) = 0 [pid 9021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9021] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9021] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9021] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9022 attached [pid 9022] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9021] <... clone3 resumed> => {parent_tid=[9022]}, 88) = 9022 [pid 9022] <... rseq resumed>) = 0 [pid 9021] rt_sigprocmask(SIG_SETMASK, [], [pid 9022] set_robust_list(0x7f67138b29a0, 24 [pid 9021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9022] <... set_robust_list resumed>) = 0 [pid 9021] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9022] rt_sigprocmask(SIG_SETMASK, [], [pid 9021] <... futex resumed>) = 0 [pid 9022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9021] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9022] memfd_create("syzkaller", 0) = 3 [pid 9022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9020] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... ioctl resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 9022] <... mmap resumed>) = 0x7f670b400000 [pid 5063] close(3 [pid 5062] close(3 [pid 5063] <... close resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 9023 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9023 attached [pid 9023] set_robust_list(0x5555569076a0, 24) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 9023] chdir("./397") = 0 [pid 5065] close(3 [pid 9023] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... close resumed>) = 0 [pid 9023] <... prctl resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9023] setpgid(0, 0./strace-static-x86_64: Process 9025 attached ) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9025 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9024 ./strace-static-x86_64: Process 9024 attached [pid 9025] set_robust_list(0x5555569076a0, 24 [pid 9023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9025] <... set_robust_list resumed>) = 0 [pid 9023] <... openat resumed>) = 3 [pid 9024] set_robust_list(0x5555569076a0, 24) = 0 [pid 9025] chdir("./393" [pid 9023] write(3, "1000", 4 [pid 9025] <... chdir resumed>) = 0 [pid 9023] <... write resumed>) = 4 [pid 9025] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9023] close(3 [pid 9024] chdir("./390" [pid 9025] <... prctl resumed>) = 0 [pid 9023] <... close resumed>) = 0 [pid 9025] setpgid(0, 0 [pid 9023] symlink("/dev/binderfs", "./binderfs" [pid 9025] <... setpgid resumed>) = 0 [pid 9023] <... symlink resumed>) = 0 [pid 9025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9023] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9025] <... openat resumed>) = 3 [pid 9023] <... futex resumed>) = 0 [pid 9023] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9023] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9025] write(3, "1000", 4 [pid 9023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9025] <... write resumed>) = 4 [pid 9023] <... mmap resumed>) = 0x7f6713892000 [pid 9024] <... chdir resumed>) = 0 [pid 9025] close(3 [pid 9023] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9025] <... close resumed>) = 0 [pid 9023] <... mprotect resumed>) = 0 [pid 9024] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9025] symlink("/dev/binderfs", "./binderfs" [pid 9023] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9024] <... prctl resumed>) = 0 [pid 9025] <... symlink resumed>) = 0 [pid 9020] <... write resumed>) = 2097152 [pid 9025] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9024] setpgid(0, 0 [pid 9025] <... futex resumed>) = 0 [pid 9023] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9020] munmap(0x7f670b400000, 138412032 [pid 9024] <... setpgid resumed>) = 0 [pid 9025] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9025] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9022] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 9026 attached [pid 9025] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9023] <... clone3 resumed> => {parent_tid=[9026]}, 88) = 9026 [pid 9025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9023] rt_sigprocmask(SIG_SETMASK, [], [pid 9024] <... openat resumed>) = 3 [pid 9025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9025] <... mmap resumed>) = 0x7f6713892000 [pid 9023] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9026] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9025] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9023] <... futex resumed>) = 0 [pid 9026] <... rseq resumed>) = 0 [pid 9025] <... mprotect resumed>) = 0 [pid 9023] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9026] set_robust_list(0x7f67138b29a0, 24 [pid 9024] write(3, "1000", 4 [pid 9025] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9026] <... set_robust_list resumed>) = 0 [pid 9024] <... write resumed>) = 4 [pid 9026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9026] memfd_create("syzkaller", 0 [pid 9024] close(3) = 0 [pid 9024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9025] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9024] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9024] <... futex resumed>) = 0 [pid 9020] <... munmap resumed>) = 0 [pid 9026] <... memfd_create resumed>) = 3 [pid 9024] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9025] <... clone3 resumed> => {parent_tid=[9027]}, 88) = 9027 [pid 9020] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9025] rt_sigprocmask(SIG_SETMASK, [], [pid 9020] <... openat resumed>) = 4 [pid 9026] <... mmap resumed>) = 0x7f670b400000 [pid 9024] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9025] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 9027 attached [pid 9024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9025] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9020] ioctl(4, LOOP_SET_FD, 3 [pid 9024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9027] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9024] <... mmap resumed>) = 0x7f6713892000 [pid 9027] <... rseq resumed>) = 0 [pid 9027] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9027] memfd_create("syzkaller", 0) = 3 [pid 9027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9024] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9020] <... ioctl resumed>) = 0 [pid 9024] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9020] close(3 [pid 9024] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9020] <... close resumed>) = 0 [pid 9024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9020] close(4 [pid 9024] <... clone3 resumed> => {parent_tid=[9028]}, 88) = 9028 [pid 9020] <... close resumed>) = 0 [pid 9024] rt_sigprocmask(SIG_SETMASK, [], [pid 9020] mkdir("./file0", 0777./strace-static-x86_64: Process 9028 attached [pid 9024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9028] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9020] <... mkdir resumed>) = 0 [pid 9024] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9026] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9020] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9024] <... futex resumed>) = 0 [pid 9028] <... rseq resumed>) = 0 [pid 9024] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9028] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9028] memfd_create("syzkaller", 0) = 3 [pid 9028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [ 321.216886][ T9020] loop2: detected capacity change from 0 to 4096 [pid 9022] <... write resumed>) = 2097152 [pid 9022] munmap(0x7f670b400000, 138412032 [pid 9026] <... write resumed>) = 2097152 [pid 9026] munmap(0x7f670b400000, 138412032 [pid 9022] <... munmap resumed>) = 0 [pid 9028] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9026] <... munmap resumed>) = 0 [pid 9027] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9022] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9020] <... mount resumed>) = 0 [pid 9022] <... openat resumed>) = 4 [pid 9020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9022] ioctl(4, LOOP_SET_FD, 3 [pid 9020] <... openat resumed>) = 3 [pid 9020] chdir("./file0" [pid 9026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9020] <... chdir resumed>) = 0 [pid 9026] <... openat resumed>) = 4 [pid 9022] <... ioctl resumed>) = 0 [pid 9020] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9026] ioctl(4, LOOP_SET_FD, 3 [pid 9022] close(3) = 0 [pid 9020] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9022] close(4) = 0 [pid 9022] mkdir("./file0", 0777) = 0 [pid 9020] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9022] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9020] <... futex resumed>) = 1 [pid 9019] <... futex resumed>) = 0 [pid 9019] exit_group(0) = ? [pid 9027] <... write resumed>) = 2097152 [pid 9027] munmap(0x7f670b400000, 138412032) = 0 [pid 9027] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9026] <... ioctl resumed>) = 0 [pid 9020] +++ exited with 0 +++ [pid 9019] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9019, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 9027] <... openat resumed>) = 4 [pid 5064] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 321.322487][ T9022] loop4: detected capacity change from 0 to 4096 [ 321.343460][ T9026] loop1: detected capacity change from 0 to 4096 [pid 5064] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9027] ioctl(4, LOOP_SET_FD, 3 [pid 9026] close(3 [pid 9027] <... ioctl resumed>) = 0 [pid 9026] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 9028] <... write resumed>) = 2097152 [pid 9026] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9026] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 9026] mkdir("./file0", 0777 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9026] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./395/binderfs" [pid 9026] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9028] munmap(0x7f670b400000, 138412032 [pid 9027] close(3 [pid 9028] <... munmap resumed>) = 0 [pid 9022] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 9027] <... close resumed>) = 0 [pid 9027] close(4) = 0 [pid 9028] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9027] mkdir("./file0", 0777 [pid 9028] <... openat resumed>) = 4 [pid 9027] <... mkdir resumed>) = 0 [pid 9022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 321.389869][ T9027] loop3: detected capacity change from 0 to 4096 [pid 5064] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9028] ioctl(4, LOOP_SET_FD, 3 [pid 9022] chdir("./file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9026] <... mount resumed>) = 0 [pid 9027] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9026] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] newfstatat(AT_FDCWD, "./395/file0", [pid 9026] <... openat resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9026] chdir("./file0" [pid 9022] <... chdir resumed>) = 0 [pid 5064] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9026] <... chdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9026] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9022] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... openat resumed>) = 4 [pid 9026] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9022] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9026] <... futex resumed>) = 1 [pid 9023] <... futex resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 9026] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9023] exit_group(0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9023] <... exit_group resumed>) = ? [pid 9026] <... futex resumed>) = ? [pid 9022] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] getdents64(4, [pid 9022] <... futex resumed>) = 1 [pid 9021] <... futex resumed>) = 0 [pid 9021] exit_group(0) = ? [pid 9022] +++ exited with 0 +++ [pid 9028] <... ioctl resumed>) = 0 [pid 9028] close(3 [pid 9021] +++ exited with 0 +++ [pid 9028] <... close resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9021, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 9028] close(4 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9028] <... close resumed>) = 0 [pid 5064] getdents64(4, [pid 9028] mkdir("./file0", 0777 [pid 9026] +++ exited with 0 +++ [pid 9023] +++ exited with 0 +++ [pid 5066] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9028] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9023, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5066] <... openat resumed>) = 3 [pid 5064] close(4 [pid 5066] newfstatat(3, "", [pid 5063] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9028] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] getdents64(3, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] rmdir("./395/file0" [pid 5063] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./392/binderfs", [pid 5063] newfstatat(3, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] unlink("./392/binderfs") = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] getdents64(3, [pid 5064] close(3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 321.434032][ T9028] loop0: detected capacity change from 0 to 4096 [pid 5066] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9027] <... mount resumed>) = 0 [pid 5064] rmdir("./395" [pid 5063] newfstatat(AT_FDCWD, "./397/binderfs", [pid 9027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9027] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./392/file0", [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9027] chdir("./file0" [pid 5064] <... rmdir resumed>) = 0 [pid 5063] unlink("./397/binderfs" [pid 9027] <... chdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9027] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] mkdir("./396", 0777 [pid 5063] <... unlink resumed>) = 0 [pid 9027] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9027] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9027] <... futex resumed>) = 1 [pid 9025] <... futex resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9027] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9025] exit_group(0 [pid 5066] <... openat resumed>) = 4 [pid 5064] <... mkdir resumed>) = 0 [pid 5063] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9027] <... futex resumed>) = ? [pid 9025] <... exit_group resumed>) = ? [pid 9027] +++ exited with 0 +++ [pid 9025] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] <... umount2 resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9025, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5064] <... openat resumed>) = 3 [pid 5066] getdents64(4, [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] newfstatat(AT_FDCWD, "./397/file0", [pid 5066] getdents64(4, [pid 5065] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(3, "", [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] close(4 [pid 5065] getdents64(3, [pid 5063] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] rmdir("./392/file0" [pid 5065] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./393/binderfs", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9028] <... mount resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] unlink("./393/binderfs" [pid 5063] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... unlink resumed>) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(4, "", [pid 5066] close(3 [pid 9028] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9028] <... openat resumed>) = 3 [pid 5066] rmdir("./392" [pid 5063] getdents64(4, [pid 9028] chdir("./file0") = 0 [pid 9028] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... rmdir resumed>) = 0 [pid 9028] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9028] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... umount2 resumed>) = 0 [pid 9028] <... futex resumed>) = 1 [pid 9024] <... futex resumed>) = 0 [pid 9028] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9024] exit_group(0 [pid 5065] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9024] <... exit_group resumed>) = ? [pid 5066] mkdir("./393", 0777 [pid 5063] getdents64(4, [pid 9028] <... futex resumed>) = ? [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9028] +++ exited with 0 +++ [pid 9024] +++ exited with 0 +++ [pid 5066] <... mkdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./393/file0", [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9024, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] getdents64(4, [pid 5063] close(4 [pid 5062] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] rmdir("./397/file0" [pid 5062] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... openat resumed>) = 3 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 5065] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] rmdir("./393/file0" [pid 5062] getdents64(3, [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 5062] newfstatat(AT_FDCWD, "./390/binderfs", [pid 5065] close(3 [pid 5063] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... close resumed>) = 0 [pid 5063] rmdir("./397" [pid 5062] unlink("./390/binderfs" [pid 5065] rmdir("./393" [pid 5062] <... unlink resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] mkdir("./398", 0777 [pid 5065] mkdir("./394", 0777 [pid 5063] <... mkdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9029 attached [pid 5062] <... umount2 resumed>) = 0 [pid 9029] set_robust_list(0x5555569076a0, 24 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9029] <... set_robust_list resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9029] chdir("./394" [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5062] newfstatat(AT_FDCWD, "./390/file0", [pid 9029] <... chdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9029 [pid 9029] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9029] <... prctl resumed>) = 0 [pid 9029] setpgid(0, 0) = 0 [pid 5062] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9029] write(3, "1000", 4) = 4 [pid 9029] close(3 [pid 5062] <... openat resumed>) = 4 [pid 9029] <... close resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] newfstatat(4, "", [pid 9029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9029] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9029] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9029] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9030]}, 88) = 9030 [pid 9029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] getdents64(4, [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9029] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9029] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 9030 attached ./strace-static-x86_64: Process 9031 attached [pid 9030] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9030] <... rseq resumed>) = 0 [pid 5062] close(4 [pid 9031] set_robust_list(0x5555569076a0, 24 [pid 9030] set_robust_list(0x7f67138b29a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9031 [pid 9030] <... set_robust_list resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 9031] <... set_robust_list resumed>) = 0 [pid 9030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] rmdir("./390/file0" [pid 9031] chdir("./396" [pid 5066] close(3 [pid 9030] memfd_create("syzkaller", 0 [pid 5062] <... rmdir resumed>) = 0 [pid 9031] <... chdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 9031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... ioctl resumed>) = 0 [pid 5062] getdents64(3, [pid 9031] <... prctl resumed>) = 0 [pid 9030] <... memfd_create resumed>) = 3 [pid 5063] close(3 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... close resumed>) = 0 [pid 5062] close(3 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9032 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... close resumed>) = 0 [pid 9030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] rmdir("./390" [pid 9030] <... mmap resumed>) = 0x7f670b400000 ./strace-static-x86_64: Process 9033 attached ./strace-static-x86_64: Process 9032 attached [pid 9031] setpgid(0, 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9033 [pid 5062] mkdir("./391", 0777 [pid 9031] <... setpgid resumed>) = 0 [pid 9033] set_robust_list(0x5555569076a0, 24 [pid 9032] set_robust_list(0x5555569076a0, 24 [pid 9031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... mkdir resumed>) = 0 [pid 9033] <... set_robust_list resumed>) = 0 [pid 9032] <... set_robust_list resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9032] chdir("./393" [pid 9031] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 9033] chdir("./398" [pid 9032] <... chdir resumed>) = 0 [pid 9031] write(3, "1000", 4 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9031] <... write resumed>) = 4 [pid 9032] <... prctl resumed>) = 0 [pid 9031] close(3 [pid 9032] setpgid(0, 0 [pid 9031] <... close resumed>) = 0 [pid 9033] <... chdir resumed>) = 0 [pid 9032] <... setpgid resumed>) = 0 [pid 9031] symlink("/dev/binderfs", "./binderfs" [pid 9033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9033] setpgid(0, 0) = 0 [pid 9032] <... openat resumed>) = 3 [pid 9031] <... symlink resumed>) = 0 [pid 9033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9031] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9033] <... openat resumed>) = 3 [pid 9032] write(3, "1000", 4 [pid 9031] <... futex resumed>) = 0 [pid 9032] <... write resumed>) = 4 [pid 9031] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9032] close(3 [pid 9033] write(3, "1000", 4 [pid 9032] <... close resumed>) = 0 [pid 9031] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9033] <... write resumed>) = 4 [pid 9032] symlink("/dev/binderfs", "./binderfs" [pid 9031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9033] close(3 [pid 9031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9033] <... close resumed>) = 0 [pid 9032] <... symlink resumed>) = 0 [pid 9031] <... mmap resumed>) = 0x7f6713892000 [pid 9033] symlink("/dev/binderfs", "./binderfs" [pid 9032] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9031] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9032] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9031] <... mprotect resumed>) = 0 [pid 9032] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9031] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9031] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9033] <... symlink resumed>) = 0 [pid 9032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 9034 attached ) = 0x7f6713892000 [pid 9034] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9034] set_robust_list(0x7f67138b29a0, 24 [pid 9032] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9031] <... clone3 resumed> => {parent_tid=[9034]}, 88) = 9034 [pid 9034] <... set_robust_list resumed>) = 0 [pid 9034] rt_sigprocmask(SIG_SETMASK, [], [pid 9033] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9032] <... mprotect resumed>) = 0 [pid 9031] rt_sigprocmask(SIG_SETMASK, [], [pid 9030] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9033] <... futex resumed>) = 0 [pid 9032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9034] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9031] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9033] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9031] <... futex resumed>) = 0 ./strace-static-x86_64: Process 9035 attached [pid 9034] memfd_create("syzkaller", 0 [pid 9033] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9031] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9034] <... memfd_create resumed>) = 3 [pid 9033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9032] <... clone3 resumed> => {parent_tid=[9035]}, 88) = 9035 [pid 9035] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9032] rt_sigprocmask(SIG_SETMASK, [], [pid 9035] <... rseq resumed>) = 0 [pid 9034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9035] set_robust_list(0x7f67138b29a0, 24 [pid 9034] <... mmap resumed>) = 0x7f670b400000 [pid 9033] <... mmap resumed>) = 0x7f6713892000 [pid 9032] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9035] <... set_robust_list resumed>) = 0 [pid 9033] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9035] rt_sigprocmask(SIG_SETMASK, [], [pid 9033] <... mprotect resumed>) = 0 [pid 9032] <... futex resumed>) = 0 [pid 9035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9032] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9035] memfd_create("syzkaller", 0 [pid 9033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9035] <... memfd_create resumed>) = 3 [pid 9035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9033] <... clone3 resumed> => {parent_tid=[9036]}, 88) = 9036 [pid 9033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9033] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9033] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 9036 attached [pid 9036] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9036] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9036] memfd_create("syzkaller", 0 [pid 9035] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... ioctl resumed>) = 0 [pid 9036] <... memfd_create resumed>) = 3 [pid 9036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9030] <... write resumed>) = 2097152 [pid 5062] close(3) = 0 [pid 9030] munmap(0x7f670b400000, 138412032 [pid 9034] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 9037 ./strace-static-x86_64: Process 9037 attached [pid 9037] set_robust_list(0x5555569076a0, 24 [pid 9035] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9037] <... set_robust_list resumed>) = 0 [pid 9037] chdir("./391") = 0 [pid 9037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9037] setpgid(0, 0) = 0 [pid 9037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9037] write(3, "1000", 4) = 4 [pid 9037] close(3) = 0 [pid 9036] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9030] <... munmap resumed>) = 0 [pid 9037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9030] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9037] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9030] <... openat resumed>) = 4 [pid 9037] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9035] <... write resumed>) = 2097152 [pid 9030] ioctl(4, LOOP_SET_FD, 3 [pid 9037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9034] <... write resumed>) = 2097152 [pid 9037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9037] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9038]}, 88) = 9038 [pid 9037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9037] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9035] munmap(0x7f670b400000, 138412032./strace-static-x86_64: Process 9038 attached [pid 9037] <... futex resumed>) = 0 [pid 9038] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9037] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9038] <... rseq resumed>) = 0 [pid 9034] munmap(0x7f670b400000, 138412032 [pid 9038] set_robust_list(0x7f67138b29a0, 24 [pid 9035] <... munmap resumed>) = 0 [pid 9030] <... ioctl resumed>) = 0 [pid 9038] <... set_robust_list resumed>) = 0 [pid 9038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9038] memfd_create("syzkaller", 0 [pid 9030] close(3) = 0 [pid 9035] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9030] close(4 [pid 9038] <... memfd_create resumed>) = 3 [pid 9030] <... close resumed>) = 0 [pid 9030] mkdir("./file0", 0777 [pid 9038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9035] <... openat resumed>) = 4 [pid 9035] ioctl(4, LOOP_SET_FD, 3 [pid 9034] <... munmap resumed>) = 0 [pid 9030] <... mkdir resumed>) = 0 [pid 9034] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9034] ioctl(4, LOOP_SET_FD, 3 [pid 9036] <... write resumed>) = 2097152 [pid 9035] <... ioctl resumed>) = 0 [pid 9030] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9036] munmap(0x7f670b400000, 138412032) = 0 [pid 9034] <... ioctl resumed>) = 0 [pid 9038] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9036] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9035] close(3 [pid 9034] close(3 [pid 9036] <... openat resumed>) = 4 [pid 9034] <... close resumed>) = 0 [ 321.900734][ T9030] loop3: detected capacity change from 0 to 4096 [ 321.930320][ T9035] loop4: detected capacity change from 0 to 4096 [ 321.932902][ T9034] loop2: detected capacity change from 0 to 4096 [pid 9036] ioctl(4, LOOP_SET_FD, 3 [pid 9035] <... close resumed>) = 0 [pid 9034] close(4 [pid 9035] close(4) = 0 [pid 9034] <... close resumed>) = 0 [pid 9034] mkdir("./file0", 0777 [pid 9030] <... mount resumed>) = 0 [pid 9035] mkdir("./file0", 0777) = 0 [pid 9030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9034] <... mkdir resumed>) = 0 [pid 9030] <... openat resumed>) = 3 [pid 9035] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9034] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9030] chdir("./file0") = 0 [pid 9030] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9030] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9029] <... futex resumed>) = 0 [pid 9030] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9029] exit_group(0 [pid 9030] <... futex resumed>) = ? [pid 9029] <... exit_group resumed>) = ? [pid 9036] <... ioctl resumed>) = 0 [pid 9036] close(3) = 0 [pid 9036] close(4) = 0 [pid 9036] mkdir("./file0", 0777) = 0 [pid 9030] +++ exited with 0 +++ [pid 9029] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9029, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5065] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 9036] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9038] <... write resumed>) = 2097152 [pid 5065] unlink("./394/binderfs" [pid 9038] munmap(0x7f670b400000, 138412032 [pid 9034] <... mount resumed>) = 0 [pid 9038] <... munmap resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9034] chdir("./file0") = 0 [ 321.990110][ T9036] loop1: detected capacity change from 0 to 4096 [pid 9034] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9038] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9034] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9038] <... openat resumed>) = 4 [pid 9034] <... futex resumed>) = 1 [pid 9031] <... futex resumed>) = 0 [pid 9038] ioctl(4, LOOP_SET_FD, 3 [pid 9034] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9031] exit_group(0 [pid 9034] <... futex resumed>) = ? [pid 9031] <... exit_group resumed>) = ? [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9034] +++ exited with 0 +++ [pid 9031] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./394/file0", [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9031, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(3, [pid 9038] <... ioctl resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9038] close(3 [pid 5065] <... openat resumed>) = 4 [pid 5064] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9038] <... close resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9038] close(4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(AT_FDCWD, "./396/binderfs", [pid 9038] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9038] mkdir("./file0", 0777 [pid 5065] getdents64(4, [pid 5064] unlink("./396/binderfs" [pid 9038] <... mkdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... unlink resumed>) = 0 [pid 5065] getdents64(4, [pid 5064] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./396/file0", [pid 9038] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 322.052881][ T9038] loop0: detected capacity change from 0 to 4096 [pid 5065] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] rmdir("./394/file0" [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5065] getdents64(3, [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9035] <... mount resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] getdents64(4, [pid 5065] close(3 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9036] <... mount resumed>) = 0 [pid 5064] close(4 [pid 5065] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5065] rmdir("./394" [pid 5064] rmdir("./396/file0" [pid 5065] <... rmdir resumed>) = 0 [pid 9036] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... rmdir resumed>) = 0 [pid 9036] <... openat resumed>) = 3 [pid 9035] <... openat resumed>) = 3 [pid 5065] mkdir("./395", 0777 [pid 5064] getdents64(3, [pid 9035] chdir("./file0" [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9036] chdir("./file0" [pid 9035] <... chdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] close(3 [pid 9035] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... close resumed>) = 0 [pid 9036] <... chdir resumed>) = 0 [pid 9036] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] rmdir("./396" [pid 9035] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9036] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9035] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... rmdir resumed>) = 0 [pid 9036] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9035] <... futex resumed>) = 1 [pid 9032] <... futex resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5064] mkdir("./397", 0777 [pid 9032] exit_group(0) = ? [pid 5064] <... mkdir resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9036] <... futex resumed>) = 1 [pid 9033] <... futex resumed>) = 0 [pid 9038] <... mount resumed>) = 0 [pid 9036] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9033] exit_group(0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9036] <... futex resumed>) = ? [pid 9035] +++ exited with 0 +++ [pid 9033] <... exit_group resumed>) = ? [pid 9032] +++ exited with 0 +++ [pid 5064] <... openat resumed>) = 3 [pid 9038] <... openat resumed>) = 3 [pid 9036] +++ exited with 0 +++ [pid 9033] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9032, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9038] chdir("./file0" [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9033, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 9038] <... chdir resumed>) = 0 [pid 9038] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9038] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9038] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9038] <... futex resumed>) = 1 [pid 9037] <... futex resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9038] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9037] exit_group(0 [pid 9038] <... futex resumed>) = ? [pid 9037] <... exit_group resumed>) = ? [pid 5066] <... openat resumed>) = 3 [pid 9038] +++ exited with 0 +++ [pid 9037] +++ exited with 0 +++ [pid 5066] newfstatat(3, "", [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9037, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(3, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./393/binderfs", [pid 5063] newfstatat(3, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] unlink("./393/binderfs" [pid 5063] getdents64(3, [pid 5062] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... unlink resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] <... openat resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./398/binderfs", [pid 5062] newfstatat(3, "", [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] unlink("./398/binderfs" [pid 5062] getdents64(3, [pid 5065] <... ioctl resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] close(3 [pid 5063] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./391/binderfs", [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9039 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 9039 attached [pid 9039] set_robust_list(0x5555569076a0, 24) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5062] unlink("./391/binderfs" [pid 9039] chdir("./395" [pid 5062] <... unlink resumed>) = 0 [pid 9039] <... chdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5062] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9039] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9039] <... prctl resumed>) = 0 [pid 9039] setpgid(0, 0) = 0 [pid 9039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./393/file0", [pid 5063] newfstatat(AT_FDCWD, "./398/file0", [pid 5062] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9039] <... openat resumed>) = 3 [pid 5066] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(AT_FDCWD, "./391/file0", [pid 5066] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9039] write(3, "1000", 4 [pid 5066] <... openat resumed>) = 4 [pid 5063] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(4, "", [pid 5063] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(4, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(4, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9039] <... write resumed>) = 4 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5063] getdents64(4, [pid 9039] close(3 [pid 5066] getdents64(4, [pid 5064] close(3 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] newfstatat(4, "", [pid 9039] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] getdents64(4, [pid 9039] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... close resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] close(4 [pid 5062] getdents64(4, [pid 5063] <... close resumed>) = 0 [pid 9039] <... symlink resumed>) = 0 [pid 5063] rmdir("./398/file0" [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9039] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] close(4 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] getdents64(4, [pid 5063] getdents64(3, [pid 9039] <... futex resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9039] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] rmdir("./393/file0" [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(4./strace-static-x86_64: Process 9040 attached [pid 9039] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 9040] set_robust_list(0x5555569076a0, 24 [pid 9039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] getdents64(3, [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9040 [pid 5063] close(3 [pid 5062] rmdir("./391/file0" [pid 9039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] close(3 [pid 9039] <... mmap resumed>) = 0x7f6713892000 [pid 5066] <... close resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 9039] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] rmdir("./393" [pid 5062] getdents64(3, [pid 9039] <... mprotect resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9040] <... set_robust_list resumed>) = 0 [pid 5063] rmdir("./398" [pid 5066] <... rmdir resumed>) = 0 [pid 5062] close(3 [pid 9040] chdir("./397" [pid 9039] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... rmdir resumed>) = 0 [pid 9040] <... chdir resumed>) = 0 [pid 5063] mkdir("./399", 0777 [pid 5062] <... close resumed>) = 0 [pid 9040] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] rmdir("./391" [pid 9039] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] mkdir("./394", 0777 [pid 9040] <... prctl resumed>) = 0 [pid 9039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... mkdir resumed>) = 0 [pid 9040] setpgid(0, 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 9041 attached [pid 9040] <... setpgid resumed>) = 0 [pid 9039] <... clone3 resumed> => {parent_tid=[9041]}, 88) = 9041 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] mkdir("./392", 0777 [pid 9041] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9039] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5063] <... openat resumed>) = 3 [pid 9041] <... rseq resumed>) = 0 [pid 9039] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9039] <... futex resumed>) = 0 [pid 9041] set_robust_list(0x7f67138b29a0, 24 [pid 9040] <... openat resumed>) = 3 [pid 9039] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9041] <... set_robust_list resumed>) = 0 [pid 9040] write(3, "1000", 4 [pid 5062] <... mkdir resumed>) = 0 [pid 9041] rt_sigprocmask(SIG_SETMASK, [], [pid 9040] <... write resumed>) = 4 [pid 9041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9040] close(3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9040] <... close resumed>) = 0 [pid 9040] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9040] <... symlink resumed>) = 0 [pid 9041] memfd_create("syzkaller", 0 [pid 9040] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9041] <... memfd_create resumed>) = 3 [pid 9040] <... futex resumed>) = 0 [pid 9041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9040] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9041] <... mmap resumed>) = 0x7f670b400000 [pid 9040] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9040] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9040] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9042 attached => {parent_tid=[9042]}, 88) = 9042 [pid 9042] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9041] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9040] rt_sigprocmask(SIG_SETMASK, [], [pid 9042] <... rseq resumed>) = 0 [pid 9042] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9042] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9040] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9042] <... futex resumed>) = 0 [pid 9040] <... futex resumed>) = 1 [pid 9040] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9042] memfd_create("syzkaller", 0) = 3 [pid 9042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9041] <... write resumed>) = 2097152 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 9041] munmap(0x7f670b400000, 138412032 [pid 5063] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 5063] close(3 [pid 5062] close(3 [pid 5063] <... close resumed>) = 0 [pid 9041] <... munmap resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9043 attached [pid 9042] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9041] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9043] set_robust_list(0x5555569076a0, 24 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9043 [pid 9043] <... set_robust_list resumed>) = 0 [pid 9041] <... openat resumed>) = 4 ./strace-static-x86_64: Process 9045 attached [pid 9043] chdir("./399" [pid 9041] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 9044 attached [pid 9045] set_robust_list(0x5555569076a0, 24 [pid 9043] <... chdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9045 [pid 9044] set_robust_list(0x5555569076a0, 24 [pid 9043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9044] <... set_robust_list resumed>) = 0 [pid 9043] <... prctl resumed>) = 0 [pid 9044] chdir("./392" [pid 9043] setpgid(0, 0 [pid 9044] <... chdir resumed>) = 0 [pid 9043] <... setpgid resumed>) = 0 [pid 9044] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9044] <... prctl resumed>) = 0 [pid 9045] <... set_robust_list resumed>) = 0 [pid 9043] <... openat resumed>) = 3 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9044 [pid 9043] write(3, "1000", 4) = 4 [pid 9044] setpgid(0, 0 [pid 9045] chdir("./394" [pid 9043] close(3 [pid 9044] <... setpgid resumed>) = 0 [pid 9045] <... chdir resumed>) = 0 [pid 9043] <... close resumed>) = 0 [pid 9044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9045] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9043] symlink("/dev/binderfs", "./binderfs" [pid 9041] <... ioctl resumed>) = 0 [pid 9045] <... prctl resumed>) = 0 [pid 9041] close(3) = 0 [pid 9045] setpgid(0, 0) = 0 [pid 9041] close(4 [pid 9044] <... openat resumed>) = 3 [pid 9043] <... symlink resumed>) = 0 [pid 9041] <... close resumed>) = 0 [pid 9044] write(3, "1000", 4 [pid 9045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9043] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9041] mkdir("./file0", 0777 [pid 9044] <... write resumed>) = 4 [pid 9043] <... futex resumed>) = 0 [pid 9044] close(3 [pid 9043] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9044] <... close resumed>) = 0 [pid 9044] symlink("/dev/binderfs", "./binderfs" [pid 9041] <... mkdir resumed>) = 0 [pid 9045] <... openat resumed>) = 3 [pid 9043] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9042] <... write resumed>) = 2097152 [pid 9041] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9044] <... symlink resumed>) = 0 [pid 9045] write(3, "1000", 4 [pid 9043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9042] munmap(0x7f670b400000, 138412032 [pid 9044] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9045] <... write resumed>) = 4 [pid 9043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9042] <... munmap resumed>) = 0 [pid 9044] <... futex resumed>) = 0 [pid 9045] close(3 [pid 9043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9044] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9045] <... close resumed>) = 0 [pid 9045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9044] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9045] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9043] <... mmap resumed>) = 0x7f6713892000 [pid 9044] <... mmap resumed>) = 0x7f6713892000 [pid 9045] <... futex resumed>) = 0 [ 322.452844][ T9041] loop3: detected capacity change from 0 to 4096 [pid 9043] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9044] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9045] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9043] <... mprotect resumed>) = 0 [pid 9044] <... mprotect resumed>) = 0 [pid 9043] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9045] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9043] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9044] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9044] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9043] <... clone3 resumed> => {parent_tid=[9046]}, 88) = 9046 ./strace-static-x86_64: Process 9047 attached ./strace-static-x86_64: Process 9046 attached [pid 9045] <... mmap resumed>) = 0x7f6713892000 [pid 9043] rt_sigprocmask(SIG_SETMASK, [], [pid 9042] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9047] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9046] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9044] <... clone3 resumed> => {parent_tid=[9047]}, 88) = 9047 [pid 9045] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9042] <... openat resumed>) = 4 [pid 9047] <... rseq resumed>) = 0 [pid 9046] <... rseq resumed>) = 0 [pid 9044] rt_sigprocmask(SIG_SETMASK, [], [pid 9045] <... mprotect resumed>) = 0 [pid 9043] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9047] set_robust_list(0x7f67138b29a0, 24 [pid 9046] set_robust_list(0x7f67138b29a0, 24 [pid 9044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9045] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9043] <... futex resumed>) = 0 [pid 9042] ioctl(4, LOOP_SET_FD, 3 [pid 9047] <... set_robust_list resumed>) = 0 [pid 9046] <... set_robust_list resumed>) = 0 [pid 9044] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9045] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9043] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9041] <... mount resumed>) = 0 [pid 9044] <... futex resumed>) = 0 [pid 9044] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9047] rt_sigprocmask(SIG_SETMASK, [], [pid 9046] rt_sigprocmask(SIG_SETMASK, [], [pid 9045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9048 attached [pid 9041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9045] <... clone3 resumed> => {parent_tid=[9048]}, 88) = 9048 [pid 9048] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9047] memfd_create("syzkaller", 0 [pid 9046] memfd_create("syzkaller", 0 [pid 9045] rt_sigprocmask(SIG_SETMASK, [], [pid 9041] <... openat resumed>) = 3 [pid 9048] <... rseq resumed>) = 0 [pid 9045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9041] chdir("./file0" [pid 9048] set_robust_list(0x7f67138b29a0, 24 [pid 9045] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9041] <... chdir resumed>) = 0 [pid 9048] <... set_robust_list resumed>) = 0 [pid 9045] <... futex resumed>) = 0 [pid 9041] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9048] rt_sigprocmask(SIG_SETMASK, [], [pid 9045] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9041] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9041] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9047] <... memfd_create resumed>) = 3 [pid 9041] <... futex resumed>) = 1 [pid 9047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9041] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9047] <... mmap resumed>) = 0x7f670b400000 [pid 9048] memfd_create("syzkaller", 0 [pid 9046] <... memfd_create resumed>) = 3 [pid 9039] <... futex resumed>) = 0 [pid 9046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9042] <... ioctl resumed>) = 0 [pid 9039] exit_group(0 [pid 9048] <... memfd_create resumed>) = 3 [pid 9046] <... mmap resumed>) = 0x7f670b400000 [pid 9042] close(3 [pid 9041] <... futex resumed>) = ? [pid 9039] <... exit_group resumed>) = ? [pid 9041] +++ exited with 0 +++ [pid 9048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9042] <... close resumed>) = 0 [pid 9039] +++ exited with 0 +++ [pid 9048] <... mmap resumed>) = 0x7f670b400000 [pid 9042] close(4 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9039, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5065] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9042] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9042] mkdir("./file0", 0777) = 0 [pid 9042] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./395/binderfs") = 0 [pid 5065] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 322.521200][ T9042] loop2: detected capacity change from 0 to 4096 [pid 5065] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./395/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 9042] <... mount resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 9042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] close(4 [pid 9042] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./395/file0") = 0 [pid 9048] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9047] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9042] chdir("./file0" [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 9042] <... chdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 9042] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] rmdir("./395" [pid 9042] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9042] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9042] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... rmdir resumed>) = 0 [pid 9046] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] mkdir("./396", 0777) = 0 [pid 9040] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 9040] exit_group(0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9042] <... futex resumed>) = ? [pid 9040] <... exit_group resumed>) = ? [pid 9047] <... write resumed>) = 2097152 [pid 9042] +++ exited with 0 +++ [pid 9040] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9040, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 9047] munmap(0x7f670b400000, 138412032 [pid 9048] <... write resumed>) = 2097152 [pid 9046] <... write resumed>) = 2097152 [pid 9048] munmap(0x7f670b400000, 138412032 [pid 9046] munmap(0x7f670b400000, 138412032 [pid 9047] <... munmap resumed>) = 0 [pid 9046] <... munmap resumed>) = 0 [pid 5064] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9048] <... munmap resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./397/binderfs" [pid 9048] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9047] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9046] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... unlink resumed>) = 0 [pid 9047] <... openat resumed>) = 4 [pid 9048] <... openat resumed>) = 4 [pid 5064] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9048] ioctl(4, LOOP_SET_FD, 3 [pid 9047] ioctl(4, LOOP_SET_FD, 3 [pid 9046] <... openat resumed>) = 4 [pid 5064] <... umount2 resumed>) = 0 [pid 9046] ioctl(4, LOOP_SET_FD, 3 [pid 5064] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9048] <... ioctl resumed>) = 0 [pid 9047] <... ioctl resumed>) = 0 [pid 9046] <... ioctl resumed>) = 0 [pid 9048] close(3 [pid 9047] close(3 [pid 9048] <... close resumed>) = 0 [pid 9047] <... close resumed>) = 0 [pid 9046] close(3 [pid 9048] close(4 [pid 9047] close(4 [pid 9046] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9048] <... close resumed>) = 0 [pid 9047] <... close resumed>) = 0 [pid 9046] close(4 [pid 9048] mkdir("./file0", 0777 [pid 9047] mkdir("./file0", 0777 [pid 9046] <... close resumed>) = 0 [pid 9048] <... mkdir resumed>) = 0 [pid 9047] <... mkdir resumed>) = 0 [pid 9046] mkdir("./file0", 0777 [pid 9048] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9047] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9046] <... mkdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 9046] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] newfstatat(AT_FDCWD, "./397/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] close(3 [pid 5064] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 322.711430][ T9048] loop4: detected capacity change from 0 to 4096 [ 322.727345][ T9047] loop0: detected capacity change from 0 to 4096 [ 322.736218][ T9046] loop1: detected capacity change from 0 to 4096 [pid 5064] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9049 attached [pid 5064] newfstatat(4, "", [pid 9049] set_robust_list(0x5555569076a0, 24) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9049 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 9049] chdir("./396" [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9049] <... chdir resumed>) = 0 [pid 5064] getdents64(4, [pid 9049] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9049] <... prctl resumed>) = 0 [pid 5064] close(4 [pid 9049] setpgid(0, 0 [pid 5064] <... close resumed>) = 0 [pid 9049] <... setpgid resumed>) = 0 [pid 9048] <... mount resumed>) = 0 [pid 5064] rmdir("./397/file0" [pid 9049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... rmdir resumed>) = 0 [pid 9049] <... openat resumed>) = 3 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 9049] write(3, "1000", 4 [pid 5064] close(3 [pid 9049] <... write resumed>) = 4 [pid 9049] close(3 [pid 5064] <... close resumed>) = 0 [pid 9049] <... close resumed>) = 0 [pid 5064] rmdir("./397" [pid 9049] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... rmdir resumed>) = 0 [pid 9049] <... symlink resumed>) = 0 [pid 9048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9049] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9048] <... openat resumed>) = 3 [pid 9047] <... mount resumed>) = 0 [pid 9046] <... mount resumed>) = 0 [pid 5064] mkdir("./398", 0777 [pid 9048] chdir("./file0") = 0 [pid 9047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9048] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9048] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9046] <... openat resumed>) = 3 [pid 9048] <... futex resumed>) = 1 [pid 9047] <... openat resumed>) = 3 [pid 9046] chdir("./file0" [pid 9048] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9047] chdir("./file0" [pid 9046] <... chdir resumed>) = 0 [pid 9047] <... chdir resumed>) = 0 [pid 9046] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9047] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9046] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9045] <... futex resumed>) = 0 [pid 9045] exit_group(0 [pid 9048] <... futex resumed>) = ? [pid 9045] <... exit_group resumed>) = ? [pid 9048] +++ exited with 0 +++ [pid 9045] +++ exited with 0 +++ [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9045, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5064] <... openat resumed>) = 3 [pid 5066] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9047] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9046] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9047] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9046] <... futex resumed>) = 1 [pid 9043] <... futex resumed>) = 0 [pid 9047] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9044] <... futex resumed>) = 0 [pid 9046] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9043] exit_group(0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9044] exit_group(0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9049] <... futex resumed>) = 0 [pid 9047] <... futex resumed>) = ? [pid 9046] <... futex resumed>) = ? [pid 9044] <... exit_group resumed>) = ? [pid 9043] <... exit_group resumed>) = ? [pid 5066] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9049] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9047] +++ exited with 0 +++ [pid 5066] <... openat resumed>) = 3 [pid 9049] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] newfstatat(3, "", [pid 9049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] getdents64(3, [pid 9049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9046] +++ exited with 0 +++ [pid 9043] +++ exited with 0 +++ [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9049] <... mmap resumed>) = 0x7f6713892000 [pid 5066] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9049] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9043, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 9049] <... mprotect resumed>) = 0 [pid 9044] +++ exited with 0 +++ [pid 5066] newfstatat(AT_FDCWD, "./394/binderfs", [pid 5063] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9049] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9044, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5066] unlink("./394/binderfs" [pid 5063] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 9049] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5062] <... restart_syscall resumed>) = 0 [pid 9049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(3, "", ./strace-static-x86_64: Process 9050 attached [pid 9050] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9050] <... rseq resumed>) = 0 [pid 9049] <... clone3 resumed> => {parent_tid=[9050]}, 88) = 9050 [pid 9050] set_robust_list(0x7f67138b29a0, 24 [pid 5063] getdents64(3, [pid 9050] <... set_robust_list resumed>) = 0 [pid 9049] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9050] rt_sigprocmask(SIG_SETMASK, [], [pid 9049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9050] memfd_create("syzkaller", 0 [pid 9049] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9049] <... futex resumed>) = 0 [pid 9050] <... memfd_create resumed>) = 3 [pid 9049] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9050] <... mmap resumed>) = 0x7f670b400000 [pid 5066] newfstatat(AT_FDCWD, "./394/file0", [pid 5063] newfstatat(AT_FDCWD, "./399/binderfs", [pid 5062] getdents64(3, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] unlink("./399/binderfs" [pid 5062] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... unlink resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./392/binderfs") = 0 [pid 5062] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./392/file0", [pid 5063] newfstatat(AT_FDCWD, "./399/file0", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... openat resumed>) = 4 [pid 5063] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", [pid 5066] newfstatat(4, "", [pid 5063] newfstatat(4, "", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 5063] getdents64(4, [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5062] close(4 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./394/file0" [pid 5062] <... close resumed>) = 0 [pid 5063] getdents64(4, [pid 5062] rmdir("./392/file0" [pid 5066] <... rmdir resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 5063] close(4 [pid 5062] getdents64(3, [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5063] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./394" [pid 5063] rmdir("./399/file0" [pid 5062] close(3 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5066] mkdir("./395", 0777 [pid 5063] getdents64(3, [pid 5062] rmdir("./392" [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] close(3 [pid 5062] mkdir("./393", 0777 [pid 5066] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5063] rmdir("./399" [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... rmdir resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9050] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] mkdir("./400", 0777) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 9051 attached [pid 9050] <... write resumed>) = 2097152 [pid 5063] <... openat resumed>) = 3 [pid 9051] set_robust_list(0x5555569076a0, 24 [pid 9050] munmap(0x7f670b400000, 138412032 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9051 [pid 9051] <... set_robust_list resumed>) = 0 [pid 9051] chdir("./398" [pid 9050] <... munmap resumed>) = 0 [pid 9051] <... chdir resumed>) = 0 [pid 9051] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... ioctl resumed>) = 0 [pid 9051] <... prctl resumed>) = 0 [pid 9050] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9051] setpgid(0, 0) = 0 [pid 5062] close(3 [pid 9051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9050] <... openat resumed>) = 4 [pid 5062] <... close resumed>) = 0 [pid 9051] <... openat resumed>) = 3 [pid 9050] ioctl(4, LOOP_SET_FD, 3 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9051] write(3, "1000", 4) = 4 [pid 9051] close(3./strace-static-x86_64: Process 9052 attached ) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9052 [pid 9052] set_robust_list(0x5555569076a0, 24 [pid 9051] symlink("/dev/binderfs", "./binderfs" [pid 9052] <... set_robust_list resumed>) = 0 [pid 9052] chdir("./393" [pid 9051] <... symlink resumed>) = 0 [pid 9052] <... chdir resumed>) = 0 [pid 9052] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9051] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 9052] <... prctl resumed>) = 0 [pid 9051] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] close(3 [pid 9051] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9052] setpgid(0, 0 [pid 9051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9050] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9052] <... setpgid resumed>) = 0 [pid 9051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9050] close(3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] close(3 [pid 9052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9050] <... close resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 9051] <... mmap resumed>) = 0x7f6713892000 [pid 9050] close(4./strace-static-x86_64: Process 9053 attached [pid 9052] <... openat resumed>) = 3 [pid 9051] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9050] <... close resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9053 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9053] set_robust_list(0x5555569076a0, 24 [pid 9052] write(3, "1000", 4 [pid 9051] <... mprotect resumed>) = 0 [pid 9050] mkdir("./file0", 0777 [pid 9053] <... set_robust_list resumed>) = 0 [pid 9052] <... write resumed>) = 4 [pid 9051] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9050] <... mkdir resumed>) = 0 [pid 9053] chdir("./395") = 0 [pid 9052] close(3) = 0 [pid 9051] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9052] symlink("/dev/binderfs", "./binderfs" [pid 9051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9053] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9050] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9053] <... prctl resumed>) = 0 [pid 9052] <... symlink resumed>) = 0 [pid 9053] setpgid(0, 0 [pid 9052] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 9055 attached [pid 9053] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 9054 attached [pid 9055] set_robust_list(0x5555569076a0, 24 [pid 9053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9052] <... futex resumed>) = 0 [pid 9051] <... clone3 resumed> => {parent_tid=[9054]}, 88) = 9054 [ 323.028336][ T9050] loop3: detected capacity change from 0 to 4096 [pid 9055] <... set_robust_list resumed>) = 0 [pid 9054] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9053] <... openat resumed>) = 3 [pid 9051] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9055 [pid 9055] chdir("./400" [pid 9054] <... rseq resumed>) = 0 [pid 9053] write(3, "1000", 4 [pid 9052] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9055] <... chdir resumed>) = 0 [pid 9054] set_robust_list(0x7f67138b29a0, 24 [pid 9053] <... write resumed>) = 4 [pid 9052] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9051] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9055] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9054] <... set_robust_list resumed>) = 0 [pid 9053] close(3 [pid 9052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9051] <... futex resumed>) = 0 [pid 9055] <... prctl resumed>) = 0 [pid 9054] rt_sigprocmask(SIG_SETMASK, [], [pid 9053] <... close resumed>) = 0 [pid 9052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9051] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9055] setpgid(0, 0 [pid 9054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9053] symlink("/dev/binderfs", "./binderfs" [pid 9052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9055] <... setpgid resumed>) = 0 [pid 9053] <... symlink resumed>) = 0 [pid 9052] <... mmap resumed>) = 0x7f6713892000 [pid 9055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9054] memfd_create("syzkaller", 0 [pid 9055] <... openat resumed>) = 3 [pid 9054] <... memfd_create resumed>) = 3 [pid 9052] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9053] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9052] <... mprotect resumed>) = 0 [pid 9055] write(3, "1000", 4 [pid 9053] <... futex resumed>) = 0 [pid 9055] <... write resumed>) = 4 [pid 9053] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9055] close(3 [pid 9053] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9055] <... close resumed>) = 0 [pid 9053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9055] symlink("/dev/binderfs", "./binderfs" [pid 9053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9055] <... symlink resumed>) = 0 [pid 9053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9050] <... mount resumed>) = 0 [pid 9052] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9052] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9055] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9054] <... mmap resumed>) = 0x7f670b400000 [pid 9053] <... mmap resumed>) = 0x7f6713892000 [pid 9052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9055] <... futex resumed>) = 0 [pid 9053] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9055] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9053] <... mprotect resumed>) = 0 [pid 9050] <... openat resumed>) = 3 ./strace-static-x86_64: Process 9056 attached [pid 9055] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9053] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9050] chdir("./file0" [pid 9056] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9052] <... clone3 resumed> => {parent_tid=[9056]}, 88) = 9056 [pid 9056] <... rseq resumed>) = 0 [pid 9055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9053] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9052] rt_sigprocmask(SIG_SETMASK, [], [pid 9050] <... chdir resumed>) = 0 [pid 9055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9050] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 9057 attached [pid 9056] set_robust_list(0x7f67138b29a0, 24 [pid 9055] <... mmap resumed>) = 0x7f6713892000 [pid 9052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9050] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9057] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9056] <... set_robust_list resumed>) = 0 [pid 9055] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9052] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9050] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9057] <... rseq resumed>) = 0 [pid 9056] rt_sigprocmask(SIG_SETMASK, [], [pid 9055] <... mprotect resumed>) = 0 [pid 9053] <... clone3 resumed> => {parent_tid=[9057]}, 88) = 9057 [pid 9052] <... futex resumed>) = 0 [pid 9050] <... futex resumed>) = 1 [pid 9049] <... futex resumed>) = 0 [pid 9057] set_robust_list(0x7f67138b29a0, 24 [pid 9056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9055] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9053] rt_sigprocmask(SIG_SETMASK, [], [pid 9052] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9050] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9049] exit_group(0 [pid 9057] <... set_robust_list resumed>) = 0 [pid 9055] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9050] <... futex resumed>) = ? [pid 9049] <... exit_group resumed>) = ? [pid 9057] rt_sigprocmask(SIG_SETMASK, [], [pid 9055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9053] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9050] +++ exited with 0 +++ [pid 9049] +++ exited with 0 +++ ./strace-static-x86_64: Process 9058 attached [pid 9057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9053] <... futex resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9049, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 9058] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9057] memfd_create("syzkaller", 0 [pid 9056] memfd_create("syzkaller", 0 [pid 9055] <... clone3 resumed> => {parent_tid=[9058]}, 88) = 9058 [pid 9053] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9058] <... rseq resumed>) = 0 [pid 9055] rt_sigprocmask(SIG_SETMASK, [], [pid 9058] set_robust_list(0x7f67138b29a0, 24 [pid 9055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9058] <... set_robust_list resumed>) = 0 [pid 9055] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9056] <... memfd_create resumed>) = 3 [pid 9058] rt_sigprocmask(SIG_SETMASK, [], [pid 9057] <... memfd_create resumed>) = 3 [pid 9056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9055] <... futex resumed>) = 0 [pid 9058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9056] <... mmap resumed>) = 0x7f670b400000 [pid 9055] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9058] memfd_create("syzkaller", 0 [pid 9057] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 9058] <... memfd_create resumed>) = 3 [pid 9058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./396/binderfs") = 0 [pid 5065] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5065] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9054] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] newfstatat(AT_FDCWD, "./396/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9056] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9057] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./396/file0") = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./396") = 0 [pid 5065] mkdir("./397", 0777) = 0 [pid 9058] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 9054] <... write resumed>) = 2097152 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9056] <... write resumed>) = 2097152 [pid 9054] munmap(0x7f670b400000, 138412032 [pid 9056] munmap(0x7f670b400000, 138412032 [pid 9054] <... munmap resumed>) = 0 [pid 9056] <... munmap resumed>) = 0 [pid 9054] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9058] <... write resumed>) = 2097152 [pid 9056] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9054] <... openat resumed>) = 4 [pid 9058] munmap(0x7f670b400000, 138412032 [pid 9056] <... openat resumed>) = 4 [pid 9054] ioctl(4, LOOP_SET_FD, 3 [pid 9058] <... munmap resumed>) = 0 [pid 9057] <... write resumed>) = 2097152 [pid 9056] ioctl(4, LOOP_SET_FD, 3 [pid 9058] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9057] munmap(0x7f670b400000, 138412032 [pid 9054] <... ioctl resumed>) = 0 [pid 9058] <... openat resumed>) = 4 [pid 9058] ioctl(4, LOOP_SET_FD, 3 [pid 9057] <... munmap resumed>) = 0 [pid 9057] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9057] ioctl(4, LOOP_SET_FD, 3 [pid 9058] <... ioctl resumed>) = 0 [pid 9054] close(3) = 0 [pid 9054] close(4) = 0 [pid 9058] close(3) = 0 [pid 9058] close(4) = 0 [pid 9058] mkdir("./file0", 0777) = 0 [pid 9054] mkdir("./file0", 0777 [pid 9058] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9054] <... mkdir resumed>) = 0 [pid 9057] <... ioctl resumed>) = 0 [pid 9056] <... ioctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 9054] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] <... close resumed>) = 0 [pid 9057] close(3 [pid 9056] close(3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9057] <... close resumed>) = 0 [pid 9056] <... close resumed>) = 0 [pid 9057] close(4 [pid 9056] close(4 [pid 9057] <... close resumed>) = 0 [pid 9056] <... close resumed>) = 0 [pid 9057] mkdir("./file0", 0777 [pid 9056] mkdir("./file0", 0777./strace-static-x86_64: Process 9059 attached [pid 9057] <... mkdir resumed>) = 0 [pid 9056] <... mkdir resumed>) = 0 [pid 9059] set_robust_list(0x5555569076a0, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9059 [pid 9059] <... set_robust_list resumed>) = 0 [pid 9057] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [ 323.278197][ T9054] loop2: detected capacity change from 0 to 4096 [ 323.285166][ T9056] loop0: detected capacity change from 0 to 4096 [ 323.292370][ T9058] loop1: detected capacity change from 0 to 4096 [ 323.303776][ T9057] loop4: detected capacity change from 0 to 4096 [pid 9056] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9059] chdir("./397") = 0 [pid 9059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9059] setpgid(0, 0) = 0 [pid 9059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9059] write(3, "1000", 4) = 4 [pid 9059] close(3) = 0 [pid 9059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9059] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9059] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9054] <... mount resumed>) = 0 [pid 9059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9059] <... mmap resumed>) = 0x7f6713892000 [pid 9054] <... openat resumed>) = 3 [pid 9059] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9058] <... mount resumed>) = 0 [pid 9059] <... mprotect resumed>) = 0 [pid 9058] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9054] chdir("./file0" [pid 9059] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9058] <... openat resumed>) = 3 [pid 9058] chdir("./file0" [pid 9059] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9058] <... chdir resumed>) = 0 [pid 9054] <... chdir resumed>) = 0 [pid 9059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9058] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9054] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9058] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 9060 attached [pid 9057] <... mount resumed>) = 0 [pid 9054] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9060] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9054] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9059] <... clone3 resumed> => {parent_tid=[9060]}, 88) = 9060 [pid 9060] set_robust_list(0x7f67138b29a0, 24 [pid 9057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9059] rt_sigprocmask(SIG_SETMASK, [], [pid 9054] <... futex resumed>) = 1 [pid 9051] <... futex resumed>) = 0 [pid 9059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9056] <... mount resumed>) = 0 [pid 9054] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9060] <... set_robust_list resumed>) = 0 [pid 9059] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9058] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9057] <... openat resumed>) = 3 [pid 9056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9051] exit_group(0 [pid 9060] rt_sigprocmask(SIG_SETMASK, [], [pid 9059] <... futex resumed>) = 0 [pid 9058] <... futex resumed>) = 1 [pid 9057] chdir("./file0" [pid 9056] <... openat resumed>) = 3 [pid 9055] <... futex resumed>) = 0 [pid 9054] <... futex resumed>) = ? [pid 9051] <... exit_group resumed>) = ? [pid 9060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9059] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9058] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9057] <... chdir resumed>) = 0 [pid 9056] chdir("./file0" [pid 9055] exit_group(0 [pid 9054] +++ exited with 0 +++ [pid 9051] +++ exited with 0 +++ [pid 9058] <... futex resumed>) = ? [pid 9057] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9055] <... exit_group resumed>) = ? [pid 9056] <... chdir resumed>) = 0 [pid 9058] +++ exited with 0 +++ [pid 9057] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9056] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9057] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9056] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9051, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 9057] <... futex resumed>) = 1 [pid 9056] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9053] <... futex resumed>) = 0 [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 9060] memfd_create("syzkaller", 0 [pid 9057] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9053] exit_group(0 [pid 9057] <... futex resumed>) = ? [pid 9056] <... futex resumed>) = 1 [pid 9053] <... exit_group resumed>) = ? [pid 9052] <... futex resumed>) = 0 [pid 5064] <... restart_syscall resumed>) = 0 [pid 9060] <... memfd_create resumed>) = 3 [pid 9056] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9052] exit_group(0) = ? [pid 9056] <... futex resumed>) = ? [pid 9060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9057] +++ exited with 0 +++ [pid 9053] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9053, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5066] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9055] +++ exited with 0 +++ [pid 5064] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9055, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5064] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 3 [pid 5063] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9056] +++ exited with 0 +++ [pid 9052] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9052, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5064] newfstatat(3, "", [pid 5063] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 5063] newfstatat(3, "", [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5063] getdents64(3, [pid 5066] newfstatat(3, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./398/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] unlink("./398/binderfs" [pid 5066] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... unlink resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./395/binderfs", [pid 5064] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(AT_FDCWD, "./400/binderfs", [pid 5062] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] newfstatat(3, "", [pid 5066] unlink("./395/binderfs" [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5063] unlink("./400/binderfs" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5062] getdents64(3, [pid 5064] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(AT_FDCWD, "./398/file0", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./395/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] newfstatat(AT_FDCWD, "./393/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] unlink("./393/binderfs" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... unlink resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5064] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5063] newfstatat(AT_FDCWD, "./400/file0", [pid 5062] <... umount2 resumed>) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5062] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] newfstatat(AT_FDCWD, "./393/file0", [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./395/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] rmdir("./395") = 0 [pid 5066] mkdir("./396", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 9060] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] close(3 [pid 5064] getdents64(4, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 5063] <... openat resumed>) = 4 [pid 5062] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] newfstatat(4, "", [pid 5064] close(4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5064] <... close resumed>) = 0 [pid 5063] getdents64(4, [pid 5064] rmdir("./398/file0" [pid 5062] newfstatat(4, "", [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] getdents64(4, [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] getdents64(4, [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(4 [pid 5064] close(3 [pid 5063] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... close resumed>) = 0 [pid 5063] rmdir("./400/file0" [pid 5062] getdents64(4, [pid 5064] rmdir("./398" [pid 5063] <... rmdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] mkdir("./399", 0777 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 5066] <... close resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5063] close(3 [pid 5062] <... close resumed>) = 0 [pid 9060] <... write resumed>) = 2097152 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] <... close resumed>) = 0 [pid 5062] rmdir("./393/file0" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9060] munmap(0x7f670b400000, 138412032 [pid 5064] <... openat resumed>) = 3 [pid 5063] rmdir("./400" [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9061 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3./strace-static-x86_64: Process 9061 attached [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] <... close resumed>) = 0 [pid 9061] set_robust_list(0x5555569076a0, 24) = 0 [pid 5063] mkdir("./401", 0777 [pid 5062] rmdir("./393" [pid 9061] chdir("./396") = 0 [pid 9061] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... rmdir resumed>) = 0 [pid 9061] <... prctl resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5062] mkdir("./394", 0777 [pid 9061] setpgid(0, 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9061] <... setpgid resumed>) = 0 [pid 9061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... mkdir resumed>) = 0 [pid 9061] <... openat resumed>) = 3 [pid 9060] <... munmap resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9061] write(3, "1000", 4 [pid 9060] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5062] <... openat resumed>) = 3 [pid 9061] <... write resumed>) = 4 [pid 9061] close(3 [pid 9060] <... openat resumed>) = 4 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9061] <... close resumed>) = 0 [pid 9060] ioctl(4, LOOP_SET_FD, 3 [pid 9061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9060] <... ioctl resumed>) = 0 [pid 9060] close(3 [pid 9061] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9060] <... close resumed>) = 0 [pid 9061] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9060] close(4) = 0 [pid 9061] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9060] mkdir("./file0", 0777) = 0 [pid 9061] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9061] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9060] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9062 attached [ 323.616956][ T9060] loop3: detected capacity change from 0 to 4096 [pid 9062] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9061] <... clone3 resumed> => {parent_tid=[9062]}, 88) = 9062 [pid 9061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9061] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9061] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9062] <... rseq resumed>) = 0 [pid 9062] set_robust_list(0x7f67138b29a0, 24 [pid 5064] <... ioctl resumed>) = 0 [pid 9062] <... set_robust_list resumed>) = 0 [pid 9062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 9062] memfd_create("syzkaller", 0 [pid 5064] close(3 [pid 9062] <... memfd_create resumed>) = 3 [pid 5064] <... close resumed>) = 0 [pid 9060] <... mount resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9063 attached [pid 9062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] close(3 [pid 9060] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 9062] <... mmap resumed>) = 0x7f670b400000 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9063 [pid 9060] chdir("./file0" [pid 9063] set_robust_list(0x5555569076a0, 24 [pid 9060] <... chdir resumed>) = 0 [pid 9063] <... set_robust_list resumed>) = 0 [pid 9063] chdir("./394"./strace-static-x86_64: Process 9065 attached ) = 0 [pid 9060] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9065 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9064 [pid 9063] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 9064 attached ) = 0 [pid 9060] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9064] set_robust_list(0x5555569076a0, 24 [pid 9063] setpgid(0, 0 [pid 9065] set_robust_list(0x5555569076a0, 24 [pid 9063] <... setpgid resumed>) = 0 [pid 9065] <... set_robust_list resumed>) = 0 [pid 9064] <... set_robust_list resumed>) = 0 [pid 9063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9065] chdir("./399" [pid 9064] chdir("./401" [pid 9063] <... openat resumed>) = 3 [pid 9064] <... chdir resumed>) = 0 [pid 9064] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9065] <... chdir resumed>) = 0 [pid 9064] <... prctl resumed>) = 0 [pid 9063] write(3, "1000", 4 [pid 9060] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9065] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9064] setpgid(0, 0 [pid 9063] <... write resumed>) = 4 [pid 9060] <... futex resumed>) = 1 [pid 9059] <... futex resumed>) = 0 [pid 9065] <... prctl resumed>) = 0 [pid 9064] <... setpgid resumed>) = 0 [pid 9063] close(3 [pid 9060] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9059] exit_group(0 [pid 9065] setpgid(0, 0 [pid 9064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9063] <... close resumed>) = 0 [pid 9060] <... futex resumed>) = ? [pid 9059] <... exit_group resumed>) = ? [pid 9065] <... setpgid resumed>) = 0 [pid 9064] <... openat resumed>) = 3 [pid 9063] symlink("/dev/binderfs", "./binderfs" [pid 9060] +++ exited with 0 +++ [pid 9064] write(3, "1000", 4) = 4 [pid 9064] close(3 [pid 9063] <... symlink resumed>) = 0 [pid 9065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9064] <... close resumed>) = 0 [pid 9063] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9059] +++ exited with 0 +++ [pid 9065] <... openat resumed>) = 3 [pid 9065] write(3, "1000", 4 [pid 9064] symlink("/dev/binderfs", "./binderfs" [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9059, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 9064] <... symlink resumed>) = 0 [pid 9063] <... futex resumed>) = 0 [pid 9064] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9063] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9064] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9065] <... write resumed>) = 4 [pid 9064] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9063] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9065] close(3 [pid 9064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9065] <... close resumed>) = 0 [pid 9064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... openat resumed>) = 3 [pid 9065] symlink("/dev/binderfs", "./binderfs" [pid 5065] newfstatat(3, "", [pid 9064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9064] <... mmap resumed>) = 0x7f6713892000 [pid 5065] getdents64(3, [pid 9064] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9065] <... symlink resumed>) = 0 [pid 9064] <... mprotect resumed>) = 0 [pid 5065] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9065] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9064] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9065] <... futex resumed>) = 0 [pid 9064] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9063] <... mmap resumed>) = 0x7f6713892000 [pid 5065] newfstatat(AT_FDCWD, "./397/binderfs", [pid 9065] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9063] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9065] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9063] <... mprotect resumed>) = 0 [pid 5065] unlink("./397/binderfs"./strace-static-x86_64: Process 9066 attached [pid 9065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9066] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9064] <... clone3 resumed> => {parent_tid=[9066]}, 88) = 9066 [pid 9063] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9062] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... unlink resumed>) = 0 [pid 9066] <... rseq resumed>) = 0 [pid 9065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9063] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9066] set_robust_list(0x7f67138b29a0, 24 [pid 9065] <... mmap resumed>) = 0x7f6713892000 [pid 9064] rt_sigprocmask(SIG_SETMASK, [], [pid 9063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 9067 attached [pid 9066] <... set_robust_list resumed>) = 0 [pid 9065] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9067] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9066] rt_sigprocmask(SIG_SETMASK, [], [pid 9065] <... mprotect resumed>) = 0 [pid 9063] <... clone3 resumed> => {parent_tid=[9067]}, 88) = 9067 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9067] <... rseq resumed>) = 0 [pid 9066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9065] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9063] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] newfstatat(AT_FDCWD, "./397/file0", [pid 9067] set_robust_list(0x7f67138b29a0, 24 [pid 9066] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9067] <... set_robust_list resumed>) = 0 [pid 9063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9067] rt_sigprocmask(SIG_SETMASK, [], [pid 9065] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9063] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9063] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 9068 attached [pid 9067] memfd_create("syzkaller", 0 [pid 9064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9063] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... openat resumed>) = 4 [pid 9064] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] newfstatat(4, "", [pid 9068] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9066] <... futex resumed>) = 0 [pid 9064] <... futex resumed>) = 1 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9068] <... rseq resumed>) = 0 [pid 9065] <... clone3 resumed> => {parent_tid=[9068]}, 88) = 9068 [pid 5065] getdents64(4, [pid 9068] set_robust_list(0x7f67138b29a0, 24 [pid 9065] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9068] <... set_robust_list resumed>) = 0 [pid 9067] <... memfd_create resumed>) = 3 [pid 9065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] getdents64(4, [pid 9068] rt_sigprocmask(SIG_SETMASK, [], [pid 9067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9066] memfd_create("syzkaller", 0 [pid 9065] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9064] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9067] <... mmap resumed>) = 0x7f670b400000 [pid 9065] <... futex resumed>) = 0 [pid 9066] <... memfd_create resumed>) = 3 [pid 5065] close(4 [pid 9068] memfd_create("syzkaller", 0 [pid 9065] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... close resumed>) = 0 [pid 9066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] rmdir("./397/file0" [pid 9066] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... rmdir resumed>) = 0 [pid 9068] <... memfd_create resumed>) = 3 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 9068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] close(3 [pid 9068] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./397") = 0 [pid 5065] mkdir("./398", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9062] <... write resumed>) = 2097152 [pid 9062] munmap(0x7f670b400000, 138412032 [pid 9066] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9062] <... munmap resumed>) = 0 [pid 9062] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9062] ioctl(4, LOOP_SET_FD, 3 [pid 9068] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9067] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9062] <... ioctl resumed>) = 0 [pid 9062] close(3 [pid 9066] <... write resumed>) = 2097152 [pid 9062] <... close resumed>) = 0 [pid 9066] munmap(0x7f670b400000, 138412032 [pid 9062] close(4 [pid 9066] <... munmap resumed>) = 0 [pid 9062] <... close resumed>) = 0 [pid 9062] mkdir("./file0", 0777) = 0 [pid 9068] <... write resumed>) = 2097152 [pid 9067] <... write resumed>) = 2097152 [pid 9062] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9068] munmap(0x7f670b400000, 138412032 [pid 9067] munmap(0x7f670b400000, 138412032 [pid 9068] <... munmap resumed>) = 0 [ 323.888664][ T9062] loop4: detected capacity change from 0 to 4096 [pid 9066] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9067] <... munmap resumed>) = 0 [pid 9066] ioctl(4, LOOP_SET_FD, 3 [pid 9068] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9067] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... ioctl resumed>) = 0 [pid 9068] <... openat resumed>) = 4 [pid 9068] ioctl(4, LOOP_SET_FD, 3 [pid 9067] <... openat resumed>) = 4 [pid 5065] close(3 [pid 9067] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9069 attached [pid 9069] set_robust_list(0x5555569076a0, 24 [pid 9068] <... ioctl resumed>) = 0 [pid 9067] <... ioctl resumed>) = 0 [pid 9066] <... ioctl resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9069 [pid 9068] close(3 [pid 9067] close(3 [pid 9066] close(3 [pid 9069] <... set_robust_list resumed>) = 0 [pid 9068] <... close resumed>) = 0 [pid 9067] <... close resumed>) = 0 [pid 9066] <... close resumed>) = 0 [pid 9069] chdir("./398" [pid 9068] close(4 [pid 9067] close(4 [pid 9066] close(4 [pid 9069] <... chdir resumed>) = 0 [pid 9068] <... close resumed>) = 0 [pid 9067] <... close resumed>) = 0 [pid 9066] <... close resumed>) = 0 [pid 9062] <... mount resumed>) = 0 [pid 9069] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9068] mkdir("./file0", 0777 [pid 9067] mkdir("./file0", 0777 [pid 9066] mkdir("./file0", 0777 [pid 9062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9069] <... prctl resumed>) = 0 [pid 9069] setpgid(0, 0 [pid 9066] <... mkdir resumed>) = 0 [pid 9062] <... openat resumed>) = 3 [pid 9069] <... setpgid resumed>) = 0 [pid 9062] chdir("./file0" [pid 9069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9067] <... mkdir resumed>) = 0 [pid 9068] <... mkdir resumed>) = 0 [pid 9067] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9066] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9062] <... chdir resumed>) = 0 [pid 9069] <... openat resumed>) = 3 [pid 9068] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9062] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9069] write(3, "1000", 4 [pid 9062] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9069] <... write resumed>) = 4 [pid 9069] close(3 [pid 9062] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9069] <... close resumed>) = 0 [pid 9062] <... futex resumed>) = 1 [pid 9061] <... futex resumed>) = 0 [pid 9069] symlink("/dev/binderfs", "./binderfs" [pid 9062] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9061] exit_group(0 [pid 9069] <... symlink resumed>) = 0 [pid 9062] <... futex resumed>) = ? [pid 9061] <... exit_group resumed>) = ? [pid 9062] +++ exited with 0 +++ [pid 9061] +++ exited with 0 +++ [ 323.956591][ T9066] loop1: detected capacity change from 0 to 4096 [ 323.969040][ T9068] loop2: detected capacity change from 0 to 4096 [ 323.976090][ T9067] loop0: detected capacity change from 0 to 4096 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9061, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 9069] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9069] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9069] <... mmap resumed>) = 0x7f6713892000 [pid 5066] <... openat resumed>) = 3 [pid 9069] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9069] <... mprotect resumed>) = 0 [pid 5066] getdents64(3, [pid 9069] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9069] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9066] <... mount resumed>) = 0 [pid 5066] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9070 attached => {parent_tid=[9070]}, 88) = 9070 [pid 9066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9070] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9069] rt_sigprocmask(SIG_SETMASK, [], [pid 9066] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./396/binderfs", [pid 9070] <... rseq resumed>) = 0 [pid 9069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9066] chdir("./file0" [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9066] <... chdir resumed>) = 0 [pid 9070] set_robust_list(0x7f67138b29a0, 24 [pid 9069] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9066] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] unlink("./396/binderfs" [pid 9070] <... set_robust_list resumed>) = 0 [pid 9069] <... futex resumed>) = 0 [pid 9068] <... mount resumed>) = 0 [pid 9066] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... unlink resumed>) = 0 [pid 9070] rt_sigprocmask(SIG_SETMASK, [], [pid 9069] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9066] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9068] <... openat resumed>) = 3 [pid 9067] <... mount resumed>) = 0 [pid 9066] <... futex resumed>) = 1 [pid 9064] <... futex resumed>) = 0 [pid 5066] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9070] memfd_create("syzkaller", 0 [pid 9068] chdir("./file0" [pid 9067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9066] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9064] exit_group(0 [pid 5066] <... umount2 resumed>) = 0 [pid 9068] <... chdir resumed>) = 0 [pid 9067] <... openat resumed>) = 3 [pid 9066] <... futex resumed>) = ? [pid 9064] <... exit_group resumed>) = ? [pid 9070] <... memfd_create resumed>) = 3 [pid 9070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9068] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9067] chdir("./file0" [pid 9068] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9067] <... chdir resumed>) = 0 [pid 9067] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9068] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9067] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9068] <... futex resumed>) = 1 [pid 9067] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9066] +++ exited with 0 +++ [pid 9065] <... futex resumed>) = 0 [pid 9064] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9068] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9067] <... futex resumed>) = 1 [pid 9065] exit_group(0 [pid 9063] <... futex resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./396/file0", [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9064, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=3 /* 0.03 s */} --- [pid 9068] <... futex resumed>) = ? [pid 9067] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9065] <... exit_group resumed>) = ? [pid 9063] exit_group(0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9068] +++ exited with 0 +++ [pid 9067] <... futex resumed>) = ? [pid 9065] +++ exited with 0 +++ [pid 9063] <... exit_group resumed>) = ? [pid 9067] +++ exited with 0 +++ [pid 9063] +++ exited with 0 +++ [pid 5066] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9065, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9063, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 5066] <... openat resumed>) = 4 [pid 5062] <... restart_syscall resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5063] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 3 [pid 5062] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(3, "", [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] close(4 [pid 5064] <... openat resumed>) = 3 [pid 5063] getdents64(3, [pid 5066] <... close resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 5064] newfstatat(3, "", [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] rmdir("./396/file0" [pid 5063] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] getdents64(3, [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] getdents64(3, [pid 5063] newfstatat(AT_FDCWD, "./401/binderfs", [pid 5062] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] unlink("./401/binderfs" [pid 5062] newfstatat(AT_FDCWD, "./394/binderfs", [pid 5064] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... close resumed>) = 0 [pid 5062] unlink("./394/binderfs" [pid 5066] rmdir("./396" [pid 5064] newfstatat(AT_FDCWD, "./399/binderfs", [pid 5063] <... unlink resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./399/binderfs" [pid 5062] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] mkdir("./397", 0777 [pid 5064] <... unlink resumed>) = 0 [pid 5063] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... mkdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5064] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./401/file0", [pid 5062] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9070] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(AT_FDCWD, "./394/file0", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... openat resumed>) = 4 [pid 5062] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(4, "", [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] getdents64(4, [pid 5062] <... openat resumed>) = 4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] getdents64(4, [pid 5062] getdents64(4, [pid 5064] newfstatat(AT_FDCWD, "./399/file0", [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] close(4 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5062] getdents64(4, [pid 5063] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 5063] rmdir("./401/file0" [pid 5064] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./394/file0" [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 5062] <... rmdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... close resumed>) = 0 [pid 5064] getdents64(4, [pid 5063] rmdir("./401" [pid 5062] getdents64(3, [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... rmdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] getdents64(4, [pid 5063] mkdir("./402", 0777 [pid 5062] close(3) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5062] rmdir("./394" [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5062] <... rmdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5062] mkdir("./395", 0777 [pid 5064] rmdir("./399/file0" [pid 5062] <... mkdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] rmdir("./399" [pid 5063] <... openat resumed>) = 3 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9070] <... write resumed>) = 2097152 [pid 9070] munmap(0x7f670b400000, 138412032 [pid 5064] mkdir("./400", 0777 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9070] <... munmap resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5066] <... ioctl resumed>) = 0 [pid 9070] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] <... mkdir resumed>) = 0 [pid 5066] close(3 [pid 9070] <... openat resumed>) = 4 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9070] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... openat resumed>) = 3 [pid 9070] <... ioctl resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 9071 attached [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9071 [pid 9071] set_robust_list(0x5555569076a0, 24 [pid 9070] close(3 [pid 9071] <... set_robust_list resumed>) = 0 [pid 9070] <... close resumed>) = 0 [pid 9071] chdir("./397" [pid 9070] close(4 [pid 9071] <... chdir resumed>) = 0 [pid 9071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9071] setpgid(0, 0 [pid 9070] <... close resumed>) = 0 [pid 9070] mkdir("./file0", 0777) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9070] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9071] <... setpgid resumed>) = 0 [pid 9071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9071] write(3, "1000", 4) = 4 [pid 9071] close(3) = 0 [pid 9071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9071] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9071] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, ./strace-static-x86_64: Process 9072 attached NULL, 8) = 0 [pid 9071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9072] set_robust_list(0x5555569076a0, 24) = 0 [pid 9071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9072 [pid 9072] chdir("./402" [pid 9071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9072] <... chdir resumed>) = 0 [pid 9072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9071] <... mmap resumed>) = 0x7f6713892000 [pid 9072] setpgid(0, 0 [pid 9071] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 324.240606][ T9070] loop3: detected capacity change from 0 to 4096 [pid 9071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9073 attached => {parent_tid=[9073]}, 88) = 9073 [pid 5062] <... ioctl resumed>) = 0 [pid 9073] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9071] rt_sigprocmask(SIG_SETMASK, [], [pid 9073] <... rseq resumed>) = 0 [pid 9071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9073] set_robust_list(0x7f67138b29a0, 24 [pid 9071] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9072] <... setpgid resumed>) = 0 [pid 9071] <... futex resumed>) = 0 [pid 9073] <... set_robust_list resumed>) = 0 [pid 9071] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] close(3 [pid 9073] rt_sigprocmask(SIG_SETMASK, [], [pid 9072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... close resumed>) = 0 [pid 9073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9073] memfd_create("syzkaller", 0 [pid 9072] <... openat resumed>) = 3 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9074 [pid 9073] <... memfd_create resumed>) = 3 [pid 9073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 ./strace-static-x86_64: Process 9074 attached [pid 9072] write(3, "1000", 4 [pid 9074] set_robust_list(0x5555569076a0, 24) = 0 [pid 9072] <... write resumed>) = 4 [pid 9072] close(3 [pid 9074] chdir("./395") = 0 [pid 9072] <... close resumed>) = 0 [pid 9074] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9072] symlink("/dev/binderfs", "./binderfs" [pid 9074] <... prctl resumed>) = 0 [pid 9072] <... symlink resumed>) = 0 [pid 9074] setpgid(0, 0 [pid 9072] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9074] <... setpgid resumed>) = 0 [pid 9072] <... futex resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 9074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9072] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9074] <... openat resumed>) = 3 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9075 [pid 9074] write(3, "1000", 4 [pid 9072] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9074] <... write resumed>) = 4 [pid 9072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9074] close(3 [pid 9072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9074] <... close resumed>) = 0 [pid 9072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 9075 attached [pid 9074] symlink("/dev/binderfs", "./binderfs" [pid 9075] set_robust_list(0x5555569076a0, 24 [pid 9072] <... mmap resumed>) = 0x7f6713892000 [pid 9075] <... set_robust_list resumed>) = 0 [pid 9075] chdir("./400" [pid 9074] <... symlink resumed>) = 0 [pid 9072] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9075] <... chdir resumed>) = 0 [pid 9072] <... mprotect resumed>) = 0 [pid 9074] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9075] setpgid(0, 0 [pid 9074] <... futex resumed>) = 0 [pid 9072] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9075] <... setpgid resumed>) = 0 [pid 9075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9074] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9072] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9075] <... openat resumed>) = 3 [pid 9074] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9075] write(3, "1000", 4 [pid 9074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 9076 attached [pid 9075] <... write resumed>) = 4 [pid 9074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9072] <... clone3 resumed> => {parent_tid=[9076]}, 88) = 9076 [pid 9076] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9075] close(3 [pid 9074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9072] rt_sigprocmask(SIG_SETMASK, [], [pid 9070] <... mount resumed>) = 0 [pid 9076] <... rseq resumed>) = 0 [pid 9075] <... close resumed>) = 0 [pid 9074] <... mmap resumed>) = 0x7f6713892000 [pid 9072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9076] set_robust_list(0x7f67138b29a0, 24 [pid 9075] symlink("/dev/binderfs", "./binderfs" [pid 9074] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9073] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9072] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9076] <... set_robust_list resumed>) = 0 [pid 9075] <... symlink resumed>) = 0 [pid 9074] <... mprotect resumed>) = 0 [pid 9072] <... futex resumed>) = 0 [pid 9070] <... openat resumed>) = 3 [pid 9076] rt_sigprocmask(SIG_SETMASK, [], [pid 9075] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9074] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9072] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9070] chdir("./file0" [pid 9075] <... futex resumed>) = 0 [pid 9075] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9075] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9070] <... chdir resumed>) = 0 [pid 9070] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9075] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9074] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9070] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9075] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9070] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9075] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9070] <... futex resumed>) = 1 [pid 9069] <... futex resumed>) = 0 [pid 9075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9069] exit_group(0./strace-static-x86_64: Process 9078 attached ./strace-static-x86_64: Process 9077 attached [pid 9076] memfd_create("syzkaller", 0 [pid 9069] <... exit_group resumed>) = ? [pid 9078] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9075] <... clone3 resumed> => {parent_tid=[9078]}, 88) = 9078 [pid 9078] <... rseq resumed>) = 0 [pid 9075] rt_sigprocmask(SIG_SETMASK, [], [pid 9078] set_robust_list(0x7f67138b29a0, 24 [pid 9075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9077] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9075] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9078] <... set_robust_list resumed>) = 0 [pid 9077] <... rseq resumed>) = 0 [pid 9075] <... futex resumed>) = 0 [pid 9074] <... clone3 resumed> => {parent_tid=[9077]}, 88) = 9077 [pid 9076] <... memfd_create resumed>) = 3 [pid 9078] rt_sigprocmask(SIG_SETMASK, [], [pid 9077] set_robust_list(0x7f67138b29a0, 24 [pid 9076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9075] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9074] rt_sigprocmask(SIG_SETMASK, [], [pid 9078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9070] +++ exited with 0 +++ [pid 9074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9069] +++ exited with 0 +++ [pid 9078] memfd_create("syzkaller", 0 [pid 9076] <... mmap resumed>) = 0x7f670b400000 [pid 9074] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9069, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 9074] <... futex resumed>) = 0 [pid 9074] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9078] <... memfd_create resumed>) = 3 [pid 9077] <... set_robust_list resumed>) = 0 [pid 9078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9077] rt_sigprocmask(SIG_SETMASK, [], [pid 9078] <... mmap resumed>) = 0x7f670b400000 [pid 9077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9077] memfd_create("syzkaller", 0 [pid 5065] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9077] <... memfd_create resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9077] <... mmap resumed>) = 0x7f670b400000 [pid 9073] <... write resumed>) = 2097152 [pid 5065] <... openat resumed>) = 3 [pid 9076] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./398/binderfs") = 0 [pid 9073] munmap(0x7f670b400000, 138412032 [pid 5065] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9073] <... munmap resumed>) = 0 [pid 9078] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9077] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9073] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... umount2 resumed>) = 0 [pid 9073] <... openat resumed>) = 4 [pid 5065] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9073] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9076] <... write resumed>) = 2097152 [pid 5065] newfstatat(AT_FDCWD, "./398/file0", [pid 9076] munmap(0x7f670b400000, 138412032 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9073] <... ioctl resumed>) = 0 [pid 9073] close(3) = 0 [pid 9073] close(4) = 0 [pid 9073] mkdir("./file0", 0777) = 0 [pid 9073] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./398/file0") = 0 [pid 9076] <... munmap resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 9076] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] <... close resumed>) = 0 [pid 9076] <... openat resumed>) = 4 [ 324.499375][ T9073] loop4: detected capacity change from 0 to 4096 [pid 9076] ioctl(4, LOOP_SET_FD, 3 [pid 9077] <... write resumed>) = 2097152 [pid 5065] rmdir("./398") = 0 [pid 5065] mkdir("./399", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9077] munmap(0x7f670b400000, 138412032 [pid 9073] <... mount resumed>) = 0 [pid 9073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9073] chdir("./file0") = 0 [pid 9073] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9073] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9078] <... write resumed>) = 2097152 [pid 9077] <... munmap resumed>) = 0 [pid 9076] <... ioctl resumed>) = 0 [pid 9078] munmap(0x7f670b400000, 138412032 [pid 9077] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9076] close(3 [pid 9073] <... futex resumed>) = 1 [pid 9071] <... futex resumed>) = 0 [pid 9077] <... openat resumed>) = 4 [pid 9076] <... close resumed>) = 0 [pid 9073] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9071] exit_group(0 [pid 9077] ioctl(4, LOOP_SET_FD, 3 [pid 9076] close(4 [pid 9071] <... exit_group resumed>) = ? [ 324.547084][ T9076] loop1: detected capacity change from 0 to 4096 [pid 9077] <... ioctl resumed>) = 0 [pid 9078] <... munmap resumed>) = 0 [pid 9076] <... close resumed>) = 0 [pid 9073] <... futex resumed>) = ? [pid 9077] close(3) = 0 [pid 9077] close(4) = 0 [pid 9076] mkdir("./file0", 0777 [pid 9077] mkdir("./file0", 0777 [pid 9078] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9076] <... mkdir resumed>) = 0 [pid 9073] +++ exited with 0 +++ [pid 9071] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9071, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 9078] <... openat resumed>) = 4 [pid 9078] ioctl(4, LOOP_SET_FD, 3 [pid 9077] <... mkdir resumed>) = 0 [pid 9077] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9076] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5066] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9078] <... ioctl resumed>) = 0 [pid 5066] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9078] close(3) = 0 [pid 5066] newfstatat(AT_FDCWD, "./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9078] close(4 [pid 5066] unlink("./397/binderfs" [pid 9078] <... close resumed>) = 0 [pid 9078] mkdir("./file0", 0777 [pid 5066] <... unlink resumed>) = 0 [pid 9078] <... mkdir resumed>) = 0 [pid 5066] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 324.589127][ T9077] loop0: detected capacity change from 0 to 4096 [ 324.617207][ T9078] loop2: detected capacity change from 0 to 4096 [pid 9078] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9076] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 9076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] close(3 [pid 9076] <... openat resumed>) = 3 [pid 9076] chdir("./file0" [pid 5065] <... close resumed>) = 0 [pid 9076] <... chdir resumed>) = 0 [pid 9076] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9076] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9079 attached [pid 9076] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9076] <... futex resumed>) = 1 [pid 9079] set_robust_list(0x5555569076a0, 24 [pid 9076] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9072] <... futex resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./397/file0", [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9079 [pid 9079] <... set_robust_list resumed>) = 0 [pid 9072] exit_group(0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9079] chdir("./399" [pid 9076] <... futex resumed>) = ? [pid 9072] <... exit_group resumed>) = ? [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9079] <... chdir resumed>) = 0 [pid 9076] +++ exited with 0 +++ [pid 9072] +++ exited with 0 +++ [pid 5066] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9078] <... mount resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9072, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 9079] <... prctl resumed>) = 0 [pid 9078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] newfstatat(4, "", [pid 9079] setpgid(0, 0 [pid 9078] <... openat resumed>) = 3 [pid 9077] <... mount resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9079] <... setpgid resumed>) = 0 [pid 9077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9077] <... openat resumed>) = 3 [pid 5066] getdents64(4, [pid 9077] chdir("./file0" [pid 5063] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9078] chdir("./file0" [pid 9077] <... chdir resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9079] <... openat resumed>) = 3 [pid 9078] <... chdir resumed>) = 0 [pid 9077] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9078] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9079] write(3, "1000", 4 [pid 5063] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9078] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 9079] <... write resumed>) = 4 [pid 9078] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] getdents64(4, [pid 9079] close(3 [pid 9075] <... futex resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9079] <... close resumed>) = 0 [pid 9078] <... futex resumed>) = 1 [pid 9075] exit_group(0 [pid 5066] close(4 [pid 9075] <... exit_group resumed>) = ? [pid 5066] <... close resumed>) = 0 [pid 9079] symlink("/dev/binderfs", "./binderfs" [pid 9077] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] rmdir("./397/file0" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9077] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(3, [pid 9077] <... futex resumed>) = 1 [pid 9074] <... futex resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9077] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9074] exit_group(0 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9077] <... futex resumed>) = ? [pid 9074] <... exit_group resumed>) = ? [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9079] <... symlink resumed>) = 0 [pid 9077] +++ exited with 0 +++ [pid 9074] +++ exited with 0 +++ [pid 5066] getdents64(3, [pid 5063] newfstatat(AT_FDCWD, "./402/binderfs", [pid 9079] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9079] <... futex resumed>) = 0 [pid 9078] +++ exited with 0 +++ [pid 9075] +++ exited with 0 +++ [pid 5066] close(3 [pid 5063] unlink("./402/binderfs" [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9074, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 9079] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9075, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5063] <... unlink resumed>) = 0 [pid 5062] <... restart_syscall resumed>) = 0 [pid 9079] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] rmdir("./397" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... umount2 resumed>) = 0 [pid 9079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5062] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9079] <... mmap resumed>) = 0x7f6713892000 [pid 5066] mkdir("./398", 0777 [pid 5064] newfstatat(3, "", [pid 5063] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./402/file0", [pid 5066] <... mkdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9079] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] getdents64(3, [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9079] <... mprotect resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... openat resumed>) = 3 [pid 5064] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... openat resumed>) = 4 [pid 9079] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(4, "", [pid 5062] newfstatat(3, "", [pid 5064] newfstatat(AT_FDCWD, "./400/binderfs", [pid 9079] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] unlink("./400/binderfs" [pid 5063] getdents64(4, [pid 5064] <... unlink resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(3, [pid 5064] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9080 attached [pid 5063] getdents64(4, [pid 9080] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9079] <... clone3 resumed> => {parent_tid=[9080]}, 88) = 9080 [pid 9080] <... rseq resumed>) = 0 [pid 9080] set_robust_list(0x7f67138b29a0, 24 [pid 9079] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] close(4 [pid 9080] <... set_robust_list resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 9080] rt_sigprocmask(SIG_SETMASK, [], [pid 9079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9079] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] rmdir("./402/file0") = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./395/binderfs", [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 9080] memfd_create("syzkaller", 0 [pid 9079] <... futex resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./402") = 0 [pid 9080] <... memfd_create resumed>) = 3 [pid 9079] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] unlink("./395/binderfs" [pid 9080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] mkdir("./403", 0777 [pid 5064] newfstatat(AT_FDCWD, "./400/file0", [pid 5063] <... mkdir resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5064] newfstatat(4, "", [pid 5063] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] close(3) = 0 [pid 5062] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./400/file0") = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] getdents64(3, [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9081 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./400") = 0 ./strace-static-x86_64: Process 9081 attached [pid 5064] mkdir("./401", 0777 [pid 9081] set_robust_list(0x5555569076a0, 24 [pid 5064] <... mkdir resumed>) = 0 [pid 9081] <... set_robust_list resumed>) = 0 [pid 9081] chdir("./403") = 0 [pid 9081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9081] <... prctl resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = 0 [pid 9081] setpgid(0, 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9081] <... setpgid resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] newfstatat(AT_FDCWD, "./395/file0", [pid 9081] <... openat resumed>) = 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(3 [pid 5062] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9081] write(3, "1000", 4) = 4 [pid 5066] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9081] close(3) = 0 [pid 9081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9081] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9081] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9081] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9081] <... mprotect resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] <... openat resumed>) = 4 [pid 9081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9082 attached [pid 5062] newfstatat(4, "", ./strace-static-x86_64: Process 9083 attached [pid 9082] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9080] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9083] set_robust_list(0x5555569076a0, 24 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 9083] <... set_robust_list resumed>) = 0 [pid 9083] chdir("./398" [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9083] <... chdir resumed>) = 0 [pid 9083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9083 [pid 5062] getdents64(4, [pid 9082] <... rseq resumed>) = 0 [pid 9081] <... clone3 resumed> => {parent_tid=[9082]}, 88) = 9082 [pid 9081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9082] set_robust_list(0x7f67138b29a0, 24 [pid 9081] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9082] <... set_robust_list resumed>) = 0 [pid 9081] <... futex resumed>) = 0 [pid 9082] rt_sigprocmask(SIG_SETMASK, [], [pid 9081] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9083] <... prctl resumed>) = 0 [pid 9082] memfd_create("syzkaller", 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9083] setpgid(0, 0 [pid 9082] <... memfd_create resumed>) = 3 [pid 5062] close(4 [pid 9082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... close resumed>) = 0 [pid 9083] <... setpgid resumed>) = 0 [pid 9082] <... mmap resumed>) = 0x7f670b400000 [pid 5062] rmdir("./395/file0" [pid 9083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... rmdir resumed>) = 0 [pid 9083] <... openat resumed>) = 3 [pid 9080] <... write resumed>) = 2097152 [pid 5062] getdents64(3, [pid 9083] write(3, "1000", 4 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9083] <... write resumed>) = 4 [pid 5062] close(3 [pid 9083] close(3 [pid 9080] munmap(0x7f670b400000, 138412032 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 9083] <... close resumed>) = 0 [pid 9083] symlink("/dev/binderfs", "./binderfs" [pid 5062] rmdir("./395") = 0 [pid 9083] <... symlink resumed>) = 0 [pid 9083] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] mkdir("./396", 0777 [pid 9083] <... futex resumed>) = 0 [pid 9083] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9080] <... munmap resumed>) = 0 [pid 5064] close(3 [pid 5062] <... mkdir resumed>) = 0 [pid 9083] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... close resumed>) = 0 [pid 9083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9080] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 9083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 ./strace-static-x86_64: Process 9084 attached [pid 9080] <... openat resumed>) = 4 [pid 9084] set_robust_list(0x5555569076a0, 24 [pid 9083] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9084 [pid 9084] <... set_robust_list resumed>) = 0 [pid 9082] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9080] ioctl(4, LOOP_SET_FD, 3 [pid 9083] <... mprotect resumed>) = 0 [pid 9084] chdir("./401" [pid 9083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9084] <... chdir resumed>) = 0 [pid 9084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9084] setpgid(0, 0) = 0 [pid 9084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9084] write(3, "1000", 4) = 4 [pid 9084] close(3) = 0 [pid 9084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9084] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9084] <... futex resumed>) = 0 ./strace-static-x86_64: Process 9085 attached [pid 9084] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9085] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9083] <... clone3 resumed> => {parent_tid=[9085]}, 88) = 9085 [pid 9085] <... rseq resumed>) = 0 [pid 9083] rt_sigprocmask(SIG_SETMASK, [], [pid 9080] <... ioctl resumed>) = 0 [pid 9085] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9085] rt_sigprocmask(SIG_SETMASK, [], [pid 9084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9080] close(3 [pid 9085] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9083] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9080] <... close resumed>) = 0 [pid 9085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9084] <... mmap resumed>) = 0x7f6713892000 [pid 9083] <... futex resumed>) = 0 [pid 9080] close(4 [pid 9084] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9080] <... close resumed>) = 0 [pid 9084] <... mprotect resumed>) = 0 [pid 9085] memfd_create("syzkaller", 0 [pid 9084] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9083] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9080] mkdir("./file0", 0777 [pid 9085] <... memfd_create resumed>) = 3 [pid 9084] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9082] <... write resumed>) = 2097152 [pid 9080] <... mkdir resumed>) = 0 [pid 9084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9084] <... clone3 resumed> => {parent_tid=[9086]}, 88) = 9086 [pid 9084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9084] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9084] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 9086 attached [pid 9086] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9086] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 324.939754][ T9080] loop3: detected capacity change from 0 to 4096 [pid 9086] memfd_create("syzkaller", 0 [pid 9082] munmap(0x7f670b400000, 138412032 [pid 9080] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9086] <... memfd_create resumed>) = 3 [pid 9086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9082] <... munmap resumed>) = 0 [pid 9082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5062] <... ioctl resumed>) = 0 [pid 9082] ioctl(4, LOOP_SET_FD, 3 [pid 9085] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9082] <... ioctl resumed>) = 0 [pid 9080] <... mount resumed>) = 0 [pid 5062] close(3 [pid 9080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] <... close resumed>) = 0 [pid 9080] <... openat resumed>) = 3 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9080] chdir("./file0" [pid 9082] close(3 [pid 9080] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 9087 attached [pid 9082] <... close resumed>) = 0 [pid 9080] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9087 [pid 9087] set_robust_list(0x5555569076a0, 24) = 0 [pid 9082] close(4 [pid 9080] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9087] chdir("./396" [pid 9080] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9087] <... chdir resumed>) = 0 [pid 9082] <... close resumed>) = 0 [pid 9080] <... futex resumed>) = 1 [pid 9079] <... futex resumed>) = 0 [pid 9087] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9082] mkdir("./file0", 0777 [pid 9080] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9087] <... prctl resumed>) = 0 [pid 9079] exit_group(0 [pid 9087] setpgid(0, 0) = 0 [pid 9080] <... futex resumed>) = ? [pid 9079] <... exit_group resumed>) = ? [pid 9087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9082] <... mkdir resumed>) = 0 [pid 9080] +++ exited with 0 +++ [pid 9087] <... openat resumed>) = 3 [pid 9087] write(3, "1000", 4) = 4 [pid 9087] close(3) = 0 [pid 9087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9079] +++ exited with 0 +++ [pid 9082] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9087] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9079, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5065] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9086] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9087] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 9087] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9087] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [ 325.039822][ T9082] loop1: detected capacity change from 0 to 4096 [pid 5065] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] newfstatat(AT_FDCWD, "./399/binderfs", [pid 9087] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9087] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] unlink("./399/binderfs" [pid 9087] <... mprotect resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 9087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9088 attached [pid 5065] <... umount2 resumed>) = 0 [pid 9088] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9087] <... clone3 resumed> => {parent_tid=[9088]}, 88) = 9088 [pid 9088] <... rseq resumed>) = 0 [pid 9088] set_robust_list(0x7f67138b29a0, 24 [pid 9087] rt_sigprocmask(SIG_SETMASK, [], [pid 9088] <... set_robust_list resumed>) = 0 [pid 9087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9088] rt_sigprocmask(SIG_SETMASK, [], [pid 9087] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9087] <... futex resumed>) = 0 [pid 9088] memfd_create("syzkaller", 0 [pid 9087] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./399/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9088] <... memfd_create resumed>) = 3 [pid 9088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9082] <... mount resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./399/file0") = 0 [pid 9085] <... write resumed>) = 2097152 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./399" [pid 9082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 9082] <... openat resumed>) = 3 [pid 9082] chdir("./file0" [pid 5065] mkdir("./400", 0777 [pid 9082] <... chdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 9082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9085] munmap(0x7f670b400000, 138412032 [pid 9082] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9082] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9081] <... futex resumed>) = 0 [pid 9082] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9081] exit_group(0 [pid 5065] <... openat resumed>) = 3 [pid 9082] <... futex resumed>) = ? [pid 9081] <... exit_group resumed>) = ? [pid 9085] <... munmap resumed>) = 0 [pid 9082] +++ exited with 0 +++ [pid 9081] +++ exited with 0 +++ [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9081, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 9085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9086] <... write resumed>) = 2097152 [pid 9085] <... openat resumed>) = 4 [pid 9085] ioctl(4, LOOP_SET_FD, 3 [pid 9086] munmap(0x7f670b400000, 138412032 [pid 9088] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9085] <... ioctl resumed>) = 0 [pid 5063] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 9085] close(3 [pid 5063] newfstatat(3, "", [pid 9085] <... close resumed>) = 0 [pid 9085] close(4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9085] <... close resumed>) = 0 [pid 5063] getdents64(3, [pid 9085] mkdir("./file0", 0777 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9085] <... mkdir resumed>) = 0 [pid 5063] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9085] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] unlink("./403/binderfs" [pid 9086] <... munmap resumed>) = 0 [pid 9086] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5063] <... unlink resumed>) = 0 [pid 9086] ioctl(4, LOOP_SET_FD, 3 [pid 5063] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9086] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 9086] close(3) = 0 [pid 9086] close(4) = 0 [pid 5063] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9086] mkdir("./file0", 0777) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./403/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 325.171162][ T9085] loop4: detected capacity change from 0 to 4096 [ 325.202015][ T9086] loop2: detected capacity change from 0 to 4096 [pid 9086] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5063] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, [pid 9088] <... write resumed>) = 2097152 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 9088] munmap(0x7f670b400000, 138412032 [pid 5065] close(3 [pid 5063] rmdir("./403/file0") = 0 [pid 5063] getdents64(3, [pid 9085] <... mount resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 9085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 9085] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./403"./strace-static-x86_64: Process 9089 attached [pid 9085] chdir("./file0" [pid 9089] set_robust_list(0x5555569076a0, 24 [pid 9085] <... chdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9089 [pid 5063] <... rmdir resumed>) = 0 [pid 9085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9088] <... munmap resumed>) = 0 [pid 9085] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9088] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9085] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9089] <... set_robust_list resumed>) = 0 [pid 5063] mkdir("./404", 0777) = 0 [pid 9089] chdir("./400" [pid 9088] <... openat resumed>) = 4 [pid 9085] <... futex resumed>) = 1 [pid 9083] <... futex resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9089] <... chdir resumed>) = 0 [pid 9088] ioctl(4, LOOP_SET_FD, 3 [pid 9085] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9083] exit_group(0 [pid 5063] <... openat resumed>) = 3 [pid 9089] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9085] <... futex resumed>) = ? [pid 9083] <... exit_group resumed>) = ? [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9088] <... ioctl resumed>) = 0 [pid 9089] <... prctl resumed>) = 0 [pid 9085] +++ exited with 0 +++ [pid 9083] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9083, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 9089] setpgid(0, 0) = 0 [pid 5066] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9088] close(3 [pid 5066] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", [pid 9089] <... openat resumed>) = 3 [pid 9088] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9089] write(3, "1000", 4 [pid 9088] close(4 [pid 5066] getdents64(3, [pid 9089] <... write resumed>) = 4 [pid 9088] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9089] close(3 [pid 5066] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9089] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9089] symlink("/dev/binderfs", "./binderfs" [pid 5066] newfstatat(AT_FDCWD, "./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9089] <... symlink resumed>) = 0 [pid 5066] unlink("./398/binderfs" [pid 9089] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9088] mkdir("./file0", 0777 [pid 5066] <... unlink resumed>) = 0 [pid 9089] <... futex resumed>) = 0 [pid 5066] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9089] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9088] <... mkdir resumed>) = 0 [pid 9089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9089] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9088] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] <... umount2 resumed>) = 0 [ 325.295923][ T9088] loop0: detected capacity change from 0 to 4096 [pid 9089] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9086] <... mount resumed>) = 0 [pid 9086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9089] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9086] <... openat resumed>) = 3 [pid 5066] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9086] chdir("./file0") = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9086] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] newfstatat(AT_FDCWD, "./398/file0", [pid 9086] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9086] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9084] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9089] <... clone3 resumed> => {parent_tid=[9090]}, 88) = 9090 [pid 9084] exit_group(0 [pid 5066] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9089] rt_sigprocmask(SIG_SETMASK, [], [pid 9084] <... exit_group resumed>) = ? [pid 9089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9086] +++ exited with 0 +++ [pid 9084] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9089] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 9090 attached [pid 9089] <... futex resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 9090] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9089] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] newfstatat(4, "", [pid 9090] <... rseq resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9084, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 9090] set_robust_list(0x7f67138b29a0, 24 [pid 5066] getdents64(4, [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 9090] <... set_robust_list resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... restart_syscall resumed>) = 0 [pid 9090] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] getdents64(4, [pid 9090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9090] memfd_create("syzkaller", 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./398/file0") = 0 [pid 5064] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(3, [pid 9090] <... memfd_create resumed>) = 3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] close(3 [pid 5064] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9090] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... close resumed>) = 0 [pid 9088] <... mount resumed>) = 0 [pid 5066] rmdir("./398" [pid 5064] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 5063] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./401/binderfs" [pid 5066] mkdir("./399", 0777 [pid 5064] <... unlink resumed>) = 0 [pid 5063] close(3 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 9088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... umount2 resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9088] <... openat resumed>) = 3 [pid 9088] chdir("./file0" [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9091 attached [pid 5066] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9091 [pid 9091] set_robust_list(0x5555569076a0, 24 [pid 5064] newfstatat(AT_FDCWD, "./401/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9088] <... chdir resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] newfstatat(4, "", [pid 9091] <... set_robust_list resumed>) = 0 [pid 9088] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9091] chdir("./404" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9091] <... chdir resumed>) = 0 [pid 5064] getdents64(4, [pid 9091] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9091] <... prctl resumed>) = 0 [pid 5064] getdents64(4, [pid 9091] setpgid(0, 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9091] <... setpgid resumed>) = 0 [pid 5064] close(4 [pid 9091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... close resumed>) = 0 [pid 9091] <... openat resumed>) = 3 [pid 9088] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9088] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9088] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] rmdir("./401/file0") = 0 [pid 9087] <... futex resumed>) = 0 [pid 9091] write(3, "1000", 4) = 4 [pid 9087] exit_group(0 [pid 5064] getdents64(3, [pid 9088] <... futex resumed>) = ? [pid 9087] <... exit_group resumed>) = ? [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9088] +++ exited with 0 +++ [pid 9087] +++ exited with 0 +++ [pid 5064] close(3 [pid 9091] close(3 [pid 5064] <... close resumed>) = 0 [pid 9091] <... close resumed>) = 0 [pid 5064] rmdir("./401" [pid 9091] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... rmdir resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9087, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 9091] <... symlink resumed>) = 0 [pid 9091] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9091] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9091] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9092 attached [pid 9092] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9091] <... clone3 resumed> => {parent_tid=[9092]}, 88) = 9092 [pid 9092] <... rseq resumed>) = 0 [pid 5064] mkdir("./402", 0777) = 0 [pid 5062] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9092] set_robust_list(0x7f67138b29a0, 24 [pid 5064] <... openat resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 9092] <... set_robust_list resumed>) = 0 [pid 9091] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] newfstatat(3, "", [pid 9091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9092] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] getdents64(3, [pid 9092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9092] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9091] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9091] <... futex resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9092] memfd_create("syzkaller", 0 [pid 9091] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] newfstatat(AT_FDCWD, "./396/binderfs", [pid 9092] <... memfd_create resumed>) = 3 [pid 9090] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5062] unlink("./396/binderfs") = 0 [pid 5062] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9090] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 9093 attached [pid 9093] set_robust_list(0x5555569076a0, 24) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9093 [pid 5062] <... umount2 resumed>) = 0 [pid 9093] chdir("./399" [pid 5062] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9093] <... chdir resumed>) = 0 [pid 9093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9093] setpgid(0, 0) = 0 [pid 9093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9093] write(3, "1000", 4 [pid 5062] newfstatat(AT_FDCWD, "./396/file0", [pid 9093] <... write resumed>) = 4 [pid 9093] close(3) = 0 [pid 9093] symlink("/dev/binderfs", "./binderfs" [pid 9092] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9093] <... symlink resumed>) = 0 [pid 9093] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9093] <... futex resumed>) = 0 [pid 9093] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9093] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9094 attached [pid 9090] munmap(0x7f670b400000, 138412032 [pid 9093] <... clone3 resumed> => {parent_tid=[9094]}, 88) = 9094 [pid 9093] rt_sigprocmask(SIG_SETMASK, [], [pid 9090] <... munmap resumed>) = 0 [pid 9093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9094] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9093] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9094] <... rseq resumed>) = 0 [pid 9093] <... futex resumed>) = 0 [pid 9094] set_robust_list(0x7f67138b29a0, 24 [pid 9093] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9094] <... set_robust_list resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", [pid 9094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9090] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9094] memfd_create("syzkaller", 0 [pid 9090] <... openat resumed>) = 4 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] close(3 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 9090] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... close resumed>) = 0 [pid 5062] getdents64(4, [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 9094] <... memfd_create resumed>) = 3 [pid 9094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./396/file0" [pid 9094] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./396" [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9095 [pid 5062] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 9095 attached [pid 9090] <... ioctl resumed>) = 0 [pid 5062] mkdir("./397", 0777 [pid 9090] close(3) = 0 [pid 9090] close(4) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 9090] mkdir("./file0", 0777 [pid 9092] <... write resumed>) = 2097152 [pid 9090] <... mkdir resumed>) = 0 [pid 9090] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9095] set_robust_list(0x5555569076a0, 24 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9095] <... set_robust_list resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 9095] chdir("./402" [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9095] <... chdir resumed>) = 0 [pid 9095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9092] munmap(0x7f670b400000, 138412032 [pid 9095] setpgid(0, 0) = 0 [ 325.563443][ T9090] loop3: detected capacity change from 0 to 4096 [pid 9095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9092] <... munmap resumed>) = 0 [pid 9095] <... openat resumed>) = 3 [pid 9092] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9092] ioctl(4, LOOP_SET_FD, 3 [pid 9095] write(3, "1000", 4) = 4 [pid 9095] close(3) = 0 [pid 9095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9095] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9094] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9095] <... futex resumed>) = 0 [pid 9095] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9095] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9096]}, 88) = 9096 [pid 9095] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 9096 attached NULL, 8) = 0 [pid 9096] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9095] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9095] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9096] <... rseq resumed>) = 0 [pid 9096] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9092] <... ioctl resumed>) = 0 [pid 9092] close(3) = 0 [pid 9092] close(4) = 0 [pid 9092] mkdir("./file0", 0777) = 0 [pid 9096] rt_sigprocmask(SIG_SETMASK, [], [ 325.631661][ T9092] loop1: detected capacity change from 0 to 4096 [pid 9092] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9096] memfd_create("syzkaller", 0 [pid 9094] <... write resumed>) = 2097152 [pid 9096] <... memfd_create resumed>) = 3 [pid 9096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9094] munmap(0x7f670b400000, 138412032 [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9090] <... mount resumed>) = 0 ./strace-static-x86_64: Process 9097 attached [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9097 [pid 9097] set_robust_list(0x5555569076a0, 24) = 0 [pid 9097] chdir("./397") = 0 [pid 9097] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9097] <... prctl resumed>) = 0 [pid 9090] <... openat resumed>) = 3 [pid 9097] setpgid(0, 0 [pid 9092] <... mount resumed>) = 0 [pid 9090] chdir("./file0") = 0 [pid 9097] <... setpgid resumed>) = 0 [pid 9090] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9090] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9097] <... openat resumed>) = 3 [pid 9094] <... munmap resumed>) = 0 [pid 9092] <... openat resumed>) = 3 [pid 9090] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9097] write(3, "1000", 4) = 4 [pid 9097] close(3 [pid 9092] chdir("./file0" [pid 9090] <... futex resumed>) = 1 [pid 9089] <... futex resumed>) = 0 [pid 9097] <... close resumed>) = 0 [pid 9094] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9092] <... chdir resumed>) = 0 [pid 9090] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9089] exit_group(0 [pid 9097] symlink("/dev/binderfs", "./binderfs" [pid 9089] <... exit_group resumed>) = ? [pid 9092] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9090] <... futex resumed>) = ? [pid 9097] <... symlink resumed>) = 0 [pid 9094] <... openat resumed>) = 4 [pid 9092] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9090] +++ exited with 0 +++ [pid 9089] +++ exited with 0 +++ [pid 9097] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9094] ioctl(4, LOOP_SET_FD, 3 [pid 9092] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9097] <... futex resumed>) = 0 [pid 9092] <... futex resumed>) = 1 [pid 9091] <... futex resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9089, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 9097] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9092] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9091] exit_group(0 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 9097] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9092] <... futex resumed>) = ? [pid 9091] <... exit_group resumed>) = ? [pid 5065] <... restart_syscall resumed>) = 0 [pid 9097] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9092] +++ exited with 0 +++ [pid 9091] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9091, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 9097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9097] <... mmap resumed>) = 0x7f6713892000 [pid 5063] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9097] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] newfstatat(3, "", [pid 9097] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... openat resumed>) = 3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9097] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] newfstatat(3, "", [pid 5063] getdents64(3, [pid 9097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(3, [pid 5063] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(AT_FDCWD, "./404/binderfs", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 9098 attached [pid 5065] newfstatat(AT_FDCWD, "./400/binderfs", [pid 5063] unlink("./404/binderfs" [pid 9098] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 9098] <... rseq resumed>) = 0 [pid 9094] <... ioctl resumed>) = 0 [pid 5065] unlink("./400/binderfs" [pid 5063] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9098] set_robust_list(0x7f67138b29a0, 24 [pid 9097] <... clone3 resumed> => {parent_tid=[9098]}, 88) = 9098 [pid 9096] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9094] close(3 [pid 5065] <... unlink resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 9098] <... set_robust_list resumed>) = 0 [pid 9097] rt_sigprocmask(SIG_SETMASK, [], [pid 9098] rt_sigprocmask(SIG_SETMASK, [], [pid 9097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9097] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9094] <... close resumed>) = 0 [pid 5065] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9098] memfd_create("syzkaller", 0 [pid 9097] <... futex resumed>) = 0 [pid 9094] close(4 [pid 5065] <... umount2 resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9097] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9094] <... close resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./404/file0", [pid 9094] mkdir("./file0", 0777 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9094] <... mkdir resumed>) = 0 [pid 5063] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9098] <... memfd_create resumed>) = 3 [pid 5065] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9094] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] newfstatat(AT_FDCWD, "./400/file0", [pid 5063] <... openat resumed>) = 4 [ 325.773736][ T9094] loop4: detected capacity change from 0 to 4096 [pid 9098] <... mmap resumed>) = 0x7f670b400000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] newfstatat(4, "", [pid 9096] <... write resumed>) = 2097152 [pid 5065] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] getdents64(4, [pid 5065] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... openat resumed>) = 4 [pid 5063] getdents64(4, [pid 5065] newfstatat(4, "", [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] close(4 [pid 5065] getdents64(4, [pid 5063] <... close resumed>) = 0 [pid 9096] munmap(0x7f670b400000, 138412032 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] rmdir("./404/file0" [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5065] close(4 [pid 5063] getdents64(3, [pid 5065] <... close resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] rmdir("./400/file0" [pid 5063] close(3 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5065] getdents64(3, [pid 5063] rmdir("./404" [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5065] close(3 [pid 5063] mkdir("./405", 0777 [pid 5065] <... close resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5065] rmdir("./400") = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] mkdir("./401", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5063] <... openat resumed>) = 3 [pid 9096] <... munmap resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9096] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9096] close(3 [pid 9098] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9096] <... close resumed>) = 0 [pid 9096] close(4) = 0 [pid 9094] <... mount resumed>) = 0 [pid 9094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9094] chdir("./file0") = 0 [pid 9094] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9096] mkdir("./file0", 0777) = 0 [pid 9096] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9094] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9094] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9093] <... futex resumed>) = 0 [pid 9093] exit_group(0) = ? [pid 9094] <... futex resumed>) = ? [pid 9094] +++ exited with 0 +++ [pid 9093] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9093, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [ 325.876848][ T9096] loop2: detected capacity change from 0 to 4096 [pid 5066] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... ioctl resumed>) = 0 [pid 9096] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(3 [pid 9096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 9096] <... openat resumed>) = 3 [pid 9098] <... write resumed>) = 2097152 [pid 5066] newfstatat(3, "", [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 9099 attached [pid 9096] chdir("./file0" [pid 5066] getdents64(3, [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9099 [pid 9099] set_robust_list(0x5555569076a0, 24 [pid 9096] <... chdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9100 [pid 9099] <... set_robust_list resumed>) = 0 [pid 9099] chdir("./405" [pid 9096] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9100 attached ) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./399/binderfs", [pid 9099] <... chdir resumed>) = 0 [pid 9099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9096] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9100] set_robust_list(0x5555569076a0, 24 [pid 9099] setpgid(0, 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9096] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9099] <... setpgid resumed>) = 0 [pid 9098] munmap(0x7f670b400000, 138412032 [pid 9100] <... set_robust_list resumed>) = 0 [pid 9099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9096] <... futex resumed>) = 1 [pid 9095] <... futex resumed>) = 0 [pid 5066] unlink("./399/binderfs" [pid 9099] <... openat resumed>) = 3 [pid 9095] exit_group(0 [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9095] <... exit_group resumed>) = ? [pid 9100] chdir("./401" [pid 9099] write(3, "1000", 4 [pid 9096] +++ exited with 0 +++ [pid 9099] <... write resumed>) = 4 [pid 9099] close(3) = 0 [pid 9100] <... chdir resumed>) = 0 [pid 9099] symlink("/dev/binderfs", "./binderfs" [pid 9098] <... munmap resumed>) = 0 [pid 9095] +++ exited with 0 +++ [pid 9100] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9099] <... symlink resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9095, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 9099] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9100] <... prctl resumed>) = 0 [pid 9099] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9099] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9100] setpgid(0, 0) = 0 [pid 9099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... openat resumed>) = 3 [pid 9099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] newfstatat(3, "", [pid 9099] <... mmap resumed>) = 0x7f6713892000 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9099] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] getdents64(3, [pid 9100] <... openat resumed>) = 3 [pid 9099] <... mprotect resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9099] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9098] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9099] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9098] <... openat resumed>) = 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] newfstatat(AT_FDCWD, "./402/binderfs", ./strace-static-x86_64: Process 9101 attached [pid 9098] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9101] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9100] write(3, "1000", 4 [pid 9099] <... clone3 resumed> => {parent_tid=[9101]}, 88) = 9101 [pid 5066] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9100] <... write resumed>) = 4 [pid 9100] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9100] <... close resumed>) = 0 [pid 9100] symlink("/dev/binderfs", "./binderfs" [pid 5066] newfstatat(AT_FDCWD, "./399/file0", [pid 9099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9099] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9099] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] unlink("./402/binderfs" [pid 9100] <... symlink resumed>) = 0 [pid 9100] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 9101] <... rseq resumed>) = 0 [pid 9100] <... futex resumed>) = 0 [pid 9101] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9101] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9100] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5066] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9100] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... openat resumed>) = 4 [pid 5064] <... umount2 resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 9100] <... mprotect resumed>) = 0 [pid 9101] memfd_create("syzkaller", 0 [pid 9098] <... ioctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9101] <... memfd_create resumed>) = 3 [pid 9098] close(3 [pid 5066] getdents64(4, [pid 9101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9098] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 9101] <... mmap resumed>) = 0x7f670b400000 [pid 9098] close(4) = 0 [pid 9098] mkdir("./file0", 0777 [pid 5064] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9100] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9098] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] close(4 [pid 9100] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... close resumed>) = 0 ./strace-static-x86_64: Process 9102 attached [pid 9098] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] rmdir("./399/file0" [pid 5064] newfstatat(AT_FDCWD, "./402/file0", [pid 9102] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9100] <... clone3 resumed> => {parent_tid=[9102]}, 88) = 9102 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9102] <... rseq resumed>) = 0 [pid 9100] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] getdents64(3, [pid 5064] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9102] set_robust_list(0x7f67138b29a0, 24 [pid 9100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9100] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] close(3 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [ 326.001697][ T9098] loop0: detected capacity change from 0 to 4096 [pid 5064] rmdir("./402/file0") = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./399" [pid 9100] <... futex resumed>) = 0 [pid 9102] <... set_robust_list resumed>) = 0 [pid 9102] rt_sigprocmask(SIG_SETMASK, [], [pid 9100] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 9102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] mkdir("./400", 0777 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 9102] memfd_create("syzkaller", 0 [pid 5064] rmdir("./402" [pid 9102] <... memfd_create resumed>) = 3 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./403", 0777 [pid 9102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... mkdir resumed>) = 0 [pid 9102] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9101] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 9103 ./strace-static-x86_64: Process 9103 attached [pid 9103] set_robust_list(0x5555569076a0, 24) = 0 [pid 9103] chdir("./403") = 0 [pid 9103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9098] <... mount resumed>) = 0 [pid 9098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9098] chdir("./file0") = 0 [pid 9098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9098] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9097] <... futex resumed>) = 0 [pid 9103] setpgid(0, 0 [pid 9102] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9098] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9097] exit_group(0) = ? [pid 9103] <... setpgid resumed>) = 0 [pid 9103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9098] <... futex resumed>) = ? [pid 9103] <... openat resumed>) = 3 [pid 9098] +++ exited with 0 +++ [pid 9097] +++ exited with 0 +++ [pid 9103] write(3, "1000", 4 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9097, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5062] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9103] <... write resumed>) = 4 [pid 9103] close(3 [pid 5062] <... openat resumed>) = 3 [pid 9103] <... close resumed>) = 0 [pid 9103] symlink("/dev/binderfs", "./binderfs" [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, [pid 9103] <... symlink resumed>) = 0 [pid 9103] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9103] <... futex resumed>) = 0 [pid 5062] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9103] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] unlink("./397/binderfs" [pid 9103] <... mmap resumed>) = 0x7f6713892000 [pid 9103] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9103] <... mprotect resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5062] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9103] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... ioctl resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./397/file0", [pid 9103] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9103] <... clone3 resumed> => {parent_tid=[9104]}, 88) = 9104 ./strace-static-x86_64: Process 9104 attached [pid 9104] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 9104] <... rseq resumed>) = 0 [pid 9103] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] close(3 [pid 5062] close(4 [pid 9104] set_robust_list(0x7f67138b29a0, 24 [pid 9103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... close resumed>) = 0 [pid 9103] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./397/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 9103] <... futex resumed>) = 0 [pid 9103] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] close(3) = 0 [pid 5062] rmdir("./397" [pid 9104] <... set_robust_list resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9105 [pid 9104] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] mkdir("./398", 0777) = 0 ./strace-static-x86_64: Process 9105 attached [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9105] set_robust_list(0x5555569076a0, 24 [pid 5062] <... openat resumed>) = 3 [pid 9105] <... set_robust_list resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9105] chdir("./400") = 0 [pid 9105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9105] setpgid(0, 0) = 0 [pid 9105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9105] write(3, "1000", 4) = 4 [pid 9105] close(3) = 0 [pid 9105] symlink("/dev/binderfs", "./binderfs" [pid 9104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9105] <... symlink resumed>) = 0 [pid 9105] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9104] memfd_create("syzkaller", 0 [pid 9101] <... write resumed>) = 2097152 [pid 9105] <... futex resumed>) = 0 [pid 9105] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9101] munmap(0x7f670b400000, 138412032 [pid 9104] <... memfd_create resumed>) = 3 [pid 9102] <... write resumed>) = 2097152 [pid 9104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9105] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9104] <... mmap resumed>) = 0x7f670b400000 [pid 9105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9105] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9102] munmap(0x7f670b400000, 138412032 [pid 9105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9106 attached [pid 9101] <... munmap resumed>) = 0 [pid 9106] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9102] <... munmap resumed>) = 0 [pid 9106] <... rseq resumed>) = 0 [pid 9105] <... clone3 resumed> => {parent_tid=[9106]}, 88) = 9106 [pid 9106] set_robust_list(0x7f67138b29a0, 24 [pid 9105] rt_sigprocmask(SIG_SETMASK, [], [pid 9106] <... set_robust_list resumed>) = 0 [pid 9105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9106] rt_sigprocmask(SIG_SETMASK, [], [pid 9105] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9105] <... futex resumed>) = 0 [pid 9106] memfd_create("syzkaller", 0 [pid 9105] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9102] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9101] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9102] <... openat resumed>) = 4 [pid 9101] ioctl(4, LOOP_SET_FD, 3 [pid 9102] ioctl(4, LOOP_SET_FD, 3 [pid 9106] <... memfd_create resumed>) = 3 [pid 9106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9101] <... ioctl resumed>) = 0 [pid 9104] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9102] <... ioctl resumed>) = 0 [pid 9101] close(3 [pid 9102] close(3) = 0 [pid 9102] close(4) = 0 [pid 9101] <... close resumed>) = 0 [pid 9101] close(4) = 0 [pid 9101] mkdir("./file0", 0777) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 326.284665][ T9101] loop1: detected capacity change from 0 to 4096 [ 326.292386][ T9102] loop3: detected capacity change from 0 to 4096 [pid 9102] mkdir("./file0", 0777 [pid 9101] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9107 [pid 9102] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 9107 attached [pid 9107] set_robust_list(0x5555569076a0, 24 [pid 9102] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9107] <... set_robust_list resumed>) = 0 [pid 9107] chdir("./398") = 0 [pid 9107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9107] setpgid(0, 0) = 0 [pid 9107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9107] write(3, "1000", 4 [pid 9101] <... mount resumed>) = 0 [pid 9107] <... write resumed>) = 4 [pid 9107] close(3 [pid 9101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9107] <... close resumed>) = 0 [pid 9106] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9101] <... openat resumed>) = 3 [pid 9107] symlink("/dev/binderfs", "./binderfs" [pid 9101] chdir("./file0") = 0 [pid 9101] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9107] <... symlink resumed>) = 0 [pid 9101] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9101] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9107] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9101] <... futex resumed>) = 1 [pid 9099] <... futex resumed>) = 0 [pid 9107] <... futex resumed>) = 0 [pid 9099] exit_group(0) = ? [pid 9101] +++ exited with 0 +++ [pid 9099] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9099, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=3 /* 0.03 s */} --- [pid 5063] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./405/binderfs" [pid 9107] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] <... unlink resumed>) = 0 [pid 9107] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9107] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9104] <... write resumed>) = 2097152 [pid 5063] <... umount2 resumed>) = 0 [pid 9107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9104] munmap(0x7f670b400000, 138412032 [pid 9107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9107] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] newfstatat(AT_FDCWD, "./405/file0", ./strace-static-x86_64: Process 9108 attached [pid 9107] <... clone3 resumed> => {parent_tid=[9108]}, 88) = 9108 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9107] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9108] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9108] <... rseq resumed>) = 0 [pid 9107] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9108] set_robust_list(0x7f67138b29a0, 24 [pid 9107] <... futex resumed>) = 0 [pid 9108] <... set_robust_list resumed>) = 0 [pid 9107] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9104] <... munmap resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 9104] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5063] rmdir("./405/file0" [pid 9108] memfd_create("syzkaller", 0 [pid 9104] <... openat resumed>) = 4 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 9108] <... memfd_create resumed>) = 3 [pid 9104] ioctl(4, LOOP_SET_FD, 3 [pid 9102] <... mount resumed>) = 0 [pid 9108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./405") = 0 [pid 5063] mkdir("./406", 0777) = 0 [pid 9108] <... mmap resumed>) = 0x7f670b400000 [pid 9102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9102] chdir("./file0" [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9102] <... chdir resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 9102] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9106] <... write resumed>) = 2097152 [pid 9102] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9106] munmap(0x7f670b400000, 138412032 [pid 9104] <... ioctl resumed>) = 0 [pid 9102] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9106] <... munmap resumed>) = 0 [pid 9108] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 326.446935][ T9104] loop2: detected capacity change from 0 to 4096 [pid 9106] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9104] close(3 [pid 9102] <... futex resumed>) = 1 [pid 9100] <... futex resumed>) = 0 [pid 9108] <... write resumed>) = 2097152 [pid 9106] <... openat resumed>) = 4 [pid 9104] <... close resumed>) = 0 [pid 9102] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9108] munmap(0x7f670b400000, 138412032 [pid 9106] ioctl(4, LOOP_SET_FD, 3 [pid 9104] close(4 [pid 9100] exit_group(0 [pid 5063] <... ioctl resumed>) = 0 [pid 9100] <... exit_group resumed>) = ? [pid 9102] <... futex resumed>) = ? [pid 9104] <... close resumed>) = 0 [pid 9108] <... munmap resumed>) = 0 [pid 9104] mkdir("./file0", 0777 [pid 9102] +++ exited with 0 +++ [pid 9100] +++ exited with 0 +++ [pid 9104] <... mkdir resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9100, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 9104] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9108] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] newfstatat(AT_FDCWD, "./401/binderfs", [pid 9108] <... openat resumed>) = 4 [pid 9106] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9108] ioctl(4, LOOP_SET_FD, 3 [pid 9106] close(3 [pid 5065] unlink("./401/binderfs" [pid 5063] close(3 [pid 9106] <... close resumed>) = 0 [ 326.510687][ T5078] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 326.529931][ T9106] loop4: detected capacity change from 0 to 4096 [pid 5065] <... unlink resumed>) = 0 [pid 9106] close(4 [pid 5065] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 9106] <... close resumed>) = 0 [pid 9106] mkdir("./file0", 0777) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 9106] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5065] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9108] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 9109 attached [pid 9108] close(3 [pid 5065] newfstatat(AT_FDCWD, "./401/file0", [pid 9109] set_robust_list(0x5555569076a0, 24 [pid 9108] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9109 [pid 9109] <... set_robust_list resumed>) = 0 [pid 9108] close(4 [pid 5065] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9109] chdir("./406" [pid 9108] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9109] <... chdir resumed>) = 0 [pid 9108] mkdir("./file0", 0777 [pid 5065] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9109] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9108] <... mkdir resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [ 326.559127][ T9108] loop0: detected capacity change from 0 to 4096 [pid 9109] <... prctl resumed>) = 0 [pid 9108] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] newfstatat(4, "", [pid 9109] setpgid(0, 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9109] <... setpgid resumed>) = 0 [pid 5065] getdents64(4, [pid 9109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9109] <... openat resumed>) = 3 [pid 5065] getdents64(4, [pid 9109] write(3, "1000", 4 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9109] <... write resumed>) = 4 [pid 5065] close(4 [pid 9109] close(3 [pid 5065] <... close resumed>) = 0 [pid 9109] <... close resumed>) = 0 [pid 5065] rmdir("./401/file0" [pid 9109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9106] <... mount resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 9109] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] getdents64(3, [pid 9109] <... futex resumed>) = 0 [pid 9106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9104] <... mount resumed>) = 0 [pid 9109] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9109] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9106] <... openat resumed>) = 3 [pid 9104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9106] chdir("./file0" [pid 9104] <... openat resumed>) = 3 [pid 5065] close(3 [pid 9109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9106] <... chdir resumed>) = 0 [pid 9104] chdir("./file0" [pid 5065] <... close resumed>) = 0 [pid 9109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9106] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9104] <... chdir resumed>) = 0 [pid 5065] rmdir("./401" [pid 9109] <... mmap resumed>) = 0x7f6713892000 [pid 9106] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9104] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9109] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9106] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9104] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... rmdir resumed>) = 0 [pid 9109] <... mprotect resumed>) = 0 [pid 9106] <... futex resumed>) = 1 [pid 9105] <... futex resumed>) = 0 [pid 9104] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9109] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9105] exit_group(0 [pid 9104] <... futex resumed>) = 1 [pid 9103] <... futex resumed>) = 0 [pid 9109] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9105] <... exit_group resumed>) = ? [pid 9104] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9103] exit_group(0 [pid 5065] mkdir("./402", 0777 [pid 9109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9106] +++ exited with 0 +++ [pid 9105] +++ exited with 0 +++ [pid 9104] <... futex resumed>) = ? [pid 9103] <... exit_group resumed>) = ? [pid 5065] <... mkdir resumed>) = 0 [pid 9104] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9105, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5066] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9109] <... clone3 resumed> => {parent_tid=[9110]}, 88) = 9110 [pid 9103] +++ exited with 0 +++ [pid 5066] getdents64(3, [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 9110 attached [pid 9109] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9110] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... openat resumed>) = 3 [pid 9109] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9110] <... rseq resumed>) = 0 [pid 9109] <... futex resumed>) = 0 [pid 9110] set_robust_list(0x7f67138b29a0, 24 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9109] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9110] <... set_robust_list resumed>) = 0 [pid 5066] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9110] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9103, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 9110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] newfstatat(AT_FDCWD, "./400/binderfs", [pid 5064] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9110] memfd_create("syzkaller", 0 [pid 5066] unlink("./400/binderfs" [pid 5064] <... openat resumed>) = 3 [pid 5066] <... unlink resumed>) = 0 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 9110] <... memfd_create resumed>) = 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5066] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] unlink("./403/binderfs") = 0 [pid 5064] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./400/file0", [pid 5064] <... umount2 resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5064] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5064] newfstatat(AT_FDCWD, "./403/file0", [pid 5066] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] rmdir("./400/file0" [pid 5064] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9108] <... mount resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", [pid 9108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] getdents64(4, [pid 5066] close(3 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./400" [pid 5064] getdents64(4, [pid 9108] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 9108] chdir("./file0" [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 9108] <... chdir resumed>) = 0 [pid 5064] rmdir("./403/file0" [pid 9108] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] mkdir("./401", 0777 [pid 5064] <... rmdir resumed>) = 0 [pid 9108] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... mkdir resumed>) = 0 [pid 9108] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9108] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] getdents64(3, [pid 9107] <... futex resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5064] rmdir("./403") = 0 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9111 attached [pid 9107] exit_group(0 [pid 5064] mkdir("./404", 0777 [pid 5065] <... ioctl resumed>) = 0 [pid 9107] <... exit_group resumed>) = ? [pid 9108] <... futex resumed>) = ? [pid 9111] set_robust_list(0x5555569076a0, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9111 [pid 5064] <... mkdir resumed>) = 0 [pid 9111] <... set_robust_list resumed>) = 0 [pid 9111] chdir("./401" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9111] <... chdir resumed>) = 0 [pid 9108] +++ exited with 0 +++ [pid 9107] +++ exited with 0 +++ [pid 5065] close(3 [pid 5064] <... openat resumed>) = 3 [pid 9111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9110] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9111] setpgid(0, 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9107, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 9111] <... setpgid resumed>) = 0 [pid 9111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 9112 attached ) = 3 [pid 9112] set_robust_list(0x5555569076a0, 24 [pid 5062] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9112] <... set_robust_list resumed>) = 0 [pid 9111] write(3, "1000", 4 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9112 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9111] <... write resumed>) = 4 [pid 5062] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9112] chdir("./402" [pid 9111] close(3 [pid 5062] <... openat resumed>) = 3 [pid 9111] <... close resumed>) = 0 [pid 9112] <... chdir resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 9112] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9111] symlink("/dev/binderfs", "./binderfs" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9112] <... prctl resumed>) = 0 [pid 9111] <... symlink resumed>) = 0 [pid 9112] setpgid(0, 0 [pid 9111] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9112] <... setpgid resumed>) = 0 [pid 9112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9111] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5062] getdents64(3, [pid 9112] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9112] write(3, "1000", 4 [pid 9111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] newfstatat(AT_FDCWD, "./398/binderfs", [pid 9112] <... write resumed>) = 4 [pid 9112] close(3 [pid 9111] <... mmap resumed>) = 0x7f6713892000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9112] <... close resumed>) = 0 [pid 9111] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] unlink("./398/binderfs" [pid 9111] <... mprotect resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 9112] symlink("/dev/binderfs", "./binderfs" [pid 9111] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9110] <... write resumed>) = 2097152 [pid 5062] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9111] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9110] munmap(0x7f670b400000, 138412032 [pid 9111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 9113 attached [pid 9112] <... symlink resumed>) = 0 [pid 9113] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9111] <... clone3 resumed> => {parent_tid=[9113]}, 88) = 9113 [pid 9113] <... rseq resumed>) = 0 [pid 9113] set_robust_list(0x7f67138b29a0, 24 [pid 9112] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9110] <... munmap resumed>) = 0 [pid 9111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9111] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9111] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9112] <... futex resumed>) = 0 [pid 5062] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9112] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9113] <... set_robust_list resumed>) = 0 [pid 9110] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9112] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9110] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] newfstatat(AT_FDCWD, "./398/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9113] memfd_create("syzkaller", 0 [pid 9112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9110] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9112] <... mmap resumed>) = 0x7f6713892000 [pid 5062] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9112] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... openat resumed>) = 4 [pid 9112] <... mprotect resumed>) = 0 [pid 5062] newfstatat(4, "", [pid 9112] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9112] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] getdents64(4, [pid 9112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 9112] <... clone3 resumed> => {parent_tid=[9114]}, 88) = 9114 [pid 5062] <... close resumed>) = 0 [pid 9112] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] rmdir("./398/file0" [pid 9112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 9112] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] getdents64(3, [pid 9112] <... futex resumed>) = 0 [pid 9112] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 9114 attached [pid 5062] close(3 [pid 9114] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9113] <... memfd_create resumed>) = 3 [pid 5062] <... close resumed>) = 0 [pid 9114] <... rseq resumed>) = 0 [pid 9113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9110] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] rmdir("./398" [pid 9114] set_robust_list(0x7f67138b29a0, 24 [pid 9113] <... mmap resumed>) = 0x7f670b400000 [pid 9110] close(3 [pid 5064] close(3 [pid 5062] <... rmdir resumed>) = 0 [pid 9114] <... set_robust_list resumed>) = 0 [pid 9110] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5062] mkdir("./399", 0777 [pid 9114] rt_sigprocmask(SIG_SETMASK, [], [pid 9110] close(4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9110] <... close resumed>) = 0 ./strace-static-x86_64: Process 9115 attached [pid 9114] memfd_create("syzkaller", 0 [pid 9110] mkdir("./file0", 0777 [pid 5062] <... mkdir resumed>) = 0 [pid 9115] set_robust_list(0x5555569076a0, 24 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9115] <... set_robust_list resumed>) = 0 [pid 9114] <... memfd_create resumed>) = 3 [pid 9110] <... mkdir resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9115 [pid 5062] <... openat resumed>) = 3 [pid 9115] chdir("./404" [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9110] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9115] <... chdir resumed>) = 0 [pid 9114] <... mmap resumed>) = 0x7f670b400000 [pid 9115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9115] setpgid(0, 0) = 0 [pid 9115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9115] write(3, "1000", 4) = 4 [pid 9115] close(3) = 0 [pid 9115] symlink("/dev/binderfs", "./binderfs") = 0 [ 326.844668][ T9110] loop1: detected capacity change from 0 to 4096 [pid 9115] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9115] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9113] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9114] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9115] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9110] <... mount resumed>) = 0 [pid 9115] <... mprotect resumed>) = 0 [pid 9110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9110] chdir("./file0" [pid 9115] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9110] <... chdir resumed>) = 0 [pid 9110] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9115] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 9110] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9116 attached [pid 9110] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] close(3 [pid 9116] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9115] <... clone3 resumed> => {parent_tid=[9116]}, 88) = 9116 [pid 9110] <... futex resumed>) = 1 [pid 9109] <... futex resumed>) = 0 [pid 9116] <... rseq resumed>) = 0 [pid 9115] rt_sigprocmask(SIG_SETMASK, [], [pid 9110] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... close resumed>) = 0 [pid 9115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9109] exit_group(0 [pid 9116] set_robust_list(0x7f67138b29a0, 24 [pid 9115] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9110] <... futex resumed>) = ? [pid 9109] <... exit_group resumed>) = ? [pid 9116] <... set_robust_list resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9117 attached [pid 9116] rt_sigprocmask(SIG_SETMASK, [], [pid 9115] <... futex resumed>) = 0 [pid 9110] +++ exited with 0 +++ [pid 9109] +++ exited with 0 +++ [pid 9117] set_robust_list(0x5555569076a0, 24 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9109, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 9117] <... set_robust_list resumed>) = 0 [pid 9115] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9117 [pid 9117] chdir("./399" [pid 9116] memfd_create("syzkaller", 0 [pid 5063] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9116] <... memfd_create resumed>) = 3 [pid 9117] <... chdir resumed>) = 0 [pid 9116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9117] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9116] <... mmap resumed>) = 0x7f670b400000 [pid 9117] <... prctl resumed>) = 0 [pid 9114] <... write resumed>) = 2097152 [pid 5063] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9117] setpgid(0, 0) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 9117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9117] <... openat resumed>) = 3 [pid 9117] write(3, "1000", 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9117] <... write resumed>) = 4 [pid 5063] newfstatat(AT_FDCWD, "./406/binderfs", [pid 9117] close(3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9117] <... close resumed>) = 0 [pid 5063] unlink("./406/binderfs" [pid 9117] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... unlink resumed>) = 0 [pid 9117] <... symlink resumed>) = 0 [pid 5063] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9117] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9113] <... write resumed>) = 2097152 [pid 9114] munmap(0x7f670b400000, 138412032 [pid 5063] <... umount2 resumed>) = 0 [pid 9117] <... futex resumed>) = 0 [pid 9113] munmap(0x7f670b400000, 138412032 [pid 9117] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9117] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] newfstatat(AT_FDCWD, "./406/file0", [pid 9117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9117] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9117] <... mprotect resumed>) = 0 [pid 9117] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9117] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... openat resumed>) = 4 [pid 5063] newfstatat(4, "", [pid 9117] <... clone3 resumed> => {parent_tid=[9118]}, 88) = 9118 ./strace-static-x86_64: Process 9118 attached [pid 9117] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9117] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(4, [pid 9118] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9118] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9118] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9117] <... futex resumed>) = 0 [pid 5063] getdents64(4, [pid 9118] memfd_create("syzkaller", 0 [pid 9117] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9113] <... munmap resumed>) = 0 [pid 9118] <... memfd_create resumed>) = 3 [pid 9116] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9114] <... munmap resumed>) = 0 [pid 9113] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9114] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9113] <... openat resumed>) = 4 [pid 5063] close(4 [pid 9118] <... mmap resumed>) = 0x7f670b400000 [pid 9114] <... openat resumed>) = 4 [pid 9113] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... close resumed>) = 0 [pid 9114] ioctl(4, LOOP_SET_FD, 3 [pid 5063] rmdir("./406/file0" [pid 9114] <... ioctl resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./406") = 0 [pid 9116] <... write resumed>) = 2097152 [pid 5063] mkdir("./407", 0777 [pid 9116] munmap(0x7f670b400000, 138412032 [pid 9114] close(3 [pid 5063] <... mkdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9114] <... close resumed>) = 0 [pid 9114] close(4) = 0 [pid 9113] <... ioctl resumed>) = 0 [pid 9116] <... munmap resumed>) = 0 [pid 9114] mkdir("./file0", 0777) = 0 [pid 9113] close(3 [pid 9116] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9113] <... close resumed>) = 0 [pid 9116] <... openat resumed>) = 4 [pid 9118] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9114] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9113] close(4 [ 327.069948][ T9114] loop3: detected capacity change from 0 to 4096 [ 327.081377][ T9113] loop4: detected capacity change from 0 to 4096 [pid 9116] ioctl(4, LOOP_SET_FD, 3 [pid 9113] <... close resumed>) = 0 [pid 9113] mkdir("./file0", 0777) = 0 [pid 9113] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9116] <... ioctl resumed>) = 0 [pid 9116] close(3) = 0 [pid 9116] close(4) = 0 [pid 9116] mkdir("./file0", 0777) = 0 [ 327.111375][ T9116] loop2: detected capacity change from 0 to 4096 [pid 9116] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5063] <... ioctl resumed>) = 0 [pid 5063] close(3 [pid 9118] <... write resumed>) = 2097152 [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9114] <... mount resumed>) = 0 [pid 9114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9119 [pid 9114] chdir("./file0") = 0 ./strace-static-x86_64: Process 9119 attached [pid 9114] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9119] set_robust_list(0x5555569076a0, 24) = 0 [pid 9119] chdir("./407" [pid 9114] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9119] <... chdir resumed>) = 0 [pid 9119] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9114] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9119] <... prctl resumed>) = 0 [pid 9114] <... futex resumed>) = 1 [pid 9112] <... futex resumed>) = 0 [pid 9119] setpgid(0, 0 [pid 9112] exit_group(0 [pid 9119] <... setpgid resumed>) = 0 [pid 9112] <... exit_group resumed>) = ? [pid 9119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9118] munmap(0x7f670b400000, 138412032 [pid 9114] +++ exited with 0 +++ [pid 9112] +++ exited with 0 +++ [pid 9119] <... openat resumed>) = 3 [pid 9119] write(3, "1000", 4 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9112, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 9119] <... write resumed>) = 4 [pid 9119] close(3 [pid 9118] <... munmap resumed>) = 0 [pid 9113] <... mount resumed>) = 0 [pid 9119] <... close resumed>) = 0 [pid 9113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9119] symlink("/dev/binderfs", "./binderfs" [pid 9113] <... openat resumed>) = 3 [pid 5065] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9119] <... symlink resumed>) = 0 [pid 9113] chdir("./file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9119] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9113] <... chdir resumed>) = 0 [pid 9119] <... futex resumed>) = 0 [pid 9113] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... openat resumed>) = 3 [pid 9119] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9113] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9119] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9118] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9113] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] newfstatat(3, "", [pid 9119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9118] <... openat resumed>) = 4 [pid 9113] <... futex resumed>) = 1 [pid 9111] <... futex resumed>) = 0 [pid 9119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9111] exit_group(0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9118] ioctl(4, LOOP_SET_FD, 3 [pid 9111] <... exit_group resumed>) = ? [pid 5065] getdents64(3, [pid 9119] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9119] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./402/binderfs") = 0 [pid 9119] <... mprotect resumed>) = 0 [pid 5065] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9119] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9118] <... ioctl resumed>) = 0 [pid 9113] +++ exited with 0 +++ [pid 9111] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = 0 [pid 9119] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9118] close(3 [pid 5065] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9118] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 9120 attached [pid 9118] close(4 [pid 9116] <... mount resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./402/file0", [pid 9120] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9119] <... clone3 resumed> => {parent_tid=[9120]}, 88) = 9120 [pid 9118] <... close resumed>) = 0 [pid 9116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9111, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 9120] <... rseq resumed>) = 0 [pid 9119] rt_sigprocmask(SIG_SETMASK, [], [pid 9118] mkdir("./file0", 0777 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9120] set_robust_list(0x7f67138b29a0, 24 [pid 9119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9116] <... openat resumed>) = 3 [pid 5066] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9120] <... set_robust_list resumed>) = 0 [pid 9119] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9118] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9116] chdir("./file0" [pid 9120] rt_sigprocmask(SIG_SETMASK, [], [pid 9119] <... futex resumed>) = 0 [pid 9116] <... chdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9119] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9116] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9120] memfd_create("syzkaller", 0 [pid 9118] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9116] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9116] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] newfstatat(3, "", [pid 5065] <... openat resumed>) = 4 [pid 9116] <... futex resumed>) = 1 [pid 9115] <... futex resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9120] <... memfd_create resumed>) = 3 [pid 9116] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9115] exit_group(0 [pid 5066] getdents64(3, [pid 5065] newfstatat(4, "", [pid 9120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9116] <... futex resumed>) = ? [pid 9115] <... exit_group resumed>) = ? [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9120] <... mmap resumed>) = 0x7f670b400000 [pid 9116] +++ exited with 0 +++ [pid 5066] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 9115] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9115, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5065] close(4) = 0 [pid 5064] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./402/file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./401/binderfs", [pid 5065] <... rmdir resumed>) = 0 [ 327.252568][ T9118] loop0: detected capacity change from 0 to 4096 [pid 5064] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(3, [pid 5064] <... openat resumed>) = 3 [pid 5066] unlink("./401/binderfs" [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(3, "", [pid 5066] <... unlink resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] close(3 [pid 5064] getdents64(3, [pid 5066] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] rmdir("./402" [pid 5064] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] mkdir("./403", 0777 [pid 5064] newfstatat(AT_FDCWD, "./404/binderfs", [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5064] unlink("./404/binderfs" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5066] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... unlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./401/file0", [pid 5064] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9120] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./401/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3 [pid 9118] <... mount resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] rmdir("./401" [pid 5064] newfstatat(AT_FDCWD, "./404/file0", [pid 9118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 9118] chdir("./file0" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9118] <... chdir resumed>) = 0 [pid 9118] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] mkdir("./402", 0777 [pid 9118] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9118] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9118] <... futex resumed>) = 1 [pid 9117] <... futex resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9120] <... write resumed>) = 2097152 [pid 5066] <... openat resumed>) = 3 [pid 9120] munmap(0x7f670b400000, 138412032 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 9118] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9117] exit_group(0 [pid 5064] <... openat resumed>) = 4 [pid 9118] <... futex resumed>) = ? [pid 9117] <... exit_group resumed>) = ? [pid 5064] newfstatat(4, "", [pid 9120] <... munmap resumed>) = 0 [pid 9118] +++ exited with 0 +++ [pid 9117] +++ exited with 0 +++ [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9117, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 9120] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 9120] <... openat resumed>) = 4 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9120] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... close resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] rmdir("./404/file0") = 0 [pid 5062] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 5062] newfstatat(3, "", [pid 5065] close(3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] close(3 [pid 5062] getdents64(3, [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./404") = 0 [pid 5064] mkdir("./405", 0777 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] <... mkdir resumed>) = 0 [pid 5062] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9121 attached [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9121] set_robust_list(0x5555569076a0, 24 [pid 5064] <... openat resumed>) = 3 [pid 5062] newfstatat(AT_FDCWD, "./399/binderfs", [pid 9121] <... set_robust_list resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9121] chdir("./403" [pid 5062] unlink("./399/binderfs" [pid 9121] <... chdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9121 [pid 9121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 9121] setpgid(0, 0) = 0 [pid 5062] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9120] <... ioctl resumed>) = 0 [pid 9120] close(3 [pid 5062] <... umount2 resumed>) = 0 [pid 9120] <... close resumed>) = 0 [pid 9120] close(4 [pid 9121] write(3, "1000", 4 [pid 9120] <... close resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5062] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9120] mkdir("./file0", 0777 [pid 9121] <... write resumed>) = 4 [pid 5066] close(3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./399/file0", [pid 9121] close(3 [pid 5066] <... close resumed>) = 0 [pid 9121] <... close resumed>) = 0 [pid 9120] <... mkdir resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9121] symlink("/dev/binderfs", "./binderfs" [pid 9120] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9121] <... symlink resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9122 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9121] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 9122 attached [pid 9121] <... futex resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 9122] set_robust_list(0x5555569076a0, 24 [pid 9121] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] newfstatat(4, "", [pid 9122] <... set_robust_list resumed>) = 0 [pid 9121] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9122] chdir("./402" [pid 9121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] getdents64(4, [pid 9122] <... chdir resumed>) = 0 [pid 9121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] getdents64(4, [pid 9121] <... mmap resumed>) = 0x7f6713892000 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [ 327.421611][ T9120] loop1: detected capacity change from 0 to 4096 [pid 9121] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] close(4 [pid 9121] <... mprotect resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 9121] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] rmdir("./399/file0" [pid 9121] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, [pid 9121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 9123 attached [pid 9121] <... clone3 resumed> => {parent_tid=[9123]}, 88) = 9123 [pid 9123] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9121] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] close(3 [pid 9123] <... rseq resumed>) = 0 [pid 9121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... close resumed>) = 0 [pid 9123] set_robust_list(0x7f67138b29a0, 24 [pid 9121] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9123] <... set_robust_list resumed>) = 0 [pid 9121] <... futex resumed>) = 0 [pid 5062] rmdir("./399" [pid 9123] rt_sigprocmask(SIG_SETMASK, [], [pid 9121] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9122] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] <... rmdir resumed>) = 0 [pid 9122] <... prctl resumed>) = 0 [pid 9123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9123] memfd_create("syzkaller", 0 [pid 9122] setpgid(0, 0 [pid 5062] mkdir("./400", 0777) = 0 [pid 9122] <... setpgid resumed>) = 0 [pid 9122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9122] write(3, "1000", 4 [pid 9123] <... memfd_create resumed>) = 3 [pid 5062] <... openat resumed>) = 3 [pid 9123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9122] <... write resumed>) = 4 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9123] <... mmap resumed>) = 0x7f670b400000 [pid 9122] close(3) = 0 [pid 9122] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... ioctl resumed>) = 0 [pid 9122] <... symlink resumed>) = 0 [pid 5064] close(3 [pid 9122] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 9122] <... futex resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9122] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9124 [pid 9122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9122] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9125 attached [pid 9125] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9122] <... clone3 resumed> => {parent_tid=[9125]}, 88) = 9125 [pid 9125] <... rseq resumed>) = 0 [pid 9122] rt_sigprocmask(SIG_SETMASK, [], [pid 9125] set_robust_list(0x7f67138b29a0, 24 [pid 9122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9125] <... set_robust_list resumed>) = 0 [pid 9122] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9125] rt_sigprocmask(SIG_SETMASK, [], [pid 9122] <... futex resumed>) = 0 ./strace-static-x86_64: Process 9124 attached [pid 9125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9122] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9125] memfd_create("syzkaller", 0 [pid 9124] set_robust_list(0x5555569076a0, 24 [pid 9125] <... memfd_create resumed>) = 3 [pid 9124] <... set_robust_list resumed>) = 0 [pid 9125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9124] chdir("./405") = 0 [pid 9124] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9123] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9124] <... prctl resumed>) = 0 [pid 9124] setpgid(0, 0) = 0 [pid 9124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... ioctl resumed>) = 0 [pid 9124] <... openat resumed>) = 3 [pid 9124] write(3, "1000", 4 [pid 9120] <... mount resumed>) = 0 [pid 9124] <... write resumed>) = 4 [pid 9124] close(3 [pid 9120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9124] <... close resumed>) = 0 [pid 9124] symlink("/dev/binderfs", "./binderfs" [pid 9120] <... openat resumed>) = 3 [pid 9124] <... symlink resumed>) = 0 [pid 9120] chdir("./file0" [pid 9124] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9120] <... chdir resumed>) = 0 [pid 9124] <... futex resumed>) = 0 [pid 9120] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] close(3 [pid 9124] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9120] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9124] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9120] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9120] <... futex resumed>) = 1 [pid 9119] <... futex resumed>) = 0 [pid 9124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9120] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9119] exit_group(0 [pid 9124] <... mmap resumed>) = 0x7f6713892000 [pid 9120] <... futex resumed>) = ? [pid 9119] <... exit_group resumed>) = ? [pid 9124] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9120] +++ exited with 0 +++ [pid 9119] +++ exited with 0 +++ [pid 5062] <... close resumed>) = 0 [pid 9124] <... mprotect resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9119, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5063] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 9126 attached [pid 9126] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9124] <... clone3 resumed> => {parent_tid=[9126]}, 88) = 9126 [pid 5063] <... openat resumed>) = 3 [pid 9126] <... rseq resumed>) = 0 [pid 9124] rt_sigprocmask(SIG_SETMASK, [], [pid 9126] set_robust_list(0x7f67138b29a0, 24 [pid 9124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9126] <... set_robust_list resumed>) = 0 [pid 9124] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9123] <... write resumed>) = 2097152 [pid 9126] rt_sigprocmask(SIG_SETMASK, [], [pid 9124] <... futex resumed>) = 0 [pid 9123] munmap(0x7f670b400000, 138412032 [pid 5063] newfstatat(3, "", [pid 9126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9124] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, ./strace-static-x86_64: Process 9127 attached 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9127] set_robust_list(0x5555569076a0, 24 [pid 5063] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9127 [pid 9127] <... set_robust_list resumed>) = 0 [pid 9126] memfd_create("syzkaller", 0 [pid 9123] <... munmap resumed>) = 0 [pid 9127] chdir("./400" [pid 9125] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9127] <... chdir resumed>) = 0 [pid 9126] <... memfd_create resumed>) = 3 [pid 9123] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] newfstatat(AT_FDCWD, "./407/binderfs", [pid 9127] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9127] <... prctl resumed>) = 0 [pid 9126] <... mmap resumed>) = 0x7f670b400000 [pid 5063] unlink("./407/binderfs" [pid 9127] setpgid(0, 0 [pid 9123] <... openat resumed>) = 4 [pid 5063] <... unlink resumed>) = 0 [pid 9127] <... setpgid resumed>) = 0 [pid 5063] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... umount2 resumed>) = 0 [pid 9127] <... openat resumed>) = 3 [pid 9123] ioctl(4, LOOP_SET_FD, 3 [pid 9127] write(3, "1000", 4 [pid 5063] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9127] <... write resumed>) = 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9127] close(3) = 0 [pid 5063] newfstatat(AT_FDCWD, "./407/file0", [pid 9127] symlink("/dev/binderfs", "./binderfs" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9127] <... symlink resumed>) = 0 [pid 9127] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9127] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9127] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9127] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5063] <... openat resumed>) = 4 [pid 9127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] newfstatat(4, "", [pid 9127] <... mmap resumed>) = 0x7f6713892000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9127] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] getdents64(4, [pid 9127] <... mprotect resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9127] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] getdents64(4, [pid 9127] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] close(4) = 0 ./strace-static-x86_64: Process 9128 attached [pid 9128] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] rmdir("./407/file0" [pid 9128] <... rseq resumed>) = 0 [pid 9127] <... clone3 resumed> => {parent_tid=[9128]}, 88) = 9128 [pid 5063] <... rmdir resumed>) = 0 [pid 9128] set_robust_list(0x7f67138b29a0, 24 [pid 9127] rt_sigprocmask(SIG_SETMASK, [], [pid 9123] <... ioctl resumed>) = 0 [pid 9128] <... set_robust_list resumed>) = 0 [pid 9127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9128] rt_sigprocmask(SIG_SETMASK, [], [pid 9127] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] getdents64(3, [pid 9128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9127] <... futex resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9128] memfd_create("syzkaller", 0 [pid 9127] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] close(3) = 0 [pid 5063] rmdir("./407") = 0 [pid 9128] <... memfd_create resumed>) = 3 [pid 9123] close(3) = 0 [pid 9123] close(4) = 0 [pid 9128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] mkdir("./408", 0777 [pid 9123] mkdir("./file0", 0777 [pid 9125] <... write resumed>) = 2097152 [pid 9123] <... mkdir resumed>) = 0 [pid 9123] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] <... mkdir resumed>) = 0 [pid 9125] munmap(0x7f670b400000, 138412032 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9125] <... munmap resumed>) = 0 [pid 9125] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 327.668650][ T9123] loop3: detected capacity change from 0 to 4096 [pid 9126] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9125] <... openat resumed>) = 4 [pid 9125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9125] close(3) = 0 [pid 9128] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9125] close(4) = 0 [pid 9125] mkdir("./file0", 0777) = 0 [pid 9125] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9123] <... mount resumed>) = 0 [ 327.731212][ T9125] loop4: detected capacity change from 0 to 4096 [pid 9123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9123] chdir("./file0") = 0 [pid 9123] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9123] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9121] <... futex resumed>) = 0 [pid 9123] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9121] exit_group(0 [pid 9123] <... futex resumed>) = ? [pid 9121] <... exit_group resumed>) = ? [pid 9123] +++ exited with 0 +++ [pid 9121] +++ exited with 0 +++ [pid 9126] <... write resumed>) = 2097152 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9121, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5063] <... ioctl resumed>) = 0 [pid 5065] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./403/binderfs" [pid 5063] close(3 [pid 9126] munmap(0x7f670b400000, 138412032 [pid 5065] <... unlink resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5065] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9126] <... munmap resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9129 [pid 9125] <... mount resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 9125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 9129 attached ) = 3 [pid 9129] set_robust_list(0x5555569076a0, 24 [pid 9125] chdir("./file0" [pid 9129] <... set_robust_list resumed>) = 0 [pid 9125] <... chdir resumed>) = 0 [pid 9125] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9125] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9129] chdir("./408" [pid 9125] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9129] <... chdir resumed>) = 0 [pid 5065] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9129] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9128] <... write resumed>) = 2097152 [pid 9122] <... futex resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9129] <... prctl resumed>) = 0 [pid 9126] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9122] exit_group(0 [pid 5065] newfstatat(AT_FDCWD, "./403/file0", [pid 9129] setpgid(0, 0 [pid 9128] munmap(0x7f670b400000, 138412032 [pid 9126] <... openat resumed>) = 4 [pid 9125] <... futex resumed>) = ? [pid 9122] <... exit_group resumed>) = ? [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9129] <... setpgid resumed>) = 0 [pid 9128] <... munmap resumed>) = 0 [pid 9126] ioctl(4, LOOP_SET_FD, 3 [pid 9125] +++ exited with 0 +++ [pid 9122] +++ exited with 0 +++ [pid 5065] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9122, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 9129] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9129] write(3, "1000", 4 [pid 5065] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9129] <... write resumed>) = 4 [pid 5066] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 9129] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 9129] <... close resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 9129] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9129] <... symlink resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 5065] getdents64(4, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9128] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] getdents64(3, [pid 5065] getdents64(4, [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./403/file0") = 0 [pid 5066] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9128] <... openat resumed>) = 4 [pid 9129] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9128] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(3, [pid 9129] <... futex resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./402/binderfs", [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9129] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] close(3 [pid 9129] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... close resumed>) = 0 [pid 9129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] unlink("./402/binderfs" [pid 5065] rmdir("./403" [pid 9129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 9129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] mkdir("./404", 0777 [pid 9129] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... mkdir resumed>) = 0 [pid 9129] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5066] <... umount2 resumed>) = 0 [pid 9129] <... mprotect resumed>) = 0 [pid 9126] <... ioctl resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9129] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9126] close(3) = 0 [pid 9126] close(4) = 0 [pid 9126] mkdir("./file0", 0777 [pid 5066] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9129] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9126] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9126] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5066] newfstatat(AT_FDCWD, "./402/file0", ./strace-static-x86_64: Process 9130 attached [pid 9128] <... ioctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9130] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9128] close(3 [pid 9130] <... rseq resumed>) = 0 [pid 9129] <... clone3 resumed> => {parent_tid=[9130]}, 88) = 9130 [pid 9128] <... close resumed>) = 0 [pid 5066] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9130] set_robust_list(0x7f67138b29a0, 24 [pid 9129] rt_sigprocmask(SIG_SETMASK, [], [pid 9128] close(4 [pid 9130] <... set_robust_list resumed>) = 0 [pid 9129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9128] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9130] rt_sigprocmask(SIG_SETMASK, [], [pid 9129] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9128] mkdir("./file0", 0777 [pid 5066] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9129] <... futex resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 9129] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] newfstatat(4, "", [pid 9128] <... mkdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 327.894187][ T9126] loop2: detected capacity change from 0 to 4096 [ 327.912567][ T9128] loop0: detected capacity change from 0 to 4096 [pid 5066] getdents64(4, [pid 9130] memfd_create("syzkaller", 0 [pid 9128] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 9130] <... memfd_create resumed>) = 3 [pid 9130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./402/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./402") = 0 [pid 5066] mkdir("./403", 0777 [pid 9126] <... mount resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 9126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] close(3 [pid 9126] <... openat resumed>) = 3 [pid 9126] chdir("./file0" [pid 5066] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 9126] <... chdir resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9126] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9126] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9131 [pid 9126] <... futex resumed>) = 1 ./strace-static-x86_64: Process 9131 attached [pid 9126] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9124] <... futex resumed>) = 0 [pid 9124] exit_group(0 [pid 9131] set_robust_list(0x5555569076a0, 24 [pid 9126] <... futex resumed>) = ? [pid 9124] <... exit_group resumed>) = ? [pid 9126] +++ exited with 0 +++ [pid 9131] <... set_robust_list resumed>) = 0 [pid 9128] <... mount resumed>) = 0 [pid 9124] +++ exited with 0 +++ [pid 9131] chdir("./404" [pid 9128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9124, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 9131] <... chdir resumed>) = 0 [pid 9128] <... openat resumed>) = 3 [pid 9131] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9128] chdir("./file0" [pid 9131] <... prctl resumed>) = 0 [pid 9128] <... chdir resumed>) = 0 [pid 5064] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9131] setpgid(0, 0 [pid 9128] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9131] <... setpgid resumed>) = 0 [pid 9128] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9128] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... openat resumed>) = 3 [pid 9128] <... futex resumed>) = 1 [pid 5064] newfstatat(3, "", [pid 9128] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9131] <... openat resumed>) = 3 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9131] write(3, "1000", 4 [pid 9130] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9127] <... futex resumed>) = 0 [pid 9131] <... write resumed>) = 4 [pid 9127] exit_group(0) = ? [pid 9131] close(3 [pid 9128] <... futex resumed>) = ? [pid 5064] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9131] <... close resumed>) = 0 [pid 9128] +++ exited with 0 +++ [pid 9127] +++ exited with 0 +++ [pid 5064] unlink("./405/binderfs" [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9127, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9131] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9131] <... futex resumed>) = 0 [pid 9131] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] getdents64(3, [pid 9131] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./400/binderfs", [pid 9131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./400/binderfs") = 0 [pid 5062] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 9131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9131] <... mmap resumed>) = 0x7f6713892000 [pid 5062] newfstatat(AT_FDCWD, "./400/file0", [pid 9131] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9131] <... mprotect resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", [pid 5064] newfstatat(AT_FDCWD, "./405/file0", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] getdents64(4, [pid 5064] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] getdents64(4, [pid 5064] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5062] close(4 [pid 5064] newfstatat(4, "", [pid 5062] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] rmdir("./400/file0" [pid 9131] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] getdents64(4, [pid 5062] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] getdents64(3, [pid 5064] close(4 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 9131] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] rmdir("./405/file0" [pid 5062] close(3 [pid 9131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./400" [pid 5064] getdents64(3, [pid 5062] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 9132 attached [pid 5062] mkdir("./401", 0777 [pid 9132] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9131] <... clone3 resumed> => {parent_tid=[9132]}, 88) = 9132 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9131] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] close(3 [pid 5062] <... mkdir resumed>) = 0 [pid 9132] <... rseq resumed>) = 0 [pid 9131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... close resumed>) = 0 [pid 9132] set_robust_list(0x7f67138b29a0, 24 [pid 9131] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] rmdir("./405" [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9132] <... set_robust_list resumed>) = 0 [pid 9131] <... futex resumed>) = 0 [pid 5066] close(3 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 9132] rt_sigprocmask(SIG_SETMASK, [], [pid 9131] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... close resumed>) = 0 [pid 5064] mkdir("./406", 0777 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... mkdir resumed>) = 0 [pid 9132] memfd_create("syzkaller", 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9132] <... memfd_create resumed>) = 3 [pid 9130] <... write resumed>) = 2097152 [pid 9132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9130] munmap(0x7f670b400000, 138412032./strace-static-x86_64: Process 9133 attached [pid 9132] <... mmap resumed>) = 0x7f670b400000 [pid 9130] <... munmap resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9133 [pid 9133] set_robust_list(0x5555569076a0, 24 [pid 9130] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9130] ioctl(4, LOOP_SET_FD, 3 [pid 9133] <... set_robust_list resumed>) = 0 [pid 9133] chdir("./403") = 0 [pid 9133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9133] setpgid(0, 0) = 0 [pid 9133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9133] write(3, "1000", 4) = 4 [pid 9133] close(3) = 0 [pid 9133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9133] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9130] <... ioctl resumed>) = 0 [pid 9130] close(3 [pid 9133] <... futex resumed>) = 0 [pid 9130] <... close resumed>) = 0 [pid 9130] close(4 [pid 9133] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9130] <... close resumed>) = 0 [pid 9133] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9133] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9130] mkdir("./file0", 0777 [pid 9133] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9133] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9130] <... mkdir resumed>) = 0 [pid 9133] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9130] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9134]}, 88) = 9134 [pid 9133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9133] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9133] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 9134 attached [pid 9134] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9134] set_robust_list(0x7f67138b29a0, 24 [pid 9132] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9134] <... set_robust_list resumed>) = 0 [pid 9134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 328.197983][ T9130] loop1: detected capacity change from 0 to 4096 [pid 9134] memfd_create("syzkaller", 0) = 3 [pid 9134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 9135 ./strace-static-x86_64: Process 9135 attached [pid 9135] set_robust_list(0x5555569076a0, 24) = 0 [pid 9135] chdir("./401") = 0 [pid 9135] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9135] <... prctl resumed>) = 0 [pid 9135] setpgid(0, 0) = 0 [pid 9135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9136 [pid 9135] <... openat resumed>) = 3 [pid 9135] write(3, "1000", 4./strace-static-x86_64: Process 9136 attached [pid 9136] set_robust_list(0x5555569076a0, 24 [pid 9135] <... write resumed>) = 4 [pid 9135] close(3 [pid 9136] <... set_robust_list resumed>) = 0 [pid 9130] <... mount resumed>) = 0 [pid 9136] chdir("./406" [pid 9130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9136] <... chdir resumed>) = 0 [pid 9135] <... close resumed>) = 0 [pid 9136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9130] <... openat resumed>) = 3 [pid 9135] symlink("/dev/binderfs", "./binderfs" [pid 9136] setpgid(0, 0) = 0 [pid 9130] chdir("./file0") = 0 [pid 9136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9135] <... symlink resumed>) = 0 [pid 9130] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9136] <... openat resumed>) = 3 [pid 9135] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9134] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9130] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9135] <... futex resumed>) = 0 [pid 9136] write(3, "1000", 4 [pid 9130] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9136] <... write resumed>) = 4 [pid 9130] <... futex resumed>) = 1 [pid 9136] close(3 [pid 9130] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9136] <... close resumed>) = 0 [pid 9135] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9129] <... futex resumed>) = 0 [pid 9135] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9129] exit_group(0 [pid 9136] symlink("/dev/binderfs", "./binderfs" [pid 9135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9129] <... exit_group resumed>) = ? [pid 9136] <... symlink resumed>) = 0 [pid 9135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9130] <... futex resumed>) = ? [pid 9135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9132] <... write resumed>) = 2097152 [pid 9130] +++ exited with 0 +++ [pid 9129] +++ exited with 0 +++ [pid 9135] <... mmap resumed>) = 0x7f6713892000 [pid 9135] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9129, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 9136] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 9136] <... futex resumed>) = 0 [pid 5063] <... restart_syscall resumed>) = 0 [pid 9136] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9135] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9132] munmap(0x7f670b400000, 138412032 [pid 9136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9135] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9132] <... munmap resumed>) = 0 [pid 5063] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 9137 attached [pid 9136] <... mmap resumed>) = 0x7f6713892000 [pid 5063] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9137] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9136] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9135] <... clone3 resumed> => {parent_tid=[9137]}, 88) = 9137 [pid 9137] <... rseq resumed>) = 0 [pid 9136] <... mprotect resumed>) = 0 [pid 9135] rt_sigprocmask(SIG_SETMASK, [], [pid 9137] set_robust_list(0x7f67138b29a0, 24 [pid 9136] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... openat resumed>) = 3 [pid 9137] <... set_robust_list resumed>) = 0 [pid 9135] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9135] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9136] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] newfstatat(3, "", [pid 9132] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9132] ioctl(4, LOOP_SET_FD, 3 [pid 9137] memfd_create("syzkaller", 0 [pid 9136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9132] <... ioctl resumed>) = 0 [pid 9132] close(3) = 0 [pid 9132] close(4./strace-static-x86_64: Process 9138 attached [pid 9136] <... clone3 resumed> => {parent_tid=[9138]}, 88) = 9138 [pid 9132] <... close resumed>) = 0 [pid 5063] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9138] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9137] <... memfd_create resumed>) = 3 [pid 9136] rt_sigprocmask(SIG_SETMASK, [], [pid 9138] <... rseq resumed>) = 0 [pid 9137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9138] set_robust_list(0x7f67138b29a0, 24 [pid 9137] <... mmap resumed>) = 0x7f670b400000 [pid 9136] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9134] <... write resumed>) = 2097152 [pid 9132] mkdir("./file0", 0777 [pid 5063] newfstatat(AT_FDCWD, "./408/binderfs", [pid 9138] <... set_robust_list resumed>) = 0 [pid 9138] rt_sigprocmask(SIG_SETMASK, [], [pid 9136] <... futex resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9136] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] unlink("./408/binderfs" [pid 9138] memfd_create("syzkaller", 0 [pid 5063] <... unlink resumed>) = 0 [pid 9138] <... memfd_create resumed>) = 3 [pid 5063] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9132] <... mkdir resumed>) = 0 [pid 9132] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [ 328.409546][ T9132] loop3: detected capacity change from 0 to 4096 [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./408/file0", [pid 9134] munmap(0x7f670b400000, 138412032) = 0 [pid 9134] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9134] ioctl(4, LOOP_SET_FD, 3 [pid 9132] <... mount resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9132] chdir("./file0") = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9137] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9132] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] <... openat resumed>) = 4 [pid 9132] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9132] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9131] <... futex resumed>) = 0 [pid 9132] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9131] exit_group(0 [pid 9132] <... futex resumed>) = ? [pid 9131] <... exit_group resumed>) = ? [pid 9132] +++ exited with 0 +++ [pid 9131] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9131, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(4, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] getdents64(4, [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 5065] getdents64(3, [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9138] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9134] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... close resumed>) = 0 [pid 9134] close(3 [pid 5065] unlink("./404/binderfs" [pid 5063] rmdir("./408/file0" [pid 9134] <... close resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 9134] close(4) = 0 [pid 5065] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 9134] mkdir("./file0", 0777) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 5065] <... umount2 resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./408") = 0 [ 328.497373][ T9134] loop4: detected capacity change from 0 to 4096 [pid 9134] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] mkdir("./409", 0777 [pid 5065] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./404/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... mkdir resumed>) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] close(4) = 0 [pid 5065] rmdir("./404/file0" [pid 5063] <... openat resumed>) = 3 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5065] close(3) = 0 [pid 5065] rmdir("./404") = 0 [pid 5065] mkdir("./405", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9137] <... write resumed>) = 2097152 [pid 9137] munmap(0x7f670b400000, 138412032 [pid 9138] <... write resumed>) = 2097152 [pid 9138] munmap(0x7f670b400000, 138412032 [pid 9137] <... munmap resumed>) = 0 [pid 9137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9137] ioctl(4, LOOP_SET_FD, 3 [pid 9138] <... munmap resumed>) = 0 [pid 9138] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9137] <... ioctl resumed>) = 0 [pid 9137] close(3) = 0 [pid 9137] close(4) = 0 [pid 9137] mkdir("./file0", 0777) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 9138] close(3 [pid 9137] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9134] <... mount resumed>) = 0 [pid 5065] close(3 [pid 9138] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9138] close(4) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9138] mkdir("./file0", 0777./strace-static-x86_64: Process 9139 attached ) = 0 [pid 9134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9139] set_robust_list(0x5555569076a0, 24 [pid 9134] <... openat resumed>) = 3 [ 328.641480][ T9137] loop0: detected capacity change from 0 to 4096 [ 328.649464][ T9138] loop2: detected capacity change from 0 to 4096 [pid 9139] <... set_robust_list resumed>) = 0 [pid 9138] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9134] chdir("./file0" [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9139 [pid 5063] close(3 [pid 9134] <... chdir resumed>) = 0 [pid 9139] chdir("./405" [pid 9134] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9139] <... chdir resumed>) = 0 [pid 9134] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] <... close resumed>) = 0 [pid 9139] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9134] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9139] <... prctl resumed>) = 0 [pid 9134] <... futex resumed>) = 1 [pid 9133] <... futex resumed>) = 0 [pid 9139] setpgid(0, 0 [pid 9134] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9133] exit_group(0 [pid 9139] <... setpgid resumed>) = 0 [pid 9134] <... futex resumed>) = ? [pid 9133] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 9140 attached [pid 9139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9134] +++ exited with 0 +++ [pid 9133] +++ exited with 0 +++ [pid 9140] set_robust_list(0x5555569076a0, 24) = 0 [pid 9139] <... openat resumed>) = 3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9133, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9140 [pid 9139] write(3, "1000", 4 [pid 9137] <... mount resumed>) = 0 [pid 5066] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9140] chdir("./409" [pid 9137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9139] <... write resumed>) = 4 [pid 9140] <... chdir resumed>) = 0 [pid 9137] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9140] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9139] close(3 [pid 9137] chdir("./file0" [pid 5066] <... openat resumed>) = 3 [pid 9140] <... prctl resumed>) = 0 [pid 9139] <... close resumed>) = 0 [pid 9137] <... chdir resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 9140] setpgid(0, 0 [pid 9139] symlink("/dev/binderfs", "./binderfs" [pid 9137] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9140] <... setpgid resumed>) = 0 [pid 9139] <... symlink resumed>) = 0 [pid 9137] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] getdents64(3, [pid 9140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9139] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9137] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9140] <... openat resumed>) = 3 [pid 9139] <... futex resumed>) = 0 [pid 9137] <... futex resumed>) = 1 [pid 9135] <... futex resumed>) = 0 [pid 5066] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9139] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9137] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9135] exit_group(0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9140] write(3, "1000", 4 [pid 9137] <... futex resumed>) = ? [pid 9135] <... exit_group resumed>) = ? [pid 5066] newfstatat(AT_FDCWD, "./403/binderfs", [pid 9139] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9140] <... write resumed>) = 4 [pid 9139] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9140] close(3 [pid 9139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9138] <... mount resumed>) = 0 [pid 5066] unlink("./403/binderfs" [pid 9140] <... close resumed>) = 0 [pid 9139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... unlink resumed>) = 0 [pid 9140] symlink("/dev/binderfs", "./binderfs" [pid 9139] <... mmap resumed>) = 0x7f6713892000 [pid 9138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9140] <... symlink resumed>) = 0 [pid 9137] +++ exited with 0 +++ [pid 9139] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9138] <... openat resumed>) = 3 [pid 9135] +++ exited with 0 +++ [pid 5066] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9139] <... mprotect resumed>) = 0 [pid 9138] chdir("./file0" [pid 5066] <... umount2 resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9135, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 9140] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9139] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9138] <... chdir resumed>) = 0 [pid 9139] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9138] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9140] <... futex resumed>) = 0 [pid 9138] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 9141 attached [pid 9140] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9138] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9141] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9140] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9139] <... clone3 resumed> => {parent_tid=[9141]}, 88) = 9141 [pid 9138] <... futex resumed>) = 1 [pid 9136] <... futex resumed>) = 0 [pid 5066] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9141] <... rseq resumed>) = 0 [pid 9140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9139] rt_sigprocmask(SIG_SETMASK, [], [pid 9138] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9136] exit_group(0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9141] set_robust_list(0x7f67138b29a0, 24 [pid 9140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9138] <... futex resumed>) = ? [pid 9136] <... exit_group resumed>) = ? [pid 5066] newfstatat(AT_FDCWD, "./403/file0", [pid 9141] <... set_robust_list resumed>) = 0 [pid 9140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9139] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9138] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9141] rt_sigprocmask(SIG_SETMASK, [], [pid 9140] <... mmap resumed>) = 0x7f6713892000 [pid 5066] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9140] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9136] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9141] memfd_create("syzkaller", 0 [pid 9140] <... mprotect resumed>) = 0 [pid 9139] <... futex resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9136, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9139] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9140] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... openat resumed>) = 4 [pid 5062] <... openat resumed>) = 3 [pid 5066] newfstatat(4, "", [pid 5062] newfstatat(3, "", [pid 9141] <... memfd_create resumed>) = 3 [pid 9140] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] getdents64(4, [pid 5064] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] getdents64(3, [pid 9141] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9140] <... clone3 resumed> => {parent_tid=[9142]}, 88) = 9142 [pid 5064] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9140] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9142 attached [pid 9140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... openat resumed>) = 3 [pid 9142] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9142] <... rseq resumed>) = 0 [pid 9140] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] getdents64(4, [pid 5064] newfstatat(3, "", [pid 5062] newfstatat(AT_FDCWD, "./401/binderfs", [pid 9142] set_robust_list(0x7f67138b29a0, 24 [pid 9140] <... futex resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9142] <... set_robust_list resumed>) = 0 [pid 5066] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9142] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... close resumed>) = 0 [pid 5062] unlink("./401/binderfs" [pid 9142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9140] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] rmdir("./403/file0" [pid 5064] getdents64(3, [pid 5062] <... unlink resumed>) = 0 [pid 9142] memfd_create("syzkaller", 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9142] <... memfd_create resumed>) = 3 [pid 5064] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] getdents64(3, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9142] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(AT_FDCWD, "./406/binderfs", [pid 5066] close(3) = 0 [pid 5066] rmdir("./403") = 0 [pid 5066] mkdir("./404", 0777) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] unlink("./406/binderfs" [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5062] <... umount2 resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5062] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./401/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 5064] <... umount2 resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] getdents64(4, [pid 9141] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(AT_FDCWD, "./406/file0", [pid 5062] close(4) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] rmdir("./401/file0") = 0 [pid 5064] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] getdents64(3, [pid 5064] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5062] close(3 [pid 5064] newfstatat(4, "", [pid 5062] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] rmdir("./401" [pid 5064] getdents64(4, [pid 5066] <... ioctl resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./402", 0777 [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9142] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... mkdir resumed>) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] close(4) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5064] rmdir("./406/file0" [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5066] close(3 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 9143 ./strace-static-x86_64: Process 9143 attached [pid 9143] set_robust_list(0x5555569076a0, 24 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 9143] <... set_robust_list resumed>) = 0 [pid 9143] chdir("./404") = 0 [pid 9143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9143] setpgid(0, 0) = 0 [pid 9143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9143] write(3, "1000", 4 [pid 5064] rmdir("./406" [pid 9143] <... write resumed>) = 4 [pid 9143] close(3) = 0 [pid 9141] <... write resumed>) = 2097152 [pid 9143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 9143] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] mkdir("./407", 0777 [pid 9143] <... futex resumed>) = 0 [pid 9143] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 9143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9141] munmap(0x7f670b400000, 138412032 [pid 9143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... openat resumed>) = 3 [pid 9143] <... mmap resumed>) = 0x7f6713892000 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9143] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9142] <... write resumed>) = 2097152 [pid 9141] <... munmap resumed>) = 0 [pid 9142] munmap(0x7f670b400000, 138412032 [pid 9141] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9143] <... clone3 resumed> => {parent_tid=[9144]}, 88) = 9144 [pid 9143] rt_sigprocmask(SIG_SETMASK, [], [pid 9141] <... openat resumed>) = 4 ./strace-static-x86_64: Process 9144 attached [pid 9143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9141] ioctl(4, LOOP_SET_FD, 3 [pid 9144] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9143] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9141] <... ioctl resumed>) = 0 [pid 9144] <... rseq resumed>) = 0 [pid 9143] <... futex resumed>) = 0 [pid 9143] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9144] set_robust_list(0x7f67138b29a0, 24 [pid 5062] <... ioctl resumed>) = 0 [pid 9144] <... set_robust_list resumed>) = 0 [pid 9144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9144] memfd_create("syzkaller", 0 [pid 9142] <... munmap resumed>) = 0 [pid 9144] <... memfd_create resumed>) = 3 [pid 9144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9142] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9142] ioctl(4, LOOP_SET_FD, 3 [pid 9141] close(3) = 0 [pid 9141] close(4) = 0 [pid 9141] mkdir("./file0", 0777) = 0 [pid 9141] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9142] <... ioctl resumed>) = 0 [pid 5062] close(3 [pid 9142] close(3) = 0 [pid 9142] close(4) = 0 [pid 9142] mkdir("./file0", 0777) = 0 [pid 5062] <... close resumed>) = 0 [ 328.990062][ T9141] loop3: detected capacity change from 0 to 4096 [ 329.014513][ T9142] loop1: detected capacity change from 0 to 4096 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9142] mount("/dev/loop1", "./file0", "ntfs3", 0, ""./strace-static-x86_64: Process 9145 attached [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 9145] set_robust_list(0x5555569076a0, 24 [pid 9144] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9145 [pid 9145] <... set_robust_list resumed>) = 0 [pid 9145] chdir("./402" [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9146 [pid 9145] <... chdir resumed>) = 0 [pid 9145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9145] setpgid(0, 0./strace-static-x86_64: Process 9146 attached [pid 9146] set_robust_list(0x5555569076a0, 24) = 0 [pid 9146] chdir("./407") = 0 [pid 9146] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9145] <... setpgid resumed>) = 0 [pid 9146] <... prctl resumed>) = 0 [pid 9146] setpgid(0, 0 [pid 9145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9146] <... setpgid resumed>) = 0 [pid 9146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9146] write(3, "1000", 4) = 4 [pid 9145] <... openat resumed>) = 3 [pid 9145] write(3, "1000", 4 [pid 9146] close(3) = 0 [pid 9145] <... write resumed>) = 4 [pid 9145] close(3) = 0 [pid 9146] symlink("/dev/binderfs", "./binderfs" [pid 9145] symlink("/dev/binderfs", "./binderfs" [pid 9146] <... symlink resumed>) = 0 [pid 9146] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9145] <... symlink resumed>) = 0 [pid 9146] <... futex resumed>) = 0 [pid 9145] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9146] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9145] <... futex resumed>) = 0 [pid 9145] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9145] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9145] <... mmap resumed>) = 0x7f6713892000 [pid 9146] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9145] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9146] <... mprotect resumed>) = 0 [pid 9145] <... mprotect resumed>) = 0 [pid 9146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9145] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9144] <... write resumed>) = 2097152 [pid 9144] munmap(0x7f670b400000, 138412032./strace-static-x86_64: Process 9147 attached [pid 9145] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9147] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9146] <... clone3 resumed> => {parent_tid=[9147]}, 88) = 9147 [pid 9145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9148 attached [pid 9147] <... rseq resumed>) = 0 [pid 9146] rt_sigprocmask(SIG_SETMASK, [], [pid 9147] set_robust_list(0x7f67138b29a0, 24 [pid 9146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9145] <... clone3 resumed> => {parent_tid=[9148]}, 88) = 9148 [pid 9148] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9147] <... set_robust_list resumed>) = 0 [pid 9146] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9145] rt_sigprocmask(SIG_SETMASK, [], [pid 9144] <... munmap resumed>) = 0 [pid 9141] <... mount resumed>) = 0 [pid 9148] <... rseq resumed>) = 0 [pid 9146] <... futex resumed>) = 0 [pid 9145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9147] rt_sigprocmask(SIG_SETMASK, [], [pid 9148] set_robust_list(0x7f67138b29a0, 24 [pid 9147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9148] <... set_robust_list resumed>) = 0 [pid 9146] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9145] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9148] rt_sigprocmask(SIG_SETMASK, [], [pid 9147] memfd_create("syzkaller", 0 [pid 9145] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9147] <... memfd_create resumed>) = 3 [pid 9141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9144] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9141] <... openat resumed>) = 3 [pid 9148] memfd_create("syzkaller", 0 [pid 9147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9141] chdir("./file0" [pid 9148] <... memfd_create resumed>) = 3 [pid 9147] <... mmap resumed>) = 0x7f670b400000 [pid 9144] <... openat resumed>) = 4 [pid 9141] <... chdir resumed>) = 0 [pid 9144] ioctl(4, LOOP_SET_FD, 3 [pid 9141] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9144] <... ioctl resumed>) = 0 [pid 9141] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9141] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9139] <... futex resumed>) = 0 [pid 9141] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9144] close(3 [pid 9148] <... mmap resumed>) = 0x7f670b400000 [pid 9139] exit_group(0) = ? [pid 9144] <... close resumed>) = 0 [pid 9141] <... futex resumed>) = ? [pid 9141] +++ exited with 0 +++ [pid 9139] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9139, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 9144] close(4 [pid 9142] <... mount resumed>) = 0 [pid 9144] <... close resumed>) = 0 [pid 9144] mkdir("./file0", 0777) = 0 [pid 9142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9144] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9142] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9142] chdir("./file0" [pid 5065] <... openat resumed>) = 3 [pid 9142] <... chdir resumed>) = 0 [pid 9142] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5065] newfstatat(3, "", [pid 9142] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9142] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9147] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9142] <... futex resumed>) = 1 [pid 9140] <... futex resumed>) = 0 [ 329.188754][ T9144] loop4: detected capacity change from 0 to 4096 [pid 9140] exit_group(0 [pid 5065] getdents64(3, [pid 9140] <... exit_group resumed>) = ? [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9142] +++ exited with 0 +++ [pid 9140] +++ exited with 0 +++ [pid 5065] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9140, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5065] unlink("./405/binderfs") = 0 [pid 5065] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5063] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./409/binderfs", [pid 9148] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... umount2 resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] unlink("./409/binderfs" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9144] <... mount resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 9147] <... write resumed>) = 2097152 [pid 9144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./405/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9144] <... openat resumed>) = 3 [pid 9144] chdir("./file0" [pid 9147] munmap(0x7f670b400000, 138412032 [pid 5065] <... openat resumed>) = 4 [pid 9147] <... munmap resumed>) = 0 [pid 9144] <... chdir resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 9147] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9148] <... write resumed>) = 2097152 [pid 9147] <... openat resumed>) = 4 [pid 9144] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] getdents64(4, [pid 5063] <... umount2 resumed>) = 0 [pid 9144] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9144] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] getdents64(4, [pid 9144] <... futex resumed>) = 1 [pid 9143] <... futex resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9144] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9143] exit_group(0 [pid 5065] close(4 [pid 9148] munmap(0x7f670b400000, 138412032 [pid 9147] ioctl(4, LOOP_SET_FD, 3 [pid 5063] newfstatat(AT_FDCWD, "./409/file0", [pid 9144] <... futex resumed>) = ? [pid 9143] <... exit_group resumed>) = ? [pid 5065] <... close resumed>) = 0 [pid 9144] +++ exited with 0 +++ [pid 9143] +++ exited with 0 +++ [pid 5065] rmdir("./405/file0" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9143, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./405") = 0 [pid 5065] mkdir("./406", 0777) = 0 [pid 5066] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9147] <... ioctl resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] <... openat resumed>) = 3 [pid 5063] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9147] close(3 [pid 5066] newfstatat(AT_FDCWD, "./404/binderfs", [pid 9147] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... openat resumed>) = 4 [pid 9147] close(4 [pid 5066] unlink("./404/binderfs" [pid 9148] <... munmap resumed>) = 0 [pid 9147] <... close resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 9148] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9147] mkdir("./file0", 0777 [pid 5066] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9148] <... openat resumed>) = 4 [pid 9147] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9148] ioctl(4, LOOP_SET_FD, 3 [pid 9147] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5063] getdents64(4, [pid 5066] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./404/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4 [pid 5066] getdents64(4, [pid 5063] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] rmdir("./409/file0" [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] rmdir("./404/file0" [pid 5063] getdents64(3, [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9148] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 9148] close(3 [pid 5066] rmdir("./404" [pid 5063] close(3 [pid 9148] <... close resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 9148] close(4 [pid 5063] rmdir("./409" [pid 9148] <... close resumed>) = 0 [pid 9148] mkdir("./file0", 0777 [pid 5066] mkdir("./405", 0777 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./410", 0777) = 0 [pid 9148] <... mkdir resumed>) = 0 [pid 9147] <... mount resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 329.347667][ T9147] loop2: detected capacity change from 0 to 4096 [ 329.364552][ T9148] loop0: detected capacity change from 0 to 4096 [pid 9148] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 9147] <... openat resumed>) = 3 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9147] chdir("./file0" [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5063] <... openat resumed>) = 3 [pid 9147] <... chdir resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9147] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5065] <... ioctl resumed>) = 0 [pid 9147] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9147] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9146] <... futex resumed>) = 0 [pid 9146] exit_group(0) = ? [pid 5065] close(3 [pid 9147] <... futex resumed>) = ? [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9149 attached [pid 9147] +++ exited with 0 +++ [pid 9146] +++ exited with 0 +++ [pid 9149] set_robust_list(0x5555569076a0, 24 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9146, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 9149] <... set_robust_list resumed>) = 0 [pid 9149] chdir("./406" [pid 5064] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9149] <... chdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9149] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9149 [pid 5064] <... openat resumed>) = 3 [pid 9149] <... prctl resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 9149] setpgid(0, 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9149] <... setpgid resumed>) = 0 [pid 5064] getdents64(3, [pid 9149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9149] <... openat resumed>) = 3 [pid 5064] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9149] write(3, "1000", 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9149] <... write resumed>) = 4 [pid 5064] newfstatat(AT_FDCWD, "./407/binderfs", [pid 9149] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9149] <... close resumed>) = 0 [pid 5064] unlink("./407/binderfs" [pid 9149] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... unlink resumed>) = 0 [pid 9149] <... symlink resumed>) = 0 [pid 9149] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9149] <... futex resumed>) = 0 [pid 9149] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9149] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9150 attached [pid 9150] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9149] <... clone3 resumed> => {parent_tid=[9150]}, 88) = 9150 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9150] <... rseq resumed>) = 0 [pid 9149] rt_sigprocmask(SIG_SETMASK, [], [pid 9150] set_robust_list(0x7f67138b29a0, 24 [pid 9149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9150] <... set_robust_list resumed>) = 0 [pid 9149] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] close(3 [pid 9150] rt_sigprocmask(SIG_SETMASK, [], [pid 9149] <... futex resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9149] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] close(3 [pid 9150] memfd_create("syzkaller", 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./407/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 9151 attached [pid 9148] <... mount resumed>) = 0 [pid 5064] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9150] <... memfd_create resumed>) = 3 [pid 9148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9151 [pid 5064] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9148] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 4 [pid 9150] <... mmap resumed>) = 0x7f670b400000 [pid 9148] chdir("./file0" [pid 5064] newfstatat(4, "", [pid 9148] <... chdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9148] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] getdents64(4, ./strace-static-x86_64: Process 9152 attached [pid 9151] set_robust_list(0x5555569076a0, 24 [pid 9148] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9151] <... set_robust_list resumed>) = 0 [pid 9152] set_robust_list(0x5555569076a0, 24 [pid 9148] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] getdents64(4, [pid 9151] chdir("./405" [pid 9152] <... set_robust_list resumed>) = 0 [pid 9148] <... futex resumed>) = 1 [pid 9145] <... futex resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9148] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9145] exit_group(0 [pid 5064] close(4 [pid 9148] <... futex resumed>) = ? [pid 9145] <... exit_group resumed>) = ? [pid 5064] <... close resumed>) = 0 [pid 9152] chdir("./410" [pid 9148] +++ exited with 0 +++ [pid 9145] +++ exited with 0 +++ [pid 5064] rmdir("./407/file0") = 0 [pid 9151] <... chdir resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9145, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 9152] <... chdir resumed>) = 0 [pid 5064] getdents64(3, [pid 9152] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9152] <... prctl resumed>) = 0 [pid 9151] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9152 [pid 9152] setpgid(0, 0 [pid 9151] <... prctl resumed>) = 0 [pid 5064] close(3 [pid 9152] <... setpgid resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 9152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9151] setpgid(0, 0 [pid 5064] rmdir("./407" [pid 9151] <... setpgid resumed>) = 0 [pid 9151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] <... rmdir resumed>) = 0 [pid 9151] write(3, "1000", 4 [pid 5062] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9152] <... openat resumed>) = 3 [pid 9151] <... write resumed>) = 4 [pid 5064] mkdir("./408", 0777 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9151] close(3 [pid 9152] write(3, "1000", 4) = 4 [pid 9151] <... close resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9152] close(3 [pid 9151] symlink("/dev/binderfs", "./binderfs" [pid 9152] <... close resumed>) = 0 [pid 9152] symlink("/dev/binderfs", "./binderfs" [pid 9151] <... symlink resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 9151] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] newfstatat(3, "", [pid 9151] <... futex resumed>) = 0 [pid 9152] <... symlink resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9151] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] getdents64(3, [pid 9151] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9152] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9151] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9152] <... futex resumed>) = 0 [pid 9151] <... mmap resumed>) = 0x7f6713892000 [pid 5064] <... openat resumed>) = 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9151] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] newfstatat(AT_FDCWD, "./402/binderfs", [pid 9152] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9151] <... mprotect resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9151] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9152] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] unlink("./402/binderfs" [pid 9152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9151] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5062] <... unlink resumed>) = 0 [pid 9152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9152] <... mmap resumed>) = 0x7f6713892000 [pid 9152] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... umount2 resumed>) = 0 [pid 9151] <... clone3 resumed> => {parent_tid=[9153]}, 88) = 9153 [pid 5062] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9151] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9152] <... mprotect resumed>) = 0 [pid 9152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] newfstatat(AT_FDCWD, "./402/file0", [pid 9152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9153 attached ./strace-static-x86_64: Process 9154 attached [pid 9153] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9152] <... clone3 resumed> => {parent_tid=[9154]}, 88) = 9154 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9154] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9154] set_robust_list(0x7f67138b29a0, 24 [pid 9152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9154] <... set_robust_list resumed>) = 0 [pid 9153] <... rseq resumed>) = 0 [pid 9152] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9154] rt_sigprocmask(SIG_SETMASK, [], [pid 9153] set_robust_list(0x7f67138b29a0, 24 [pid 9152] <... futex resumed>) = 0 [pid 9151] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9153] <... set_robust_list resumed>) = 0 [pid 9152] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9151] <... futex resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9153] rt_sigprocmask(SIG_SETMASK, [], [pid 9151] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9153] memfd_create("syzkaller", 0 [pid 5062] <... openat resumed>) = 4 [pid 9154] memfd_create("syzkaller", 0) = 3 [pid 9154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9153] <... memfd_create resumed>) = 3 [pid 5062] newfstatat(4, "", [pid 9154] <... mmap resumed>) = 0x7f670b400000 [pid 9153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9150] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9153] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./402/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./402") = 0 [pid 5062] mkdir("./403", 0777) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] close(3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 9155 ./strace-static-x86_64: Process 9155 attached [pid 9155] set_robust_list(0x5555569076a0, 24) = 0 [pid 9155] chdir("./408") = 0 [pid 9154] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9155] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9153] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9150] <... write resumed>) = 2097152 [pid 9155] <... prctl resumed>) = 0 [pid 9155] setpgid(0, 0) = 0 [pid 9155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... ioctl resumed>) = 0 [pid 9155] <... openat resumed>) = 3 [pid 9150] munmap(0x7f670b400000, 138412032 [pid 9155] write(3, "1000", 4 [pid 9150] <... munmap resumed>) = 0 [pid 9155] <... write resumed>) = 4 [pid 9155] close(3) = 0 [pid 9155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9155] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9155] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9155] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9155] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9155] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9150] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9150] <... openat resumed>) = 4 [pid 9150] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 9156 attached [pid 9155] <... clone3 resumed> => {parent_tid=[9156]}, 88) = 9156 [pid 9156] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9156] <... rseq resumed>) = 0 [pid 9155] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9156] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9155] <... futex resumed>) = 0 [pid 5062] close(3 [pid 9156] rt_sigprocmask(SIG_SETMASK, [], [pid 9155] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556907690) = 9157 ./strace-static-x86_64: Process 9157 attached [pid 9157] set_robust_list(0x5555569076a0, 24) = 0 [pid 9157] chdir("./403") = 0 [pid 9157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9157] setpgid(0, 0) = 0 [pid 9156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9150] <... ioctl resumed>) = 0 [pid 9156] memfd_create("syzkaller", 0 [pid 9157] <... openat resumed>) = 3 [pid 9156] <... memfd_create resumed>) = 3 [pid 9150] close(3 [pid 9156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9150] <... close resumed>) = 0 [pid 9157] write(3, "1000", 4 [pid 9150] close(4 [pid 9157] <... write resumed>) = 4 [pid 9150] <... close resumed>) = 0 [pid 9157] close(3 [pid 9150] mkdir("./file0", 0777 [pid 9157] <... close resumed>) = 0 [pid 9150] <... mkdir resumed>) = 0 [pid 9157] symlink("/dev/binderfs", "./binderfs" [pid 9150] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9157] <... symlink resumed>) = 0 [pid 9154] <... write resumed>) = 2097152 [pid 9154] munmap(0x7f670b400000, 138412032 [pid 9157] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9157] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9153] <... write resumed>) = 2097152 [pid 9157] <... mmap resumed>) = 0x7f6713892000 [pid 9157] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9153] munmap(0x7f670b400000, 138412032 [pid 9157] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9153] <... munmap resumed>) = 0 [pid 9157] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9158 attached [pid 9158] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9157] <... clone3 resumed> => {parent_tid=[9158]}, 88) = 9158 [pid 9154] <... munmap resumed>) = 0 [pid 9157] rt_sigprocmask(SIG_SETMASK, [], [pid 9158] <... rseq resumed>) = 0 [pid 9157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9158] set_robust_list(0x7f67138b29a0, 24 [pid 9157] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9158] <... set_robust_list resumed>) = 0 [pid 9157] <... futex resumed>) = 0 [pid 9153] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9158] rt_sigprocmask(SIG_SETMASK, [], [ 329.731800][ T9150] loop3: detected capacity change from 0 to 4096 [pid 9157] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9153] <... openat resumed>) = 4 [pid 9154] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9158] memfd_create("syzkaller", 0 [pid 9153] ioctl(4, LOOP_SET_FD, 3 [pid 9154] <... openat resumed>) = 4 [pid 9158] <... memfd_create resumed>) = 3 [pid 9154] ioctl(4, LOOP_SET_FD, 3 [pid 9158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9153] <... ioctl resumed>) = 0 [pid 9153] close(3) = 0 [pid 9153] close(4) = 0 [pid 9153] mkdir("./file0", 0777) = 0 [pid 9158] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9153] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [ 329.798187][ T9153] loop4: detected capacity change from 0 to 4096 [ 329.798635][ T9154] loop1: detected capacity change from 0 to 4096 [pid 9156] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9154] <... ioctl resumed>) = 0 [pid 9150] <... mount resumed>) = 0 [pid 9154] close(3 [pid 9150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9154] <... close resumed>) = 0 [pid 9154] close(4 [pid 9150] chdir("./file0") = 0 [pid 9154] <... close resumed>) = 0 [pid 9154] mkdir("./file0", 0777 [pid 9150] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9154] <... mkdir resumed>) = 0 [pid 9150] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9154] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9150] <... futex resumed>) = 1 [pid 9150] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9149] <... futex resumed>) = 0 [pid 9149] exit_group(0 [pid 9150] <... futex resumed>) = ? [pid 9149] <... exit_group resumed>) = ? [pid 9150] +++ exited with 0 +++ [pid 9153] <... mount resumed>) = 0 [pid 9153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9156] <... write resumed>) = 2097152 [pid 9153] chdir("./file0" [pid 9149] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9149, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 9153] <... chdir resumed>) = 0 [pid 5065] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9153] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9153] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 9156] munmap(0x7f670b400000, 138412032 [pid 9153] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./406/binderfs") = 0 [pid 9153] <... futex resumed>) = 1 [pid 9151] <... futex resumed>) = 0 [pid 9153] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9151] exit_group(0 [pid 9153] <... futex resumed>) = ? [pid 9151] <... exit_group resumed>) = ? [pid 9153] +++ exited with 0 +++ [pid 9154] <... mount resumed>) = 0 [pid 5065] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 9154] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9154] chdir("./file0") = 0 [pid 9151] +++ exited with 0 +++ [pid 9154] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9151, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5065] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9156] <... munmap resumed>) = 0 [pid 9154] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9156] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9154] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] newfstatat(AT_FDCWD, "./406/file0", [pid 9156] <... openat resumed>) = 4 [pid 9154] <... futex resumed>) = 1 [pid 9152] <... futex resumed>) = 0 [pid 5066] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9156] ioctl(4, LOOP_SET_FD, 3 [pid 9154] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9152] exit_group(0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9154] <... futex resumed>) = ? [pid 9152] <... exit_group resumed>) = ? [pid 5066] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 5065] <... openat resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(4, "", [pid 9154] +++ exited with 0 +++ [pid 9152] +++ exited with 0 +++ [pid 5066] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9152, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5066] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, [pid 5063] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(AT_FDCWD, "./405/binderfs", [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(4 [pid 5063] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5065] rmdir("./406/file0" [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(3, [pid 5063] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] unlink("./405/binderfs" [pid 5065] close(3 [pid 5063] newfstatat(AT_FDCWD, "./410/binderfs", [pid 5065] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5065] rmdir("./406" [pid 5063] unlink("./410/binderfs" [pid 5066] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... unlink resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] mkdir("./407", 0777 [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9156] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... mkdir resumed>) = 0 [pid 9156] close(3 [pid 5063] newfstatat(AT_FDCWD, "./410/file0", [pid 9156] <... close resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9156] close(4) = 0 [pid 5063] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9156] mkdir("./file0", 0777 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9158] <... write resumed>) = 2097152 [pid 5066] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9158] munmap(0x7f670b400000, 138412032 [pid 9156] <... mkdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(4, "", [pid 9156] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 9158] <... munmap resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./405/file0", [pid 9158] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9158] <... openat resumed>) = 4 [pid 5066] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9158] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] getdents64(4, [ 329.949730][ T9156] loop2: detected capacity change from 0 to 4096 [pid 5066] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./410/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./410") = 0 [pid 9158] <... ioctl resumed>) = 0 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 9158] close(3 [pid 5066] getdents64(4, [pid 5063] mkdir("./411", 0777 [pid 9158] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 9158] close(4 [pid 5066] close(4 [pid 9158] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 9158] mkdir("./file0", 0777 [pid 5066] rmdir("./405/file0" [pid 9158] <... mkdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 9158] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5066] getdents64(3, [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./405") = 0 [pid 5066] mkdir("./406", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [ 329.990321][ T9158] loop0: detected capacity change from 0 to 4096 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 9156] <... mount resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 9156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9156] <... openat resumed>) = 3 [pid 9156] chdir("./file0") = 0 [pid 9156] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9156] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9156] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9155] <... futex resumed>) = 0 [pid 9155] exit_group(0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9159 ./strace-static-x86_64: Process 9159 attached [pid 9158] <... mount resumed>) = 0 [pid 9159] set_robust_list(0x5555569076a0, 24 [pid 9155] <... exit_group resumed>) = ? [pid 9159] <... set_robust_list resumed>) = 0 [pid 9156] <... futex resumed>) = ? [pid 9159] chdir("./407" [pid 9156] +++ exited with 0 +++ [pid 9159] <... chdir resumed>) = 0 [pid 9158] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9155] +++ exited with 0 +++ [pid 5063] <... ioctl resumed>) = 0 [pid 9159] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9155, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 9159] <... prctl resumed>) = 0 [pid 9158] <... openat resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9159] setpgid(0, 0 [pid 9158] chdir("./file0" [pid 5066] <... ioctl resumed>) = 0 [pid 5064] getdents64(3, [pid 9159] <... setpgid resumed>) = 0 [pid 9158] <... chdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] close(3 [pid 9159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9158] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... close resumed>) = 0 [pid 5064] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] close(3 [pid 9159] <... openat resumed>) = 3 [pid 9158] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9159] write(3, "1000", 4 [pid 9158] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] newfstatat(AT_FDCWD, "./408/binderfs", [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9159] <... write resumed>) = 4 [pid 9158] <... futex resumed>) = 1 [pid 9157] <... futex resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 9160 attached [pid 9159] close(3 [pid 9158] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9157] exit_group(0 [pid 5064] unlink("./408/binderfs" [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9160 ./strace-static-x86_64: Process 9161 attached [pid 9160] set_robust_list(0x5555569076a0, 24 [pid 9159] <... close resumed>) = 0 [pid 9158] <... futex resumed>) = ? [pid 9157] <... exit_group resumed>) = ? [pid 5064] <... unlink resumed>) = 0 [pid 9161] set_robust_list(0x5555569076a0, 24 [pid 9160] <... set_robust_list resumed>) = 0 [pid 9159] symlink("/dev/binderfs", "./binderfs" [pid 9158] +++ exited with 0 +++ [pid 9161] <... set_robust_list resumed>) = 0 [pid 9160] chdir("./411" [pid 9159] <... symlink resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9161 [pid 5064] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9161] chdir("./406" [pid 9160] <... chdir resumed>) = 0 [pid 9159] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = 0 [pid 9161] <... chdir resumed>) = 0 [pid 9159] <... futex resumed>) = 0 [pid 5064] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9160] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9161] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9160] <... prctl resumed>) = 0 [pid 9159] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9157] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9161] <... prctl resumed>) = 0 [pid 9160] setpgid(0, 0 [pid 9159] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] newfstatat(AT_FDCWD, "./408/file0", [pid 9161] setpgid(0, 0 [pid 9160] <... setpgid resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9157, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 9161] <... setpgid resumed>) = 0 [pid 9160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 9161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9160] <... openat resumed>) = 3 [pid 5062] <... restart_syscall resumed>) = 0 [pid 9161] <... openat resumed>) = 3 [pid 9160] write(3, "1000", 4 [pid 9161] write(3, "1000", 4 [pid 9160] <... write resumed>) = 4 [pid 9161] <... write resumed>) = 4 [pid 9160] close(3 [pid 5062] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9161] close(3 [pid 9160] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9161] <... close resumed>) = 0 [pid 9160] symlink("/dev/binderfs", "./binderfs" [pid 5062] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9161] symlink("/dev/binderfs", "./binderfs" [pid 9160] <... symlink resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 9161] <... symlink resumed>) = 0 [pid 9160] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] newfstatat(3, "", [pid 9161] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9160] <... futex resumed>) = 0 [pid 9159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9161] <... futex resumed>) = 0 [pid 9160] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] getdents64(3, [pid 9161] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9160] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9159] <... mmap resumed>) = 0x7f6713892000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9161] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9160] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9159] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9159] <... mprotect resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./403/binderfs", [pid 5064] newfstatat(4, "", [pid 9161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9159] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] unlink("./403/binderfs" [pid 9161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9160] <... mmap resumed>) = 0x7f6713892000 [pid 9159] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] getdents64(4, [pid 5062] <... unlink resumed>) = 0 [pid 9161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9160] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9162 attached [pid 9161] <... mmap resumed>) = 0x7f6713892000 [pid 9160] <... mprotect resumed>) = 0 [pid 5064] getdents64(4, [pid 5062] <... umount2 resumed>) = 0 [pid 9162] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9161] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9160] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9159] <... clone3 resumed> => {parent_tid=[9162]}, 88) = 9162 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9162] <... rseq resumed>) = 0 [pid 9161] <... mprotect resumed>) = 0 [pid 9160] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9159] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] close(4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9162] set_robust_list(0x7f67138b29a0, 24 [pid 9161] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... close resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./403/file0", ./strace-static-x86_64: Process 9163 attached [pid 9162] <... set_robust_list resumed>) = 0 [pid 9161] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9159] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] rmdir("./408/file0" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9163] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9162] rt_sigprocmask(SIG_SETMASK, [], [pid 9161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9160] <... clone3 resumed> => {parent_tid=[9163]}, 88) = 9163 [pid 9159] <... futex resumed>) = 0 [pid 5062] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9164 attached [pid 9163] <... rseq resumed>) = 0 [pid 9162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9160] rt_sigprocmask(SIG_SETMASK, [], [pid 9159] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9164] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9163] set_robust_list(0x7f67138b29a0, 24 [pid 9161] <... clone3 resumed> => {parent_tid=[9164]}, 88) = 9164 [pid 9160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9164] <... rseq resumed>) = 0 [pid 9163] <... set_robust_list resumed>) = 0 [pid 9161] rt_sigprocmask(SIG_SETMASK, [], [pid 9160] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... openat resumed>) = 4 [pid 9164] set_robust_list(0x7f67138b29a0, 24 [pid 9163] rt_sigprocmask(SIG_SETMASK, [], [pid 9162] memfd_create("syzkaller", 0 [pid 9161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9160] <... futex resumed>) = 0 [pid 5062] newfstatat(4, "", [pid 9164] <... set_robust_list resumed>) = 0 [pid 9163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9161] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9160] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9164] rt_sigprocmask(SIG_SETMASK, [], [pid 9163] memfd_create("syzkaller", 0 [pid 9162] <... memfd_create resumed>) = 3 [pid 9161] <... futex resumed>) = 0 [pid 5064] getdents64(3, [pid 5062] getdents64(4, [pid 9164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9163] <... memfd_create resumed>) = 3 [pid 9162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9161] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9162] <... mmap resumed>) = 0x7f670b400000 [pid 5064] close(3 [pid 9164] memfd_create("syzkaller", 0 [pid 9163] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... close resumed>) = 0 [pid 5062] getdents64(4, [pid 5064] rmdir("./408" [pid 9164] <... memfd_create resumed>) = 3 [pid 9164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] mkdir("./409", 0777 [pid 5062] close(4 [pid 5064] <... mkdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./403/file0" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, [pid 5064] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] close(3) = 0 [pid 5062] rmdir("./403" [pid 9162] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] mkdir("./404", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9164] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9163] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9162] <... write resumed>) = 2097152 [pid 9162] munmap(0x7f670b400000, 138412032 [pid 9164] <... write resumed>) = 2097152 [pid 9163] <... write resumed>) = 2097152 [pid 9163] munmap(0x7f670b400000, 138412032 [pid 9164] munmap(0x7f670b400000, 138412032 [pid 9162] <... munmap resumed>) = 0 [pid 9162] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9162] ioctl(4, LOOP_SET_FD, 3 [pid 9164] <... munmap resumed>) = 0 [pid 9162] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 9164] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9163] <... munmap resumed>) = 0 [pid 9162] close(3 [pid 5064] close(3 [pid 9164] <... openat resumed>) = 4 [pid 9162] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 9164] ioctl(4, LOOP_SET_FD, 3 [pid 9162] close(4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9163] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9163] ioctl(4, LOOP_SET_FD, 3 [pid 9162] <... close resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9165 [pid 9162] mkdir("./file0", 0777) = 0 [pid 9162] mount("/dev/loop3", "./file0", "ntfs3", 0, ""./strace-static-x86_64: Process 9165 attached [pid 9165] set_robust_list(0x5555569076a0, 24) = 0 [pid 9165] chdir("./409") = 0 [pid 9165] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5062] close(3 [pid 9165] <... prctl resumed>) = 0 [pid 9165] setpgid(0, 0) = 0 [pid 9165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... close resumed>) = 0 [pid 9165] <... openat resumed>) = 3 [pid 9165] write(3, "1000", 4) = 4 [pid 9164] <... ioctl resumed>) = 0 [pid 9165] close(3 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9165] <... close resumed>) = 0 [pid 9164] close(3 [pid 9165] symlink("/dev/binderfs", "./binderfs" [pid 9164] <... close resumed>) = 0 [pid 9165] <... symlink resumed>) = 0 [pid 9164] close(4 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9166 [pid 9164] <... close resumed>) = 0 ./strace-static-x86_64: Process 9166 attached [pid 9164] mkdir("./file0", 0777 [pid 9163] <... ioctl resumed>) = 0 [pid 9166] set_robust_list(0x5555569076a0, 24 [pid 9165] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9163] close(3 [pid 9165] <... futex resumed>) = 0 [pid 9164] <... mkdir resumed>) = 0 [pid 9166] <... set_robust_list resumed>) = 0 [pid 9165] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9164] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9166] chdir("./404" [pid 9165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9166] <... chdir resumed>) = 0 [pid 9165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9163] <... close resumed>) = 0 [pid 9166] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9163] close(4 [pid 9166] <... prctl resumed>) = 0 [pid 9165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9166] setpgid(0, 0 [pid 9165] <... mmap resumed>) = 0x7f6713892000 [pid 9163] <... close resumed>) = 0 [pid 9166] <... setpgid resumed>) = 0 [pid 9165] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9163] mkdir("./file0", 0777 [pid 9166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9165] <... mprotect resumed>) = 0 [pid 9166] <... openat resumed>) = 3 [ 330.358507][ T9162] loop3: detected capacity change from 0 to 4096 [ 330.374150][ T9164] loop4: detected capacity change from 0 to 4096 [ 330.385031][ T9163] loop1: detected capacity change from 0 to 4096 [pid 9165] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9166] write(3, "1000", 4 [pid 9163] <... mkdir resumed>) = 0 [pid 9162] <... mount resumed>) = 0 [pid 9166] <... write resumed>) = 4 [pid 9165] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9163] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9166] close(3 [pid 9165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9162] <... openat resumed>) = 3 [pid 9166] <... close resumed>) = 0 [pid 9162] chdir("./file0" [pid 9166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9162] <... chdir resumed>) = 0 [pid 9162] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9166] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9162] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 9167 attached [pid 9166] <... futex resumed>) = 0 [pid 9166] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9165] <... clone3 resumed> => {parent_tid=[9167]}, 88) = 9167 [pid 9167] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9166] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9165] rt_sigprocmask(SIG_SETMASK, [], [pid 9164] <... mount resumed>) = 0 [pid 9162] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9167] <... rseq resumed>) = 0 [pid 9166] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9162] <... futex resumed>) = 1 [pid 9159] <... futex resumed>) = 0 [pid 9167] set_robust_list(0x7f67138b29a0, 24 [pid 9166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9165] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9164] <... openat resumed>) = 3 [pid 9162] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9159] exit_group(0 [pid 9167] <... set_robust_list resumed>) = 0 [pid 9166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9165] <... futex resumed>) = 0 [pid 9164] chdir("./file0" [pid 9162] <... futex resumed>) = ? [pid 9159] <... exit_group resumed>) = ? [pid 9167] rt_sigprocmask(SIG_SETMASK, [], [pid 9166] <... mmap resumed>) = 0x7f6713892000 [pid 9165] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9164] <... chdir resumed>) = 0 [pid 9163] <... mount resumed>) = 0 [pid 9162] +++ exited with 0 +++ [pid 9159] +++ exited with 0 +++ [pid 9167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9166] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9164] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9159, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 9163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9164] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9163] <... openat resumed>) = 3 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 9166] <... mprotect resumed>) = 0 [pid 9164] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... restart_syscall resumed>) = 0 [pid 9166] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9164] <... futex resumed>) = 1 [pid 9163] chdir("./file0" [pid 9161] <... futex resumed>) = 0 [pid 9167] memfd_create("syzkaller", 0 [pid 9166] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9164] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9163] <... chdir resumed>) = 0 [pid 9161] exit_group(0 [pid 9167] <... memfd_create resumed>) = 3 [pid 9166] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9164] <... futex resumed>) = ? [pid 9163] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9161] <... exit_group resumed>) = ? [pid 5065] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9168 attached [pid 9167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9164] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9168] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5065] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9168] <... rseq resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 9168] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5065] newfstatat(3, "", [pid 9168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9168] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9161] +++ exited with 0 +++ [pid 9167] <... mmap resumed>) = 0x7f670b400000 [pid 9166] <... clone3 resumed> => {parent_tid=[9168]}, 88) = 9168 [pid 9163] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] getdents64(3, [pid 9166] rt_sigprocmask(SIG_SETMASK, [], [pid 9163] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9161, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9163] <... futex resumed>) = 1 [pid 5066] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9166] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9163] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9168] <... futex resumed>) = 0 [pid 9166] <... futex resumed>) = 1 [pid 5066] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9168] memfd_create("syzkaller", 0 [pid 9166] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9160] <... futex resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 5065] newfstatat(AT_FDCWD, "./407/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9168] <... memfd_create resumed>) = 3 [pid 9160] exit_group(0 [pid 5066] getdents64(3, [pid 5065] unlink("./407/binderfs" [pid 9168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9163] <... futex resumed>) = ? [pid 9160] <... exit_group resumed>) = ? [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... unlink resumed>) = 0 [pid 9168] <... mmap resumed>) = 0x7f670b400000 [pid 9163] +++ exited with 0 +++ [pid 5066] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9160] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(AT_FDCWD, "./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9160, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5066] unlink("./406/binderfs" [pid 5063] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... unlink resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./406/file0", [pid 5065] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(AT_FDCWD, "./411/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] unlink("./411/binderfs" [pid 5066] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... unlink resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(4, "", [pid 5065] newfstatat(AT_FDCWD, "./407/file0", [pid 5063] <... umount2 resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5065] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(4, [pid 5065] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5063] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(4 [pid 5065] newfstatat(4, "", [pid 5066] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] rmdir("./406/file0" [pid 5065] getdents64(4, [pid 5063] newfstatat(AT_FDCWD, "./411/file0", [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9167] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] getdents64(3, [pid 5065] getdents64(4, [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5065] close(4 [pid 5063] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] rmdir("./406" [pid 5065] rmdir("./407/file0" [pid 5063] <... openat resumed>) = 4 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 5066] mkdir("./407", 0777 [pid 5065] getdents64(3, [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] getdents64(4, [pid 5065] close(3 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... close resumed>) = 0 [pid 5063] getdents64(4, [pid 5065] rmdir("./407" [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] close(4 [pid 5065] mkdir("./408", 0777 [pid 5063] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... mkdir resumed>) = 0 [pid 5063] rmdir("./411/file0" [pid 5066] <... openat resumed>) = 3 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5063] getdents64(3, [pid 5066] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] close(3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 5063] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5063] rmdir("./411" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./412", 0777./strace-static-x86_64: Process 9170 attached ) = 0 [pid 9170] set_robust_list(0x5555569076a0, 24) = 0 [pid 9170] chdir("./408" [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9169 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9170 [pid 9170] <... chdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 9169 attached [pid 9170] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9168] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9170] <... prctl resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 9170] setpgid(0, 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9170] <... setpgid resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] close(3 [pid 9169] set_robust_list(0x5555569076a0, 24 [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9169] <... set_robust_list resumed>) = 0 [pid 9169] chdir("./407") = 0 [pid 9169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9170] <... openat resumed>) = 3 [pid 9169] setpgid(0, 0) = 0 [pid 9170] write(3, "1000", 4 [pid 9169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9170] <... write resumed>) = 4 [pid 9169] <... openat resumed>) = 3 [pid 9170] close(3) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9171 [pid 9170] symlink("/dev/binderfs", "./binderfs" [pid 9169] write(3, "1000", 4 [pid 9170] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 9171 attached [pid 9169] <... write resumed>) = 4 [pid 9170] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9171] set_robust_list(0x5555569076a0, 24 [pid 9170] <... futex resumed>) = 0 [pid 9169] close(3 [pid 9171] <... set_robust_list resumed>) = 0 [pid 9170] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9169] <... close resumed>) = 0 [pid 9171] chdir("./412" [pid 9169] symlink("/dev/binderfs", "./binderfs" [pid 9170] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9171] <... chdir resumed>) = 0 [pid 9169] <... symlink resumed>) = 0 [pid 9170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9171] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9169] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9171] <... prctl resumed>) = 0 [pid 9170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9169] <... futex resumed>) = 0 [pid 9171] setpgid(0, 0 [pid 9170] <... mmap resumed>) = 0x7f6713892000 [pid 9171] <... setpgid resumed>) = 0 [pid 9170] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9170] <... mprotect resumed>) = 0 [pid 9169] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9171] <... openat resumed>) = 3 [pid 9170] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9169] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9171] write(3, "1000", 4 [pid 9170] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9171] <... write resumed>) = 4 [pid 9170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9171] close(3 [pid 9169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9171] <... close resumed>) = 0 [pid 9170] <... clone3 resumed> => {parent_tid=[9172]}, 88) = 9172 [pid 9169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 9172 attached [pid 9171] symlink("/dev/binderfs", "./binderfs" [pid 9170] rt_sigprocmask(SIG_SETMASK, [], [pid 9172] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9171] <... symlink resumed>) = 0 [pid 9169] <... mmap resumed>) = 0x7f6713892000 [pid 9169] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9172] <... rseq resumed>) = 0 [pid 9172] set_robust_list(0x7f67138b29a0, 24 [pid 9171] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9169] <... mprotect resumed>) = 0 [pid 9170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9171] <... futex resumed>) = 0 [pid 9170] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9172] <... set_robust_list resumed>) = 0 [pid 9171] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9170] <... futex resumed>) = 0 [pid 9171] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9170] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9172] rt_sigprocmask(SIG_SETMASK, [], [pid 9171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9169] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9171] <... mmap resumed>) = 0x7f6713892000 [pid 9172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9171] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9169] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9171] <... mprotect resumed>) = 0 [pid 9171] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9167] <... write resumed>) = 2097152 [pid 9172] memfd_create("syzkaller", 0 [pid 9171] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9167] munmap(0x7f670b400000, 138412032 [pid 9171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9174]}, 88) = 9174 [pid 9171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9171] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9171] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 9174 attached [pid 9174] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 ./strace-static-x86_64: Process 9173 attached [pid 9174] set_robust_list(0x7f67138b29a0, 24 [pid 9169] <... clone3 resumed> => {parent_tid=[9173]}, 88) = 9173 [pid 9174] <... set_robust_list resumed>) = 0 [pid 9172] <... memfd_create resumed>) = 3 [pid 9169] rt_sigprocmask(SIG_SETMASK, [], [pid 9174] rt_sigprocmask(SIG_SETMASK, [], [pid 9173] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9174] memfd_create("syzkaller", 0 [pid 9173] <... rseq resumed>) = 0 [pid 9172] <... mmap resumed>) = 0x7f670b400000 [pid 9169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9167] <... munmap resumed>) = 0 [pid 9174] <... memfd_create resumed>) = 3 [pid 9168] <... write resumed>) = 2097152 [pid 9174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9173] set_robust_list(0x7f67138b29a0, 24 [pid 9169] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9167] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9173] <... set_robust_list resumed>) = 0 [pid 9169] <... futex resumed>) = 0 [pid 9173] rt_sigprocmask(SIG_SETMASK, [], [pid 9169] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9167] <... openat resumed>) = 4 [pid 9168] munmap(0x7f670b400000, 138412032 [pid 9173] memfd_create("syzkaller", 0 [pid 9167] ioctl(4, LOOP_SET_FD, 3 [pid 9173] <... memfd_create resumed>) = 3 [pid 9173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9168] <... munmap resumed>) = 0 [pid 9173] <... mmap resumed>) = 0x7f670b400000 [pid 9168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9168] ioctl(4, LOOP_SET_FD, 3 [pid 9167] <... ioctl resumed>) = 0 [pid 9167] close(3) = 0 [pid 9167] close(4) = 0 [pid 9167] mkdir("./file0", 0777) = 0 [pid 9167] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9168] <... ioctl resumed>) = 0 [pid 9168] close(3) = 0 [pid 9168] close(4) = 0 [ 330.696438][ T9167] loop2: detected capacity change from 0 to 4096 [ 330.712734][ T9168] loop0: detected capacity change from 0 to 4096 [pid 9168] mkdir("./file0", 0777) = 0 [pid 9168] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9172] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9174] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9167] <... mount resumed>) = 0 [pid 9167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9167] chdir("./file0") = 0 [pid 9173] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9167] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9167] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9165] <... futex resumed>) = 0 [pid 9167] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9165] exit_group(0 [pid 9167] <... futex resumed>) = ? [pid 9165] <... exit_group resumed>) = ? [pid 9167] +++ exited with 0 +++ [pid 9165] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9165, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5064] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9168] <... mount resumed>) = 0 [pid 5064] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9168] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] newfstatat(AT_FDCWD, "./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./409/binderfs" [pid 9168] <... openat resumed>) = 3 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5064] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9168] chdir("./file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9168] <... chdir resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./409/file0", [pid 9168] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9168] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9168] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9168] <... futex resumed>) = 1 [pid 9166] <... futex resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9168] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9166] exit_group(0 [pid 5064] <... openat resumed>) = 4 [pid 9174] <... write resumed>) = 2097152 [pid 5064] newfstatat(4, "", [pid 9168] <... futex resumed>) = ? [pid 9166] <... exit_group resumed>) = ? [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9168] +++ exited with 0 +++ [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 9172] <... write resumed>) = 2097152 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./409/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 9166] +++ exited with 0 +++ [pid 5064] close(3) = 0 [pid 5064] rmdir("./409" [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9166, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5064] <... rmdir resumed>) = 0 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 9172] munmap(0x7f670b400000, 138412032 [pid 5062] <... restart_syscall resumed>) = 0 [pid 9174] munmap(0x7f670b400000, 138412032 [pid 5064] mkdir("./410", 0777 [pid 9173] <... write resumed>) = 2097152 [pid 9172] <... munmap resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5062] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9173] munmap(0x7f670b400000, 138412032 [pid 9172] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... openat resumed>) = 3 [pid 9172] <... openat resumed>) = 4 [pid 5064] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9172] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9174] <... munmap resumed>) = 0 [pid 9172] <... ioctl resumed>) = 0 [pid 5062] getdents64(3, [pid 9172] close(3) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9172] close(4 [pid 5062] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9172] <... close resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9174] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9174] ioctl(4, LOOP_SET_FD, 3 [pid 9172] mkdir("./file0", 0777 [pid 5062] newfstatat(AT_FDCWD, "./404/binderfs", [pid 9172] <... mkdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9173] <... munmap resumed>) = 0 [pid 9172] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5062] unlink("./404/binderfs" [pid 9173] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5062] <... unlink resumed>) = 0 [pid 9173] ioctl(4, LOOP_SET_FD, 3 [pid 5062] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5062] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9174] <... ioctl resumed>) = 0 [pid 9174] close(3 [pid 5062] newfstatat(AT_FDCWD, "./404/file0", [pid 9174] <... close resumed>) = 0 [pid 9174] close(4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9174] <... close resumed>) = 0 [pid 5062] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9174] mkdir("./file0", 0777) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9174] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9173] <... ioctl resumed>) = 0 [pid 5062] newfstatat(4, "", [pid 9173] close(3) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9173] close(4 [pid 5062] getdents64(4, [pid 9172] <... mount resumed>) = 0 [pid 9173] <... close resumed>) = 0 [pid 5064] close(3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, [pid 9173] mkdir("./file0", 0777 [pid 9172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... close resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9173] <... mkdir resumed>) = 0 [pid 9172] <... openat resumed>) = 3 [pid 5062] close(4 [pid 9172] chdir("./file0" [pid 5062] <... close resumed>) = 0 ./strace-static-x86_64: Process 9175 attached [pid 5062] rmdir("./404/file0" [pid 9172] <... chdir resumed>) = 0 [pid 9173] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9172] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... rmdir resumed>) = 0 [pid 9172] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9175] set_robust_list(0x5555569076a0, 24 [pid 9172] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9175] <... set_robust_list resumed>) = 0 [pid 9172] <... futex resumed>) = 1 [pid 9170] <... futex resumed>) = 0 [ 330.909194][ T9172] loop3: detected capacity change from 0 to 4096 [ 330.924632][ T9174] loop1: detected capacity change from 0 to 4096 [ 330.937152][ T9173] loop4: detected capacity change from 0 to 4096 [pid 9175] chdir("./410" [pid 9172] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9170] exit_group(0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9175 [pid 5062] getdents64(3, [pid 9175] <... chdir resumed>) = 0 [pid 9172] <... futex resumed>) = ? [pid 9170] <... exit_group resumed>) = ? [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9175] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9172] +++ exited with 0 +++ [pid 9170] +++ exited with 0 +++ [pid 9175] <... prctl resumed>) = 0 [pid 5062] close(3 [pid 9175] setpgid(0, 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9170, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=3 /* 0.03 s */} --- [pid 9175] <... setpgid resumed>) = 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 9175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... restart_syscall resumed>) = 0 [pid 9175] <... openat resumed>) = 3 [pid 5065] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9175] write(3, "1000", 4 [pid 5065] <... openat resumed>) = 3 [pid 9175] <... write resumed>) = 4 [pid 9175] close(3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9175] <... close resumed>) = 0 [pid 5065] getdents64(3, [pid 9175] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9175] <... symlink resumed>) = 0 [pid 5065] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] <... close resumed>) = 0 [pid 9175] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] newfstatat(AT_FDCWD, "./408/binderfs", [pid 9175] <... futex resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] rmdir("./404" [pid 9175] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] unlink("./408/binderfs") = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 9175] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] mkdir("./405", 0777 [pid 9175] <... mmap resumed>) = 0x7f6713892000 [pid 5065] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9175] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5062] <... mkdir resumed>) = 0 [pid 9175] <... mprotect resumed>) = 0 [pid 9174] <... mount resumed>) = 0 [pid 9175] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9175] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] <... openat resumed>) = 3 ./strace-static-x86_64: Process 9176 attached [pid 9174] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9176] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9175] <... clone3 resumed> => {parent_tid=[9176]}, 88) = 9176 [pid 9174] chdir("./file0" [pid 9176] <... rseq resumed>) = 0 [pid 9175] rt_sigprocmask(SIG_SETMASK, [], [pid 9176] set_robust_list(0x7f67138b29a0, 24 [pid 9175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9174] <... chdir resumed>) = 0 [pid 9176] <... set_robust_list resumed>) = 0 [pid 9175] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9174] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9176] rt_sigprocmask(SIG_SETMASK, [], [pid 9175] <... futex resumed>) = 0 [pid 9176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9175] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9174] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9176] memfd_create("syzkaller", 0 [pid 9174] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9171] <... futex resumed>) = 0 [pid 9171] exit_group(0) = ? [pid 9174] +++ exited with 0 +++ [pid 9171] +++ exited with 0 +++ [pid 9176] <... memfd_create resumed>) = 3 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9171, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 9176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... restart_syscall resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5063] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(AT_FDCWD, "./408/file0", [pid 5063] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] newfstatat(3, "", [pid 5065] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] getdents64(3, [pid 5065] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... openat resumed>) = 4 [pid 5063] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(4, "", [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] newfstatat(AT_FDCWD, "./412/binderfs", [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(4, [pid 5063] unlink("./412/binderfs" [pid 9173] <... mount resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9173] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] close(4 [pid 5063] <... unlink resumed>) = 0 [pid 9173] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5063] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9173] chdir("./file0" [pid 5065] rmdir("./408/file0" [pid 9173] <... chdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 9173] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... umount2 resumed>) = 0 [pid 5065] getdents64(3, [pid 9173] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9173] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] close(3 [pid 5063] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9173] <... futex resumed>) = 1 [pid 9169] <... futex resumed>) = 0 [pid 9173] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9169] exit_group(0 [pid 5065] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9173] <... futex resumed>) = ? [pid 9169] <... exit_group resumed>) = ? [pid 5065] rmdir("./408" [pid 9173] +++ exited with 0 +++ [pid 9169] +++ exited with 0 +++ [pid 5065] <... rmdir resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./412/file0", [pid 5065] mkdir("./409", 0777 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9169, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5065] <... mkdir resumed>) = 0 [pid 5063] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 5063] newfstatat(4, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] getdents64(4, [pid 5066] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./407/binderfs" [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./412/file0") = 0 [pid 5066] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5063] close(3 [pid 5062] <... ioctl resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./412") = 0 [pid 5063] mkdir("./413", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5066] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... ioctl resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./407/file0", [pid 5063] close(3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... close resumed>) = 0 [pid 5066] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9177 ./strace-static-x86_64: Process 9177 attached [pid 5066] <... openat resumed>) = 4 [pid 9177] set_robust_list(0x5555569076a0, 24 [pid 5066] newfstatat(4, "", [pid 9177] <... set_robust_list resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9177] chdir("./413" [pid 5066] getdents64(4, [pid 9177] <... chdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9177] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] getdents64(4, [pid 9177] <... prctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9177] setpgid(0, 0 [pid 5066] close(4 [pid 9177] <... setpgid resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 9177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9176] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] rmdir("./407/file0" [pid 5062] close(3) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... rmdir resumed>) = 0 [pid 9177] <... openat resumed>) = 3 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9178 [pid 9177] write(3, "1000", 4) = 4 [pid 5066] getdents64(3, [pid 9177] close(3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9177] <... close resumed>) = 0 [pid 5066] close(3./strace-static-x86_64: Process 9178 attached [pid 9178] set_robust_list(0x5555569076a0, 24 [pid 9177] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... close resumed>) = 0 [pid 9178] <... set_robust_list resumed>) = 0 [pid 9178] chdir("./405" [pid 9177] <... symlink resumed>) = 0 [pid 5066] rmdir("./407" [pid 9178] <... chdir resumed>) = 0 [pid 9177] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... rmdir resumed>) = 0 [pid 9178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9177] <... futex resumed>) = 0 [pid 5066] mkdir("./408", 0777 [pid 5065] <... ioctl resumed>) = 0 [pid 9178] setpgid(0, 0 [pid 9177] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... mkdir resumed>) = 0 [pid 9178] <... setpgid resumed>) = 0 [pid 9177] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] <... openat resumed>) = 3 [pid 9177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 9178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] close(3 [pid 9177] <... mmap resumed>) = 0x7f6713892000 [pid 9177] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] <... close resumed>) = 0 [pid 9177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9179 attached [pid 9178] <... openat resumed>) = 3 [pid 9179] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9177] <... clone3 resumed> => {parent_tid=[9179]}, 88) = 9179 ./strace-static-x86_64: Process 9180 attached [pid 9178] write(3, "1000", 4 [pid 9180] set_robust_list(0x5555569076a0, 24 [pid 9178] <... write resumed>) = 4 [pid 9177] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9180 [pid 9180] <... set_robust_list resumed>) = 0 [pid 9178] close(3 [pid 9180] chdir("./409" [pid 9179] <... rseq resumed>) = 0 [pid 9178] <... close resumed>) = 0 [pid 9177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9179] set_robust_list(0x7f67138b29a0, 24 [pid 9178] symlink("/dev/binderfs", "./binderfs" [pid 9177] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9177] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9180] <... chdir resumed>) = 0 [pid 9179] <... set_robust_list resumed>) = 0 [pid 9178] <... symlink resumed>) = 0 [pid 9179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9180] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9179] memfd_create("syzkaller", 0 [pid 9178] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9180] <... prctl resumed>) = 0 [pid 9180] setpgid(0, 0 [pid 9179] <... memfd_create resumed>) = 3 [pid 9178] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9178] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9180] <... setpgid resumed>) = 0 [pid 9179] <... mmap resumed>) = 0x7f670b400000 [pid 9178] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9180] write(3, "1000", 4) = 4 [pid 9180] close(3 [pid 9178] <... mmap resumed>) = 0x7f6713892000 [pid 9178] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9180] <... close resumed>) = 0 [pid 9180] symlink("/dev/binderfs", "./binderfs" [pid 9178] <... mprotect resumed>) = 0 [pid 9176] <... write resumed>) = 2097152 [pid 9180] <... symlink resumed>) = 0 [pid 9176] munmap(0x7f670b400000, 138412032 [pid 9180] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9178] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9176] <... munmap resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 9180] <... futex resumed>) = 0 [pid 9178] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9176] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] close(3 [pid 9180] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9180] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9176] <... openat resumed>) = 4 [pid 5066] <... close resumed>) = 0 ./strace-static-x86_64: Process 9181 attached [pid 9180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9176] ioctl(4, LOOP_SET_FD, 3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9181] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9181] set_robust_list(0x7f67138b29a0, 24 [pid 9180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9181] <... set_robust_list resumed>) = 0 [pid 9181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9181] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9179] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9178] <... clone3 resumed> => {parent_tid=[9181]}, 88) = 9181 [pid 9178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9178] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9180] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9178] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9181] <... futex resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9182 [pid 9181] memfd_create("syzkaller", 0 [pid 9180] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 9182 attached [pid 9181] <... memfd_create resumed>) = 3 [pid 9180] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9176] <... ioctl resumed>) = 0 [pid 9176] close(3 [pid 9182] set_robust_list(0x5555569076a0, 24 [pid 9181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9182] <... set_robust_list resumed>) = 0 [pid 9181] <... mmap resumed>) = 0x7f670b400000 [pid 9182] chdir("./408" [pid 9180] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9176] <... close resumed>) = 0 [pid 9182] <... chdir resumed>) = 0 [pid 9180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9176] close(4 [pid 9182] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9176] <... close resumed>) = 0 ./strace-static-x86_64: Process 9183 attached [pid 9182] <... prctl resumed>) = 0 [pid 9176] mkdir("./file0", 0777 [pid 9183] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9182] setpgid(0, 0 [pid 9180] <... clone3 resumed> => {parent_tid=[9183]}, 88) = 9183 [pid 9183] <... rseq resumed>) = 0 [pid 9182] <... setpgid resumed>) = 0 [pid 9180] rt_sigprocmask(SIG_SETMASK, [], [pid 9183] set_robust_list(0x7f67138b29a0, 24 [pid 9182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9176] <... mkdir resumed>) = 0 [pid 9183] <... set_robust_list resumed>) = 0 [pid 9182] <... openat resumed>) = 3 [pid 9180] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9176] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9183] rt_sigprocmask(SIG_SETMASK, [], [pid 9182] write(3, "1000", 4 [pid 9180] <... futex resumed>) = 0 [pid 9183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9182] <... write resumed>) = 4 [pid 9180] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9182] close(3) = 0 [ 331.284991][ T9176] loop2: detected capacity change from 0 to 4096 [pid 9182] symlink("/dev/binderfs", "./binderfs" [pid 9183] memfd_create("syzkaller", 0 [pid 9182] <... symlink resumed>) = 0 [pid 9182] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9183] <... memfd_create resumed>) = 3 [pid 9182] <... futex resumed>) = 0 [pid 9183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9182] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9183] <... mmap resumed>) = 0x7f670b400000 [pid 9182] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9181] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9179] <... write resumed>) = 2097152 [pid 9176] <... mount resumed>) = 0 [pid 9182] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9182] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9184 attached [pid 9184] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9182] <... clone3 resumed> => {parent_tid=[9184]}, 88) = 9184 [pid 9176] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9184] <... rseq resumed>) = 0 [pid 9182] rt_sigprocmask(SIG_SETMASK, [], [pid 9179] munmap(0x7f670b400000, 138412032 [pid 9176] <... openat resumed>) = 3 [pid 9184] set_robust_list(0x7f67138b29a0, 24 [pid 9182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9184] <... set_robust_list resumed>) = 0 [pid 9182] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9176] chdir("./file0" [pid 9184] rt_sigprocmask(SIG_SETMASK, [], [pid 9182] <... futex resumed>) = 0 [pid 9176] <... chdir resumed>) = 0 [pid 9182] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9176] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9184] memfd_create("syzkaller", 0 [pid 9176] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9176] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9175] <... futex resumed>) = 0 [pid 9175] exit_group(0) = ? [pid 9176] +++ exited with 0 +++ [pid 9175] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9175, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5064] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 9184] <... memfd_create resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9184] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./410/binderfs") = 0 [pid 5064] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9179] <... munmap resumed>) = 0 [pid 9179] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... umount2 resumed>) = 0 [pid 9179] <... openat resumed>) = 4 [pid 5064] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9181] <... write resumed>) = 2097152 [pid 5064] newfstatat(AT_FDCWD, "./410/file0", [pid 9179] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9181] munmap(0x7f670b400000, 138412032 [pid 5064] newfstatat(4, "", [pid 9181] <... munmap resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./410/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./410") = 0 [pid 9181] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] mkdir("./411", 0777 [pid 9181] <... openat resumed>) = 4 [pid 5064] <... mkdir resumed>) = 0 [pid 9181] ioctl(4, LOOP_SET_FD, 3 [pid 9183] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9179] <... ioctl resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9179] close(3 [pid 5064] <... openat resumed>) = 3 [pid 9179] <... close resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9179] close(4) = 0 [pid 9184] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9181] <... ioctl resumed>) = 0 [pid 9179] mkdir("./file0", 0777 [pid 9181] close(3 [pid 9179] <... mkdir resumed>) = 0 [pid 9181] <... close resumed>) = 0 [pid 9179] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9181] close(4) = 0 [pid 9181] mkdir("./file0", 0777) = 0 [pid 9181] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9183] <... write resumed>) = 2097152 [ 331.425838][ T9179] loop1: detected capacity change from 0 to 4096 [ 331.451608][ T9181] loop0: detected capacity change from 0 to 4096 [pid 9183] munmap(0x7f670b400000, 138412032) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 9184] <... write resumed>) = 2097152 [pid 9183] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9184] munmap(0x7f670b400000, 138412032 [pid 9183] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9185 attached [pid 9181] <... mount resumed>) = 0 [pid 9185] set_robust_list(0x5555569076a0, 24) = 0 [pid 9183] <... ioctl resumed>) = 0 [pid 9181] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9185] chdir("./411" [pid 9181] <... openat resumed>) = 3 [pid 9185] <... chdir resumed>) = 0 [pid 9181] chdir("./file0" [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9185 [pid 9185] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9181] <... chdir resumed>) = 0 [pid 9185] <... prctl resumed>) = 0 [pid 9181] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9185] setpgid(0, 0 [pid 9181] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9185] <... setpgid resumed>) = 0 [pid 9185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9184] <... munmap resumed>) = 0 [pid 9181] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9185] <... openat resumed>) = 3 [pid 9181] <... futex resumed>) = 1 [pid 9178] <... futex resumed>) = 0 [pid 9181] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9178] exit_group(0 [pid 9185] write(3, "1000", 4 [pid 9181] <... futex resumed>) = ? [pid 9178] <... exit_group resumed>) = ? [pid 9185] <... write resumed>) = 4 [pid 9184] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9183] close(3 [pid 9181] +++ exited with 0 +++ [pid 9185] close(3 [pid 9184] <... openat resumed>) = 4 [pid 9183] <... close resumed>) = 0 [pid 9185] <... close resumed>) = 0 [pid 9184] ioctl(4, LOOP_SET_FD, 3 [pid 9183] close(4 [pid 9185] symlink("/dev/binderfs", "./binderfs" [pid 9183] <... close resumed>) = 0 [pid 9178] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9178, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5062] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9185] <... symlink resumed>) = 0 [pid 9183] mkdir("./file0", 0777 [pid 9179] <... mount resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9179] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9185] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9183] <... mkdir resumed>) = 0 [pid 9179] <... openat resumed>) = 3 [pid 9185] <... futex resumed>) = 0 [pid 5062] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9185] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9179] chdir("./file0" [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9185] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9183] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5062] newfstatat(AT_FDCWD, "./405/binderfs", [pid 9185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9179] <... chdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9184] <... ioctl resumed>) = 0 [pid 9179] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] unlink("./405/binderfs" [pid 9185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9184] close(3 [pid 9179] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] <... unlink resumed>) = 0 [pid 9185] <... mmap resumed>) = 0x7f6713892000 [pid 9185] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9184] <... close resumed>) = 0 [pid 9179] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9185] <... mprotect resumed>) = 0 [pid 9184] close(4 [pid 9179] <... futex resumed>) = 1 [pid 9177] <... futex resumed>) = 0 [pid 9185] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9183] <... mount resumed>) = 0 [pid 9177] exit_group(0 [pid 5062] <... umount2 resumed>) = 0 [pid 9177] <... exit_group resumed>) = ? [pid 9184] <... close resumed>) = 0 [pid 9184] mkdir("./file0", 0777 [pid 9183] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9184] <... mkdir resumed>) = 0 [pid 9183] <... openat resumed>) = 3 [pid 9183] chdir("./file0" [pid 9179] +++ exited with 0 +++ [pid 9177] +++ exited with 0 +++ [pid 9183] <... chdir resumed>) = 0 [pid 9183] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9184] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9183] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9185] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9183] <... futex resumed>) = 1 [ 331.559215][ T9183] loop3: detected capacity change from 0 to 4096 [ 331.582719][ T9184] loop4: detected capacity change from 0 to 4096 [pid 9180] <... futex resumed>) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9177, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5062] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9183] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9180] exit_group(0) = ? [pid 9185] <... clone3 resumed> => {parent_tid=[9186]}, 88) = 9186 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9185] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] newfstatat(AT_FDCWD, "./405/file0", [pid 9185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9185] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9183] <... futex resumed>) = ? [pid 5063] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9185] <... futex resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 9185] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] newfstatat(3, "", [pid 5062] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9186 attached [pid 9183] +++ exited with 0 +++ [pid 9180] +++ exited with 0 +++ [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9186] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9180, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5063] getdents64(3, [pid 9186] <... rseq resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9186] set_robust_list(0x7f67138b29a0, 24 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... openat resumed>) = 4 [pid 9186] <... set_robust_list resumed>) = 0 [pid 5065] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] newfstatat(4, "", [pid 9186] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9186] memfd_create("syzkaller", 0 [pid 5065] <... openat resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./413/binderfs", [pid 9186] <... memfd_create resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] getdents64(4, [pid 9186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] unlink("./413/binderfs" [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9186] <... mmap resumed>) = 0x7f670b400000 [pid 5065] getdents64(3, [pid 5063] <... unlink resumed>) = 0 [pid 5062] getdents64(4, [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... umount2 resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./409/binderfs", [pid 5062] rmdir("./405/file0" [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5065] unlink("./409/binderfs" [pid 5062] getdents64(3, [pid 5065] <... unlink resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] close(3 [pid 5063] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... close resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] rmdir("./405") = 0 [pid 5063] newfstatat(AT_FDCWD, "./413/file0", [pid 5062] mkdir("./406", 0777 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5063] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./409/file0", [pid 9184] <... mount resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] getdents64(4, [pid 5065] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9184] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 4 [pid 5063] getdents64(4, [pid 9184] chdir("./file0" [pid 5065] newfstatat(4, "", [pid 9184] <... chdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9184] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] close(4 [pid 9184] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] getdents64(4, [pid 5063] <... close resumed>) = 0 [pid 9184] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9184] <... futex resumed>) = 1 [pid 9182] <... futex resumed>) = 0 [pid 9184] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9182] exit_group(0 [pid 5065] getdents64(4, [pid 5063] rmdir("./413/file0" [pid 9184] <... futex resumed>) = ? [pid 9182] <... exit_group resumed>) = ? [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9184] +++ exited with 0 +++ [pid 5065] close(4) = 0 [pid 5065] rmdir("./409/file0" [pid 5063] <... rmdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] getdents64(3, [pid 9182] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9182, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5065] getdents64(3, [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] <... restart_syscall resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5066] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] rmdir("./413" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... rmdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] close(3) = 0 [pid 9186] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] newfstatat(3, "", [pid 5065] rmdir("./409" [pid 5063] mkdir("./414", 0777 [pid 5065] <... rmdir resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5065] mkdir("./410", 0777 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5065] <... openat resumed>) = 3 [pid 5066] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... ioctl resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./408/binderfs", [pid 5062] close(3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... close resumed>) = 0 [pid 5066] unlink("./408/binderfs" [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9187 attached [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9187] set_robust_list(0x5555569076a0, 24) = 0 [pid 9187] chdir("./406" [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9187 [pid 9187] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 9187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9187] setpgid(0, 0) = 0 [pid 9187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9187] <... openat resumed>) = 3 [pid 9186] <... write resumed>) = 2097152 [pid 5066] newfstatat(AT_FDCWD, "./408/file0", [pid 9187] write(3, "1000", 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9187] <... write resumed>) = 4 [pid 9187] close(3) = 0 [pid 9187] symlink("/dev/binderfs", "./binderfs" [pid 9186] munmap(0x7f670b400000, 138412032 [pid 5066] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9187] <... symlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9187] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9187] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9187] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... openat resumed>) = 4 [pid 9187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5066] newfstatat(4, "", [pid 9187] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9187] <... mprotect resumed>) = 0 [pid 5066] getdents64(4, [pid 9187] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9187] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9188]}, 88) = 9188 ./strace-static-x86_64: Process 9188 attached [pid 9187] rt_sigprocmask(SIG_SETMASK, [], [pid 9188] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9187] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9188] <... rseq resumed>) = 0 [pid 9187] <... futex resumed>) = 0 [pid 9188] set_robust_list(0x7f67138b29a0, 24 [pid 9187] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9188] <... set_robust_list resumed>) = 0 [pid 9188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9188] memfd_create("syzkaller", 0 [pid 9186] <... munmap resumed>) = 0 [pid 5066] getdents64(4, [pid 5065] <... ioctl resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9188] <... memfd_create resumed>) = 3 [pid 9188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9186] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 5066] close(4 [pid 5063] <... close resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9189 ./strace-static-x86_64: Process 9189 attached [pid 9189] set_robust_list(0x5555569076a0, 24) = 0 [pid 9189] chdir("./410") = 0 [pid 9189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9189] setpgid(0, 0) = 0 [pid 5066] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9186] <... openat resumed>) = 4 [pid 5066] rmdir("./408/file0"./strace-static-x86_64: Process 9190 attached [pid 9189] <... openat resumed>) = 3 [pid 9186] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 9189] write(3, "1000", 4) = 4 [pid 9189] close(3) = 0 [pid 9189] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9190] set_robust_list(0x5555569076a0, 24 [pid 5066] close(3) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9190 [pid 9190] <... set_robust_list resumed>) = 0 [pid 5066] rmdir("./408" [pid 9190] chdir("./414") = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 9190] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] mkdir("./409", 0777 [pid 9190] <... prctl resumed>) = 0 [pid 9189] <... symlink resumed>) = 0 [pid 9186] <... ioctl resumed>) = 0 [pid 9189] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9189] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9189] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9191 attached [pid 9191] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9190] setpgid(0, 0 [pid 9189] <... clone3 resumed> => {parent_tid=[9191]}, 88) = 9191 [pid 9188] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9186] close(3 [pid 9191] <... rseq resumed>) = 0 [pid 9190] <... setpgid resumed>) = 0 [pid 9189] rt_sigprocmask(SIG_SETMASK, [], [pid 9186] <... close resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 9191] set_robust_list(0x7f67138b29a0, 24 [pid 9190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9186] close(4 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9191] <... set_robust_list resumed>) = 0 [pid 9189] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9189] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... openat resumed>) = 3 [pid 9191] rt_sigprocmask(SIG_SETMASK, [], [pid 9186] <... close resumed>) = 0 [pid 9191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9190] <... openat resumed>) = 3 [pid 9191] memfd_create("syzkaller", 0 [pid 9186] mkdir("./file0", 0777 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 9190] write(3, "1000", 4 [pid 9186] <... mkdir resumed>) = 0 [pid 9190] <... write resumed>) = 4 [pid 9186] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9191] <... memfd_create resumed>) = 3 [pid 9190] close(3 [pid 9191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9190] <... close resumed>) = 0 [pid 9191] <... mmap resumed>) = 0x7f670b400000 [ 331.858462][ T9186] loop2: detected capacity change from 0 to 4096 [pid 9190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9190] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9190] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9190] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9190] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9192]}, 88) = 9192 [pid 9190] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 9192 attached [pid 9191] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9192] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9190] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9192] <... rseq resumed>) = 0 [pid 9192] set_robust_list(0x7f67138b29a0, 24 [pid 9190] <... futex resumed>) = 0 [pid 9190] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9192] <... set_robust_list resumed>) = 0 [pid 9192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9192] memfd_create("syzkaller", 0 [pid 5066] <... ioctl resumed>) = 0 [pid 9192] <... memfd_create resumed>) = 3 [pid 5066] close(3 [pid 9192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... close resumed>) = 0 [pid 9192] <... mmap resumed>) = 0x7f670b400000 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9188] <... write resumed>) = 2097152 [pid 9188] munmap(0x7f670b400000, 138412032./strace-static-x86_64: Process 9193 attached ) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9193 [pid 9193] set_robust_list(0x5555569076a0, 24) = 0 [pid 9193] chdir("./409") = 0 [pid 9186] <... mount resumed>) = 0 [pid 9193] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9186] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9193] <... prctl resumed>) = 0 [pid 9193] setpgid(0, 0 [pid 9188] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9186] <... openat resumed>) = 3 [pid 9193] <... setpgid resumed>) = 0 [pid 9186] chdir("./file0" [pid 9193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9186] <... chdir resumed>) = 0 [pid 9188] <... openat resumed>) = 4 [pid 9186] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9193] <... openat resumed>) = 3 [pid 9188] ioctl(4, LOOP_SET_FD, 3 [pid 9186] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9193] write(3, "1000", 4) = 4 [pid 9186] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9193] close(3 [pid 9186] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9193] <... close resumed>) = 0 [pid 9188] <... ioctl resumed>) = 0 [pid 9185] <... futex resumed>) = 0 [pid 9185] exit_group(0 [pid 9186] <... futex resumed>) = ? [pid 9185] <... exit_group resumed>) = ? [pid 9193] symlink("/dev/binderfs", "./binderfs" [pid 9186] +++ exited with 0 +++ [pid 9185] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9185, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 9193] <... symlink resumed>) = 0 [pid 5064] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9188] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9188] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9188] close(4 [pid 5064] <... openat resumed>) = 3 [pid 9188] <... close resumed>) = 0 [pid 9188] mkdir("./file0", 0777 [pid 5064] newfstatat(3, "", [pid 9193] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9188] <... mkdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9193] <... futex resumed>) = 0 [pid 5064] getdents64(3, [pid 9193] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9188] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9193] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./411/binderfs") = 0 [pid 9193] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9192] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5064] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9193] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] <... umount2 resumed>) = 0 [ 332.012826][ T9188] loop0: detected capacity change from 0 to 4096 [pid 9193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9194 attached [pid 9191] <... write resumed>) = 2097152 [pid 5064] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9194] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9193] <... clone3 resumed> => {parent_tid=[9194]}, 88) = 9194 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9194] <... rseq resumed>) = 0 [pid 9193] rt_sigprocmask(SIG_SETMASK, [], [pid 9194] set_robust_list(0x7f67138b29a0, 24 [pid 9193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9194] <... set_robust_list resumed>) = 0 [pid 9193] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9194] rt_sigprocmask(SIG_SETMASK, [], [pid 9193] <... futex resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./411/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9193] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9191] munmap(0x7f670b400000, 138412032 [pid 5064] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9194] memfd_create("syzkaller", 0 [pid 9191] <... munmap resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9194] <... memfd_create resumed>) = 3 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 9194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] close(4 [pid 9194] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./411/file0") = 0 [pid 9191] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] getdents64(3, [pid 9191] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 9191] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... close resumed>) = 0 [pid 9192] <... write resumed>) = 2097152 [pid 9188] <... mount resumed>) = 0 [pid 5064] rmdir("./411") = 0 [pid 5064] mkdir("./412", 0777 [pid 9194] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9192] munmap(0x7f670b400000, 138412032 [pid 9191] <... ioctl resumed>) = 0 [pid 9188] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9191] close(3) = 0 [pid 9188] <... openat resumed>) = 3 [pid 9191] close(4 [pid 9192] <... munmap resumed>) = 0 [pid 9191] <... close resumed>) = 0 [pid 9188] chdir("./file0" [pid 5064] <... openat resumed>) = 3 [pid 9188] <... chdir resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9192] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9191] mkdir("./file0", 0777 [pid 9188] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9192] <... openat resumed>) = 4 [pid 9191] <... mkdir resumed>) = 0 [pid 9188] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9192] ioctl(4, LOOP_SET_FD, 3 [pid 9191] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9188] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9188] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9187] <... futex resumed>) = 0 [pid 9187] exit_group(0 [pid 9188] <... futex resumed>) = ? [pid 9187] <... exit_group resumed>) = ? [pid 9188] +++ exited with 0 +++ [pid 9187] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9187, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 9192] <... ioctl resumed>) = 0 [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 9192] close(3) = 0 [pid 5062] <... restart_syscall resumed>) = 0 [pid 9192] close(4) = 0 [pid 5062] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9192] mkdir("./file0", 0777 [pid 5062] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", [pid 9192] <... mkdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 332.134067][ T9191] loop3: detected capacity change from 0 to 4096 [ 332.166687][ T9192] loop1: detected capacity change from 0 to 4096 [pid 9194] <... write resumed>) = 2097152 [pid 9192] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] newfstatat(AT_FDCWD, "./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./406/binderfs") = 0 [pid 5062] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5062] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./406/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 9194] munmap(0x7f670b400000, 138412032 [pid 5062] getdents64(4, [pid 9194] <... munmap resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9191] <... mount resumed>) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./406/file0") = 0 [pid 9191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] getdents64(3, [pid 9191] <... openat resumed>) = 3 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9191] chdir("./file0") = 0 [pid 5062] close(3 [pid 9191] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... close resumed>) = 0 [pid 5064] close(3 [pid 9194] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9191] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] rmdir("./406" [pid 9191] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9194] <... openat resumed>) = 4 [pid 9191] <... futex resumed>) = 1 [pid 9189] <... futex resumed>) = 0 [pid 5062] mkdir("./407", 0777 [pid 9191] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9189] exit_group(0 [pid 9191] <... futex resumed>) = ? [pid 9189] <... exit_group resumed>) = ? [pid 5062] <... mkdir resumed>) = 0 [pid 9191] +++ exited with 0 +++ [pid 9194] ioctl(4, LOOP_SET_FD, 3) = 0 ./strace-static-x86_64: Process 9195 attached [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9195 [pid 5062] <... openat resumed>) = 3 [pid 9195] set_robust_list(0x5555569076a0, 24 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9195] <... set_robust_list resumed>) = 0 [pid 9189] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9189, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 9195] chdir("./412" [pid 5065] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9195] <... chdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9195] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9195] <... prctl resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 9195] setpgid(0, 0 [pid 5065] newfstatat(3, "", [pid 9195] <... setpgid resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9194] close(3 [pid 5065] getdents64(3, [pid 9194] <... close resumed>) = 0 [pid 9195] <... openat resumed>) = 3 [pid 9194] close(4 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9195] write(3, "1000", 4 [pid 9194] <... close resumed>) = 0 [pid 5065] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9195] <... write resumed>) = 4 [pid 9195] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9194] mkdir("./file0", 0777 [pid 5065] newfstatat(AT_FDCWD, "./410/binderfs", [pid 9194] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./410/binderfs" [pid 9195] <... close resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 9194] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9195] symlink("/dev/binderfs", "./binderfs" [pid 5065] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9195] <... symlink resumed>) = 0 [pid 9195] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... umount2 resumed>) = 0 [pid 9195] <... futex resumed>) = 0 [ 332.258113][ T9194] loop4: detected capacity change from 0 to 4096 [pid 9195] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./410/file0", [pid 9195] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9195] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... openat resumed>) = 4 [pid 9195] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] newfstatat(4, "", [pid 9195] <... mprotect resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9195] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 9195] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] <... close resumed>) = 0 [pid 9195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9192] <... mount resumed>) = 0 [pid 5065] rmdir("./410/file0" [pid 9194] <... mount resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 9195] <... clone3 resumed> => {parent_tid=[9196]}, 88) = 9196 [pid 9194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 9196 attached [pid 9195] rt_sigprocmask(SIG_SETMASK, [], [pid 9194] <... openat resumed>) = 3 [pid 9192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9196] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9192] <... openat resumed>) = 3 [pid 9196] set_robust_list(0x7f67138b29a0, 24 [pid 9195] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9192] chdir("./file0" [pid 9196] <... set_robust_list resumed>) = 0 [pid 9195] <... futex resumed>) = 0 [pid 5065] getdents64(3, [pid 9196] rt_sigprocmask(SIG_SETMASK, [], [pid 9195] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9192] <... chdir resumed>) = 0 [pid 9196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9192] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9194] chdir("./file0" [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 9194] <... chdir resumed>) = 0 [pid 9192] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] close(3 [pid 9194] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... close resumed>) = 0 [pid 9194] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9194] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] rmdir("./410" [pid 5062] close(3 [pid 9194] <... futex resumed>) = 1 [pid 9193] <... futex resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 9194] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9193] exit_group(0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9194] <... futex resumed>) = ? [pid 9193] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 9197 attached [pid 9194] +++ exited with 0 +++ [pid 9193] +++ exited with 0 +++ [pid 5065] <... rmdir resumed>) = 0 [pid 9197] set_robust_list(0x5555569076a0, 24 [pid 9196] memfd_create("syzkaller", 0 [pid 9192] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] mkdir("./411", 0777 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9197 [pid 9197] <... set_robust_list resumed>) = 0 [pid 9192] <... futex resumed>) = 1 [pid 9190] <... futex resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9193, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 9197] chdir("./407" [pid 9192] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9190] exit_group(0 [pid 5066] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9197] <... chdir resumed>) = 0 [pid 9192] <... futex resumed>) = ? [pid 9190] <... exit_group resumed>) = ? [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... mkdir resumed>) = 0 [pid 9197] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9197] <... prctl resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 9197] setpgid(0, 0 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9197] <... setpgid resumed>) = 0 [pid 5066] getdents64(3, [pid 9197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9192] +++ exited with 0 +++ [pid 9190] +++ exited with 0 +++ [pid 5066] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9197] <... openat resumed>) = 3 [pid 9196] <... memfd_create resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9190, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 9196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] newfstatat(AT_FDCWD, "./409/binderfs", [pid 5065] <... openat resumed>) = 3 [pid 9197] write(3, "1000", 4 [pid 9196] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9197] <... write resumed>) = 4 [pid 5066] unlink("./409/binderfs" [pid 5063] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9197] close(3 [pid 5066] <... unlink resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9197] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 9197] symlink("/dev/binderfs", "./binderfs" [pid 5066] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(3, "", [pid 9197] <... symlink resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9197] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9197] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9197] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] newfstatat(AT_FDCWD, "./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9197] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] unlink("./414/binderfs" [pid 9197] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... unlink resumed>) = 0 [pid 9197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9197] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5066] <... umount2 resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5066] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9197] <... mprotect resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9197] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] newfstatat(AT_FDCWD, "./409/file0", [pid 5063] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9197] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(AT_FDCWD, "./414/file0", [pid 9197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 9198 attached [pid 5066] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9196] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9198] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9197] <... clone3 resumed> => {parent_tid=[9198]}, 88) = 9198 [pid 5066] <... openat resumed>) = 4 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] newfstatat(4, "", [pid 5063] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9197] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... openat resumed>) = 4 [pid 9197] <... futex resumed>) = 0 [pid 9197] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] getdents64(4, [pid 5063] newfstatat(4, "", [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5063] getdents64(4, [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... close resumed>) = 0 [pid 5063] getdents64(4, [pid 9198] <... rseq resumed>) = 0 [pid 9196] <... write resumed>) = 2097152 [pid 5066] rmdir("./409/file0" [pid 9198] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 9198] rt_sigprocmask(SIG_SETMASK, [], [pid 9196] munmap(0x7f670b400000, 138412032 [pid 5066] <... rmdir resumed>) = 0 [pid 5063] rmdir("./414/file0") = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 5066] getdents64(3, [pid 5063] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5063] rmdir("./414" [pid 5066] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] rmdir("./409") = 0 [pid 9198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9196] <... munmap resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] mkdir("./415", 0777 [pid 9198] memfd_create("syzkaller", 0 [pid 9196] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] mkdir("./410", 0777 [pid 5065] close(3 [pid 5063] <... mkdir resumed>) = 0 [pid 9196] <... openat resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 9196] ioctl(4, LOOP_SET_FD, 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... mkdir resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 9198] <... memfd_create resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 ./strace-static-x86_64: Process 9199 attached [pid 9199] set_robust_list(0x5555569076a0, 24 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9199 [pid 9199] <... set_robust_list resumed>) = 0 [pid 9199] chdir("./411") = 0 [pid 9199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9196] <... ioctl resumed>) = 0 [pid 9199] setpgid(0, 0 [pid 9196] close(3 [pid 9199] <... setpgid resumed>) = 0 [pid 9196] <... close resumed>) = 0 [pid 9199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9196] close(4) = 0 [pid 9196] mkdir("./file0", 0777) = 0 [pid 9196] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9199] <... openat resumed>) = 3 [pid 9199] write(3, "1000", 4) = 4 [pid 9199] close(3) = 0 [pid 9199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9199] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 332.470527][ T9196] loop2: detected capacity change from 0 to 4096 [pid 9199] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9196] <... mount resumed>) = 0 [pid 9199] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9196] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9196] chdir("./file0" [pid 9199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9198] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9196] <... chdir resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9199] <... mmap resumed>) = 0x7f6713892000 [pid 9196] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9199] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9196] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9199] <... mprotect resumed>) = 0 [pid 9196] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9196] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] close(3 [pid 9195] <... futex resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9199] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9195] exit_group(0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9200 ./strace-static-x86_64: Process 9200 attached [pid 9200] set_robust_list(0x5555569076a0, 24) = 0 [pid 9200] chdir("./415") = 0 [pid 9200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9196] <... futex resumed>) = ? [pid 9195] <... exit_group resumed>) = ? [pid 9200] setpgid(0, 0) = 0 [pid 9200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9200] write(3, "1000", 4) = 4 [pid 9200] close(3 [pid 9196] +++ exited with 0 +++ [pid 9195] +++ exited with 0 +++ [pid 9200] <... close resumed>) = 0 [pid 9200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9200] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9200] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9200] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9200] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9200] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9195, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 9200] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9199] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 9199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] close(3./strace-static-x86_64: Process 9201 attached [pid 9200] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... close resumed>) = 0 [pid 9201] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9199] <... clone3 resumed> => {parent_tid=[9201]}, 88) = 9201 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9201] <... rseq resumed>) = 0 [pid 9199] rt_sigprocmask(SIG_SETMASK, [], [pid 9200] <... clone3 resumed> => {parent_tid=[9202]}, 88) = 9202 ./strace-static-x86_64: Process 9203 attached [pid 9201] set_robust_list(0x7f67138b29a0, 24 [pid 9200] rt_sigprocmask(SIG_SETMASK, [], [pid 9199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9203] set_robust_list(0x5555569076a0, 24 [pid 9201] <... set_robust_list resumed>) = 0 [pid 9199] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9203 [pid 5064] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9203] <... set_robust_list resumed>) = 0 [pid 9201] rt_sigprocmask(SIG_SETMASK, [], [pid 9200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9199] <... futex resumed>) = 0 ./strace-static-x86_64: Process 9202 attached [pid 9203] chdir("./410" [pid 9201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9200] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9199] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... openat resumed>) = 3 [pid 9203] <... chdir resumed>) = 0 [pid 9202] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9200] <... futex resumed>) = 0 [pid 9202] <... rseq resumed>) = 0 [pid 9200] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9203] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9202] set_robust_list(0x7f67138b29a0, 24 [pid 9201] memfd_create("syzkaller", 0 [pid 5064] newfstatat(3, "", [pid 9203] <... prctl resumed>) = 0 [pid 9202] <... set_robust_list resumed>) = 0 [pid 9203] setpgid(0, 0 [pid 9202] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9203] <... setpgid resumed>) = 0 [pid 9202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] getdents64(3, [pid 9203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9202] memfd_create("syzkaller", 0 [pid 9203] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9203] write(3, "1000", 4 [pid 5064] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9202] <... memfd_create resumed>) = 3 [pid 9203] <... write resumed>) = 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9203] close(3 [pid 9202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9201] <... memfd_create resumed>) = 3 [pid 9202] <... mmap resumed>) = 0x7f670b400000 [pid 9201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] newfstatat(AT_FDCWD, "./412/binderfs", [pid 9203] <... close resumed>) = 0 [pid 9201] <... mmap resumed>) = 0x7f670b400000 [pid 9198] <... write resumed>) = 2097152 [pid 9198] munmap(0x7f670b400000, 138412032 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9203] symlink("/dev/binderfs", "./binderfs" [pid 9198] <... munmap resumed>) = 0 [pid 5064] unlink("./412/binderfs" [pid 9203] <... symlink resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9203] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./412/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 9198] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9203] <... futex resumed>) = 0 [pid 9198] <... openat resumed>) = 4 [pid 9203] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] close(4 [pid 9198] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... close resumed>) = 0 [pid 9203] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9203] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9198] <... ioctl resumed>) = 0 [pid 5064] rmdir("./412/file0" [pid 9198] close(3 [pid 5064] <... rmdir resumed>) = 0 [pid 9203] <... mmap resumed>) = 0x7f6713892000 [pid 9202] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9198] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 9203] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9201] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9198] close(4 [pid 9203] <... mprotect resumed>) = 0 [pid 9198] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 9198] mkdir("./file0", 0777 [pid 5064] <... close resumed>) = 0 [pid 9198] <... mkdir resumed>) = 0 [pid 5064] rmdir("./412" [pid 9203] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 9198] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] mkdir("./413", 0777 [pid 9203] <... clone3 resumed> => {parent_tid=[9204]}, 88) = 9204 [pid 9203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9203] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9203] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 9204 attached [pid 9204] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9204] set_robust_list(0x7f67138b29a0, 24) = 0 [ 332.649920][ T9198] loop0: detected capacity change from 0 to 4096 [pid 9204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9204] memfd_create("syzkaller", 0 [pid 9202] <... write resumed>) = 2097152 [pid 9204] <... memfd_create resumed>) = 3 [pid 9204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9202] munmap(0x7f670b400000, 138412032) = 0 [pid 9202] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9201] <... write resumed>) = 2097152 [pid 9198] <... mount resumed>) = 0 [pid 9198] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9204] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9201] munmap(0x7f670b400000, 138412032 [pid 9198] <... openat resumed>) = 3 [pid 9198] chdir("./file0") = 0 [pid 9198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9198] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9198] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9202] close(3 [pid 9197] <... futex resumed>) = 0 [pid 9202] <... close resumed>) = 0 [pid 9197] exit_group(0 [pid 9202] close(4 [pid 9198] <... futex resumed>) = ? [pid 9197] <... exit_group resumed>) = ? [pid 9202] <... close resumed>) = 0 [pid 9201] <... munmap resumed>) = 0 [pid 9198] +++ exited with 0 +++ [pid 9197] +++ exited with 0 +++ [pid 9202] mkdir("./file0", 0777 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9197, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 9202] <... mkdir resumed>) = 0 [pid 9202] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9201] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./407/binderfs") = 0 [pid 5062] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9201] <... openat resumed>) = 4 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [ 332.758165][ T9202] loop1: detected capacity change from 0 to 4096 [pid 5062] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9201] ioctl(4, LOOP_SET_FD, 3 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 5062] newfstatat(AT_FDCWD, "./407/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 5062] close(4 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./407/file0") = 0 [pid 5062] getdents64(3, ./strace-static-x86_64: Process 9205 attached 0x555556908730 /* 0 entries */, 32768) = 0 [pid 9205] set_robust_list(0x5555569076a0, 24 [pid 9201] <... ioctl resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9205 [pid 5062] close(3 [pid 9205] <... set_robust_list resumed>) = 0 [pid 9201] close(3 [pid 5062] <... close resumed>) = 0 [pid 9201] <... close resumed>) = 0 [pid 5062] rmdir("./407" [pid 9205] chdir("./413" [pid 9201] close(4 [pid 9205] <... chdir resumed>) = 0 [pid 9205] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9204] <... write resumed>) = 2097152 [pid 9201] <... close resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 9205] <... prctl resumed>) = 0 [pid 9201] mkdir("./file0", 0777 [pid 9205] setpgid(0, 0 [pid 5062] mkdir("./408", 0777 [pid 9205] <... setpgid resumed>) = 0 [pid 9201] <... mkdir resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9205] write(3, "1000", 4) = 4 [pid 9205] close(3 [pid 9201] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9205] <... close resumed>) = 0 [pid 9205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9202] <... mount resumed>) = 0 [ 332.820187][ T9201] loop3: detected capacity change from 0 to 4096 [pid 9204] munmap(0x7f670b400000, 138412032 [pid 9202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9204] <... munmap resumed>) = 0 [pid 9205] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9202] <... openat resumed>) = 3 [pid 9202] chdir("./file0") = 0 [pid 9202] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9202] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9200] <... futex resumed>) = 0 [pid 9205] <... futex resumed>) = 0 [pid 9205] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9202] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9200] exit_group(0 [pid 9205] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9202] <... futex resumed>) = ? [pid 9200] <... exit_group resumed>) = ? [pid 9205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9202] +++ exited with 0 +++ [pid 9205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9200] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9200, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=6 /* 0.06 s */} --- [pid 9204] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9204] ioctl(4, LOOP_SET_FD, 3 [pid 9205] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9201] <... mount resumed>) = 0 [pid 9205] <... mprotect resumed>) = 0 [pid 9201] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9205] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9201] chdir("./file0" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9205] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9201] <... chdir resumed>) = 0 [pid 9205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9201] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 9206 attached [pid 5063] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9206] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9205] <... clone3 resumed> => {parent_tid=[9206]}, 88) = 9206 [pid 9201] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] <... openat resumed>) = 3 [pid 9206] <... rseq resumed>) = 0 [pid 9205] rt_sigprocmask(SIG_SETMASK, [], [pid 9201] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] newfstatat(3, "", [pid 9205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9206] set_robust_list(0x7f67138b29a0, 24 [pid 9205] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9204] <... ioctl resumed>) = 0 [pid 9201] <... futex resumed>) = 1 [pid 9199] <... futex resumed>) = 0 [pid 5063] getdents64(3, [pid 5062] <... ioctl resumed>) = 0 [pid 9199] exit_group(0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9199] <... exit_group resumed>) = ? [pid 5063] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./415/binderfs" [pid 9206] <... set_robust_list resumed>) = 0 [pid 9205] <... futex resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 9204] close(3) = 0 [pid 5063] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9204] close(4) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 9204] mkdir("./file0", 0777 [pid 9206] rt_sigprocmask(SIG_SETMASK, [], [pid 9205] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9204] <... mkdir resumed>) = 0 [pid 9206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9204] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5062] close(3 [pid 9206] memfd_create("syzkaller", 0 [pid 5062] <... close resumed>) = 0 [pid 9201] +++ exited with 0 +++ [pid 9199] +++ exited with 0 +++ [pid 9206] <... memfd_create resumed>) = 3 [pid 5063] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9199, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9207 attached ) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] newfstatat(AT_FDCWD, "./415/file0", [pid 9207] set_robust_list(0x5555569076a0, 24 [pid 5065] <... openat resumed>) = 3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9207] <... set_robust_list resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 5063] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9207] chdir("./408" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9207 [pid 9207] <... chdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5063] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9207] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] <... openat resumed>) = 4 [pid 9207] <... prctl resumed>) = 0 [pid 9207] setpgid(0, 0 [pid 5065] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] newfstatat(4, "", [pid 9207] <... setpgid resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 332.911824][ T9204] loop4: detected capacity change from 0 to 4096 [pid 9207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] newfstatat(AT_FDCWD, "./411/binderfs", [pid 5063] getdents64(4, [pid 9207] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9207] write(3, "1000", 4 [pid 5065] unlink("./411/binderfs" [pid 5063] getdents64(4, [pid 9207] <... write resumed>) = 4 [pid 5065] <... unlink resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9207] close(3 [pid 5063] close(4 [pid 9207] <... close resumed>) = 0 [pid 5065] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 9207] symlink("/dev/binderfs", "./binderfs" [pid 5063] rmdir("./415/file0" [pid 9207] <... symlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5065] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./411/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9207] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9207] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... openat resumed>) = 4 [pid 9207] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5065] newfstatat(4, "", [pid 5063] close(3) = 0 [pid 9207] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] rmdir("./415" [pid 9207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] getdents64(4, [pid 5063] <... rmdir resumed>) = 0 [pid 9207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 9207] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] close(4 [pid 5063] mkdir("./416", 0777 [pid 9207] <... mprotect resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 9207] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] rmdir("./411/file0" [pid 5063] <... mkdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 9207] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] getdents64(3, ./strace-static-x86_64: Process 9208 attached [pid 9207] <... clone3 resumed> => {parent_tid=[9208]}, 88) = 9208 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9208] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9207] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] close(3 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9208] <... rseq resumed>) = 0 [pid 9207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... close resumed>) = 0 [pid 9208] set_robust_list(0x7f67138b29a0, 24 [pid 9207] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... openat resumed>) = 3 [pid 9208] <... set_robust_list resumed>) = 0 [pid 9207] <... futex resumed>) = 0 [pid 5065] rmdir("./411" [pid 9208] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9207] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] <... rmdir resumed>) = 0 [pid 9208] memfd_create("syzkaller", 0 [pid 5065] mkdir("./412", 0777) = 0 [pid 9208] <... memfd_create resumed>) = 3 [pid 9204] <... mount resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9204] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... openat resumed>) = 3 [pid 9208] <... mmap resumed>) = 0x7f670b400000 [pid 9204] <... openat resumed>) = 3 [pid 9206] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9204] chdir("./file0" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9204] <... chdir resumed>) = 0 [pid 9204] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9204] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9203] <... futex resumed>) = 0 [pid 9204] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9203] exit_group(0) = ? [pid 9204] <... futex resumed>) = ? [pid 9204] +++ exited with 0 +++ [pid 9203] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9203, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./410/binderfs") = 0 [pid 5066] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5066] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./410/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5063] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./410/file0") = 0 [pid 5066] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./410") = 0 [pid 5066] mkdir("./411", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] close(3) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 9206] <... write resumed>) = 2097152 [pid 9208] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... ioctl resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9206] munmap(0x7f670b400000, 138412032) = 0 [pid 5065] close(3) = 0 ./strace-static-x86_64: Process 9209 attached [pid 9209] set_robust_list(0x5555569076a0, 24 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9209 [pid 9209] <... set_robust_list resumed>) = 0 [pid 9209] chdir("./416") = 0 [pid 9209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9209] setpgid(0, 0) = 0 [pid 9209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 9210 attached ) = 3 [pid 9210] set_robust_list(0x5555569076a0, 24 [pid 9209] write(3, "1000", 4 [pid 9206] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9210 [pid 9210] <... set_robust_list resumed>) = 0 [pid 9209] <... write resumed>) = 4 [pid 9210] chdir("./412" [pid 9209] close(3 [pid 9206] <... openat resumed>) = 4 [pid 9210] <... chdir resumed>) = 0 [pid 9209] <... close resumed>) = 0 [pid 9210] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9209] symlink("/dev/binderfs", "./binderfs" [pid 9210] <... prctl resumed>) = 0 [pid 9209] <... symlink resumed>) = 0 [pid 9206] ioctl(4, LOOP_SET_FD, 3 [pid 9210] setpgid(0, 0 [pid 9209] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9210] <... setpgid resumed>) = 0 [pid 9206] <... ioctl resumed>) = 0 [pid 9210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9209] <... futex resumed>) = 0 [pid 9209] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9209] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9210] <... openat resumed>) = 3 [pid 9209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9210] write(3, "1000", 4 [pid 9209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9210] <... write resumed>) = 4 ./strace-static-x86_64: Process 9211 attached [pid 9210] close(3 [pid 9211] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9210] <... close resumed>) = 0 [pid 9209] <... clone3 resumed> => {parent_tid=[9211]}, 88) = 9211 [pid 9211] <... rseq resumed>) = 0 [pid 9210] symlink("/dev/binderfs", "./binderfs" [pid 9209] rt_sigprocmask(SIG_SETMASK, [], [pid 9206] close(3 [pid 9208] <... write resumed>) = 2097152 [pid 9211] set_robust_list(0x7f67138b29a0, 24 [pid 9210] <... symlink resumed>) = 0 [pid 9209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9208] munmap(0x7f670b400000, 138412032 [pid 9206] <... close resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 9211] <... set_robust_list resumed>) = 0 [pid 9210] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9209] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9206] close(4 [pid 9211] rt_sigprocmask(SIG_SETMASK, [], [pid 9210] <... futex resumed>) = 0 [pid 9209] <... futex resumed>) = 0 [pid 5066] close(3 [pid 9206] <... close resumed>) = 0 [pid 9211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9210] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9209] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9208] <... munmap resumed>) = 0 [pid 9206] mkdir("./file0", 0777 [pid 5066] <... close resumed>) = 0 [pid 9211] memfd_create("syzkaller", 0 [pid 9210] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9206] <... mkdir resumed>) = 0 [pid 9206] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9210] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9210] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 333.158495][ T9206] loop2: detected capacity change from 0 to 4096 [pid 9210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9211] <... memfd_create resumed>) = 3 [pid 9210] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9210] <... mprotect resumed>) = 0 [pid 9208] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9212 ./strace-static-x86_64: Process 9212 attached [pid 9211] <... mmap resumed>) = 0x7f670b400000 [pid 9210] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9208] <... openat resumed>) = 4 [pid 9212] set_robust_list(0x5555569076a0, 24) = 0 [pid 9210] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9212] chdir("./411") = 0 [pid 9208] ioctl(4, LOOP_SET_FD, 3 [pid 9212] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 9213 attached ) = 0 [pid 9212] setpgid(0, 0 [pid 9213] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9212] <... setpgid resumed>) = 0 [pid 9210] <... clone3 resumed> => {parent_tid=[9213]}, 88) = 9213 [pid 9208] <... ioctl resumed>) = 0 [pid 9206] <... mount resumed>) = 0 [pid 9213] <... rseq resumed>) = 0 [pid 9212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9213] set_robust_list(0x7f67138b29a0, 24 [pid 9212] <... openat resumed>) = 3 [pid 9210] rt_sigprocmask(SIG_SETMASK, [], [pid 9208] close(3 [pid 9206] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9213] <... set_robust_list resumed>) = 0 [pid 9212] write(3, "1000", 4 [pid 9210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9208] <... close resumed>) = 0 [pid 9206] <... openat resumed>) = 3 [pid 9213] rt_sigprocmask(SIG_SETMASK, [], [pid 9212] <... write resumed>) = 4 [pid 9210] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9208] close(4 [pid 9213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9212] close(3 [pid 9210] <... futex resumed>) = 0 [pid 9208] <... close resumed>) = 0 [pid 9206] chdir("./file0" [pid 9213] memfd_create("syzkaller", 0 [pid 9212] <... close resumed>) = 0 [pid 9212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9212] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9208] mkdir("./file0", 0777 [pid 9206] <... chdir resumed>) = 0 [pid 9212] <... futex resumed>) = 0 [pid 9208] <... mkdir resumed>) = 0 [pid 9206] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9213] <... memfd_create resumed>) = 3 [pid 9212] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9210] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9206] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9212] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9206] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9213] <... mmap resumed>) = 0x7f670b400000 [pid 9212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9206] <... futex resumed>) = 1 [pid 9205] <... futex resumed>) = 0 [pid 9212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9211] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9208] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9206] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9205] exit_group(0 [pid 9212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9206] <... futex resumed>) = ? [pid 9205] <... exit_group resumed>) = ? [pid 9212] <... mmap resumed>) = 0x7f6713892000 [pid 9212] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [ 333.228612][ T9208] loop0: detected capacity change from 0 to 4096 [pid 9212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9214 attached => {parent_tid=[9214]}, 88) = 9214 [pid 9206] +++ exited with 0 +++ [pid 9205] +++ exited with 0 +++ [pid 9212] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9205, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 9212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9214] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9212] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9214] <... rseq resumed>) = 0 [pid 9214] set_robust_list(0x7f67138b29a0, 24 [pid 9212] <... futex resumed>) = 0 [pid 9214] <... set_robust_list resumed>) = 0 [pid 9214] rt_sigprocmask(SIG_SETMASK, [], [pid 9212] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9214] memfd_create("syzkaller", 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 9214] <... memfd_create resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9211] <... write resumed>) = 2097152 [pid 5064] getdents64(3, [pid 9214] <... mmap resumed>) = 0x7f670b400000 [pid 9211] munmap(0x7f670b400000, 138412032 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9211] <... munmap resumed>) = 0 [pid 5064] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./413/binderfs") = 0 [pid 5064] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9208] <... mount resumed>) = 0 [pid 9208] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9211] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9208] <... openat resumed>) = 3 [pid 9208] chdir("./file0" [pid 9211] <... openat resumed>) = 4 [pid 9211] ioctl(4, LOOP_SET_FD, 3 [pid 9208] <... chdir resumed>) = 0 [pid 9208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9208] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9208] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9213] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9207] <... futex resumed>) = 0 [pid 9207] exit_group(0 [pid 9208] <... futex resumed>) = ? [pid 9207] <... exit_group resumed>) = ? [pid 9208] +++ exited with 0 +++ [pid 9207] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9207, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=2 /* 0.02 s */} --- [pid 5062] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./408/binderfs") = 0 [pid 5062] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./413/file0", [pid 9211] <... ioctl resumed>) = 0 [pid 5062] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9211] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9211] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./408/file0", [pid 9211] close(4 [pid 5064] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9211] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(4, "", [pid 9214] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9211] mkdir("./file0", 0777 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5064] close(4) = 0 [pid 5062] newfstatat(4, "", [pid 5064] rmdir("./413/file0" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(3, [pid 5062] getdents64(4, [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9211] <... mkdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5062] close(4 [pid 5064] rmdir("./413" [pid 5062] <... close resumed>) = 0 [ 333.345588][ T9211] loop1: detected capacity change from 0 to 4096 [pid 5062] rmdir("./408/file0" [pid 5064] <... rmdir resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5064] mkdir("./414", 0777 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 9213] <... write resumed>) = 2097152 [pid 5064] <... mkdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] rmdir("./408" [pid 5064] <... openat resumed>) = 3 [pid 5062] <... rmdir resumed>) = 0 [pid 9213] munmap(0x7f670b400000, 138412032 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5062] mkdir("./409", 0777 [pid 9211] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 9213] <... munmap resumed>) = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9213] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9213] ioctl(4, LOOP_SET_FD, 3 [pid 9214] <... write resumed>) = 2097152 [pid 9211] <... mount resumed>) = 0 [pid 9213] <... ioctl resumed>) = 0 [pid 9214] munmap(0x7f670b400000, 138412032) = 0 [pid 9213] close(3 [pid 9211] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9214] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9211] <... openat resumed>) = 3 [pid 9213] <... close resumed>) = 0 [pid 9214] ioctl(4, LOOP_SET_FD, 3 [pid 9213] close(4 [pid 9211] chdir("./file0" [pid 9214] <... ioctl resumed>) = 0 [pid 9213] <... close resumed>) = 0 [pid 9211] <... chdir resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 9214] close(3 [pid 9213] mkdir("./file0", 0777 [pid 9211] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] close(3 [pid 9214] <... close resumed>) = 0 [pid 9213] <... mkdir resumed>) = 0 [pid 9211] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9214] close(4 [pid 9213] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9211] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 9214] <... close resumed>) = 0 [pid 9211] <... futex resumed>) = 1 [pid 9209] <... futex resumed>) = 0 [pid 9211] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9209] exit_group(0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9214] mkdir("./file0", 0777 [pid 9211] <... futex resumed>) = ? [pid 9209] <... exit_group resumed>) = ? [pid 9214] <... mkdir resumed>) = 0 [pid 9211] +++ exited with 0 +++ [pid 9209] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9209, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5063] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 9215 attached [pid 5063] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9214] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9215] set_robust_list(0x5555569076a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9215 [pid 5063] newfstatat(AT_FDCWD, "./416/binderfs", [pid 9215] <... set_robust_list resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9215] chdir("./414" [pid 5063] unlink("./416/binderfs" [pid 9215] <... chdir resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5063] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9215] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] <... umount2 resumed>) = 0 [pid 9215] <... prctl resumed>) = 0 [pid 9215] setpgid(0, 0) = 0 [ 333.442917][ T9213] loop3: detected capacity change from 0 to 4096 [ 333.465801][ T9214] loop4: detected capacity change from 0 to 4096 [pid 9215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9215] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./416/file0", [pid 9215] write(3, "1000", 4) = 4 [pid 9215] close(3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 9215] <... close resumed>) = 0 [pid 5063] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9215] symlink("/dev/binderfs", "./binderfs" [pid 9213] <... mount resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] close(3 [pid 5063] <... openat resumed>) = 4 [pid 9215] <... symlink resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 5062] <... close resumed>) = 0 [pid 9215] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9213] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 9213] <... openat resumed>) = 3 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9213] chdir("./file0" [pid 5063] getdents64(4, [pid 9213] <... chdir resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9215] <... futex resumed>) = 0 [pid 9213] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9215] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] close(4 [pid 9215] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9213] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5063] <... close resumed>) = 0 [pid 5063] rmdir("./416/file0" [pid 9213] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9215] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9213] <... futex resumed>) = 1 [pid 9210] <... futex resumed>) = 0 ./strace-static-x86_64: Process 9216 attached [pid 9215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9213] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9210] exit_group(0 [pid 5063] <... rmdir resumed>) = 0 [pid 9216] set_robust_list(0x5555569076a0, 24 [pid 9215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9216] <... set_robust_list resumed>) = 0 [pid 9215] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9210] <... exit_group resumed>) = ? [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9216 [pid 9213] <... futex resumed>) = ? [pid 9216] chdir("./409" [pid 9213] +++ exited with 0 +++ [pid 9215] <... mprotect resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./416") = 0 [pid 5063] mkdir("./417", 0777 [pid 9214] <... mount resumed>) = 0 [pid 9210] +++ exited with 0 +++ [pid 9216] <... chdir resumed>) = 0 [pid 9215] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9210, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5063] <... mkdir resumed>) = 0 [pid 9216] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9215] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9216] <... prctl resumed>) = 0 [pid 9216] setpgid(0, 0 [pid 9214] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9216] <... setpgid resumed>) = 0 [pid 9215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9214] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9214] chdir("./file0" [pid 5065] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9214] <... chdir resumed>) = 0 [pid 9214] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9216] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 9214] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] newfstatat(3, "", [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 9217 attached [pid 9216] write(3, "1000", 4 [pid 9215] <... clone3 resumed> => {parent_tid=[9217]}, 88) = 9217 [pid 9214] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... openat resumed>) = 3 [pid 9217] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9214] <... futex resumed>) = 1 [pid 9212] <... futex resumed>) = 0 [pid 5065] getdents64(3, [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9217] <... rseq resumed>) = 0 [pid 9216] <... write resumed>) = 4 [pid 9215] rt_sigprocmask(SIG_SETMASK, [], [pid 9214] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9212] exit_group(0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9217] set_robust_list(0x7f67138b29a0, 24 [pid 9216] close(3 [pid 9215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9214] <... futex resumed>) = ? [pid 9212] <... exit_group resumed>) = ? [pid 5065] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9217] <... set_robust_list resumed>) = 0 [pid 9216] <... close resumed>) = 0 [pid 9215] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9214] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9217] rt_sigprocmask(SIG_SETMASK, [], [pid 9216] symlink("/dev/binderfs", "./binderfs" [pid 9215] <... futex resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./412/binderfs", [pid 9217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9216] <... symlink resumed>) = 0 [pid 9215] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9212] +++ exited with 0 +++ [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9217] memfd_create("syzkaller", 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9212, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5065] unlink("./412/binderfs" [pid 9217] <... memfd_create resumed>) = 3 [pid 9216] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... unlink resumed>) = 0 [pid 9216] <... futex resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 9217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... umount2 resumed>) = 0 [pid 9216] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] newfstatat(3, "", [pid 5065] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9217] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(3, [pid 5065] newfstatat(AT_FDCWD, "./412/file0", [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./411/binderfs", [pid 5065] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 4 [pid 9216] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] unlink("./411/binderfs" [pid 5065] newfstatat(4, "", [pid 9216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9216] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9218]}, 88) = 9218 [pid 9216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9216] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9216] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 9218 attached [pid 9218] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9218] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9218] memfd_create("syzkaller", 0 [pid 5066] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 5063] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] close(3 [pid 9218] <... memfd_create resumed>) = 3 [pid 9218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5063] <... close resumed>) = 0 [pid 9218] <... mmap resumed>) = 0x7f670b400000 [pid 5065] rmdir("./412/file0" [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9219 attached [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 9219] set_robust_list(0x5555569076a0, 24 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9219 [pid 5066] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] newfstatat(AT_FDCWD, "./411/file0", [pid 9219] <... set_robust_list resumed>) = 0 [pid 9218] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9217] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] close(3 [pid 9219] chdir("./417" [pid 5066] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rmdir("./412" [pid 9219] <... chdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 9219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9219] setpgid(0, 0 [pid 5066] <... openat resumed>) = 4 [pid 9219] <... setpgid resumed>) = 0 [pid 5065] mkdir("./413", 0777 [pid 9219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9218] <... write resumed>) = 2097152 [pid 5066] newfstatat(4, "", [pid 5065] <... mkdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9219] <... openat resumed>) = 3 [pid 9218] munmap(0x7f670b400000, 138412032 [pid 5066] getdents64(4, [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... openat resumed>) = 3 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./411/file0" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9219] write(3, "1000", 4) = 4 [pid 5066] <... rmdir resumed>) = 0 [pid 9219] close(3 [pid 9218] <... munmap resumed>) = 0 [pid 9217] <... write resumed>) = 2097152 [pid 9219] <... close resumed>) = 0 [pid 9218] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9217] munmap(0x7f670b400000, 138412032 [pid 5066] getdents64(3, [pid 9219] symlink("/dev/binderfs", "./binderfs" [pid 9218] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9218] ioctl(4, LOOP_SET_FD, 3 [pid 9219] <... symlink resumed>) = 0 [pid 9217] <... munmap resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./411" [pid 9219] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9218] <... ioctl resumed>) = 0 [pid 9217] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] <... rmdir resumed>) = 0 [pid 9219] <... futex resumed>) = 0 [pid 9218] close(3 [pid 9217] <... openat resumed>) = 4 [pid 9218] <... close resumed>) = 0 [pid 9217] ioctl(4, LOOP_SET_FD, 3 [pid 5066] mkdir("./412", 0777 [pid 9219] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9218] close(4 [pid 9219] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9218] <... close resumed>) = 0 [pid 9219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9218] mkdir("./file0", 0777 [pid 9219] <... mmap resumed>) = 0x7f6713892000 [pid 9219] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9219] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... mkdir resumed>) = 0 [pid 9218] <... mkdir resumed>) = 0 [pid 9219] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9218] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9219] <... clone3 resumed> => {parent_tid=[9220]}, 88) = 9220 [pid 5066] <... openat resumed>) = 3 ./strace-static-x86_64: Process 9220 attached [pid 9217] <... ioctl resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 9220] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9219] rt_sigprocmask(SIG_SETMASK, [], [pid 9217] close(3 [pid 9220] <... rseq resumed>) = 0 [pid 9219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9217] <... close resumed>) = 0 [pid 9220] set_robust_list(0x7f67138b29a0, 24 [pid 9219] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9217] close(4 [pid 9220] <... set_robust_list resumed>) = 0 [pid 9219] <... futex resumed>) = 0 [pid 9217] <... close resumed>) = 0 [pid 9220] rt_sigprocmask(SIG_SETMASK, [], [pid 9219] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9217] mkdir("./file0", 0777 [pid 9220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9217] <... mkdir resumed>) = 0 [pid 9217] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [ 333.743202][ T9218] loop0: detected capacity change from 0 to 4096 [ 333.752360][ T9217] loop2: detected capacity change from 0 to 4096 [pid 9220] memfd_create("syzkaller", 0) = 3 [pid 9220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9218] <... mount resumed>) = 0 [pid 9218] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9218] chdir("./file0") = 0 [pid 9218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9218] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9216] <... futex resumed>) = 0 [pid 9218] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9216] exit_group(0 [pid 9218] <... futex resumed>) = ? [pid 9216] <... exit_group resumed>) = ? [pid 9217] <... mount resumed>) = 0 [pid 9218] +++ exited with 0 +++ [pid 9216] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9216, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5062] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 9217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] newfstatat(3, "", [pid 9217] <... openat resumed>) = 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9217] chdir("./file0" [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9217] <... chdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 9217] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9217] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5062] newfstatat(AT_FDCWD, "./409/binderfs", [pid 9220] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9217] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9217] <... futex resumed>) = 1 [pid 9215] <... futex resumed>) = 0 [pid 5065] close(3 [pid 5062] unlink("./409/binderfs" [pid 9217] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... close resumed>) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9215] exit_group(0 [pid 5062] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9217] <... futex resumed>) = ? [pid 9215] <... exit_group resumed>) = ? [pid 5062] <... umount2 resumed>) = 0 [pid 9217] +++ exited with 0 +++ [pid 9215] +++ exited with 0 +++ ./strace-static-x86_64: Process 9221 attached [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9215, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5062] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9221] set_robust_list(0x5555569076a0, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9221 [pid 9221] <... set_robust_list resumed>) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9221] chdir("./413" [pid 5062] newfstatat(AT_FDCWD, "./409/file0", [pid 9221] <... chdir resumed>) = 0 [pid 9221] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9221] <... prctl resumed>) = 0 [pid 5062] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9221] setpgid(0, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9221] <... setpgid resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... openat resumed>) = 4 [pid 5064] <... openat resumed>) = 3 [pid 5062] newfstatat(4, "", [pid 9221] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 9221] write(3, "1000", 4 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9221] <... write resumed>) = 4 [pid 5066] close(3 [pid 5064] getdents64(3, [pid 5062] getdents64(4, [pid 9221] close(3 [pid 5066] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9221] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9221] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] getdents64(4, [pid 5064] unlink("./414/binderfs") = 0 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] close(4 [pid 5064] <... umount2 resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5064] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./414/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] rmdir("./409/file0" [pid 5064] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... rmdir resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] getdents64(3, [pid 9221] <... symlink resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 9222 attached [pid 9221] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9222 [pid 5064] close(4 [pid 5062] close(3 [pid 9221] <... futex resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 9222] set_robust_list(0x5555569076a0, 24) = 0 [pid 5064] rmdir("./414/file0" [pid 5062] <... close resumed>) = 0 [pid 9222] chdir("./412") = 0 [pid 9221] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... rmdir resumed>) = 0 [pid 5062] rmdir("./409" [pid 9222] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9221] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9222] <... prctl resumed>) = 0 [pid 9221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] getdents64(3, [pid 9222] setpgid(0, 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 9222] <... setpgid resumed>) = 0 [pid 9221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] close(3 [pid 5062] mkdir("./410", 0777 [pid 9222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... close resumed>) = 0 [pid 9222] <... openat resumed>) = 3 [pid 9221] <... mmap resumed>) = 0x7f6713892000 [pid 5064] rmdir("./414" [pid 5062] <... mkdir resumed>) = 0 [pid 9222] write(3, "1000", 4 [pid 9221] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... rmdir resumed>) = 0 [pid 9221] <... mprotect resumed>) = 0 [pid 9222] <... write resumed>) = 4 [pid 9221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9222] close(3 [pid 5064] mkdir("./415", 0777 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9223 attached [pid 9222] <... close resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 9223] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9222] symlink("/dev/binderfs", "./binderfs" [pid 9221] <... clone3 resumed> => {parent_tid=[9223]}, 88) = 9223 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9223] <... rseq resumed>) = 0 [pid 9222] <... symlink resumed>) = 0 [pid 9223] set_robust_list(0x7f67138b29a0, 24 [pid 9222] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9223] <... set_robust_list resumed>) = 0 [pid 9222] <... futex resumed>) = 0 [pid 9221] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9223] rt_sigprocmask(SIG_SETMASK, [], [pid 9222] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9220] <... write resumed>) = 2097152 [pid 9223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... openat resumed>) = 3 [pid 9223] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9222] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9220] munmap(0x7f670b400000, 138412032 [pid 9222] <... mmap resumed>) = 0x7f6713892000 [pid 9221] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9222] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9223] <... futex resumed>) = 0 [pid 9222] <... mprotect resumed>) = 0 [pid 9221] <... futex resumed>) = 1 [pid 9222] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9221] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9222] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9223] memfd_create("syzkaller", 0 [pid 9222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9224 attached [pid 9223] <... memfd_create resumed>) = 3 [pid 9224] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9222] <... clone3 resumed> => {parent_tid=[9224]}, 88) = 9224 [pid 9223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9222] rt_sigprocmask(SIG_SETMASK, [], [pid 9224] set_robust_list(0x7f67138b29a0, 24 [pid 9223] <... mmap resumed>) = 0x7f670b400000 [pid 9224] <... set_robust_list resumed>) = 0 [pid 9222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9224] rt_sigprocmask(SIG_SETMASK, [], [pid 9222] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9222] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9220] <... munmap resumed>) = 0 [pid 9220] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9224] memfd_create("syzkaller", 0) = 3 [pid 9224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9220] <... openat resumed>) = 4 [pid 9224] <... mmap resumed>) = 0x7f670b400000 [pid 9220] ioctl(4, LOOP_SET_FD, 3 [pid 9223] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9220] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 9224] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9220] close(3 [pid 5062] <... ioctl resumed>) = 0 [pid 9220] <... close resumed>) = 0 [ 333.974082][ T9220] loop1: detected capacity change from 0 to 4096 [pid 9220] close(4 [pid 5062] close(3 [pid 9220] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9225 attached [pid 9225] set_robust_list(0x5555569076a0, 24) = 0 [pid 9225] chdir("./415") = 0 [pid 9225] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9225 [pid 9225] <... prctl resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 9225] setpgid(0, 0 [pid 9220] mkdir("./file0", 0777 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9226 attached [pid 9225] <... setpgid resumed>) = 0 [pid 9220] <... mkdir resumed>) = 0 [pid 9226] set_robust_list(0x5555569076a0, 24 [pid 9225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9220] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9226 [pid 9226] <... set_robust_list resumed>) = 0 [pid 9225] <... openat resumed>) = 3 [pid 9226] chdir("./410" [pid 9225] write(3, "1000", 4) = 4 [pid 9225] close(3) = 0 [pid 9225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9225] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9225] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9225] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9226] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 9227 attached [pid 9226] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9225] <... clone3 resumed> => {parent_tid=[9227]}, 88) = 9227 [pid 9226] <... prctl resumed>) = 0 [pid 9226] setpgid(0, 0 [pid 9227] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9225] rt_sigprocmask(SIG_SETMASK, [], [pid 9223] <... write resumed>) = 2097152 [pid 9220] <... mount resumed>) = 0 [pid 9226] <... setpgid resumed>) = 0 [pid 9227] <... rseq resumed>) = 0 [pid 9226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9227] set_robust_list(0x7f67138b29a0, 24 [pid 9226] <... openat resumed>) = 3 [pid 9225] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9227] <... set_robust_list resumed>) = 0 [pid 9225] <... futex resumed>) = 0 [pid 9227] rt_sigprocmask(SIG_SETMASK, [], [pid 9225] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9220] <... openat resumed>) = 3 [pid 9227] memfd_create("syzkaller", 0 [pid 9226] write(3, "1000", 4 [pid 9223] munmap(0x7f670b400000, 138412032 [pid 9220] chdir("./file0" [pid 9227] <... memfd_create resumed>) = 3 [pid 9226] <... write resumed>) = 4 [pid 9224] <... write resumed>) = 2097152 [pid 9220] <... chdir resumed>) = 0 [pid 9227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9220] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9227] <... mmap resumed>) = 0x7f670b400000 [pid 9226] close(3 [pid 9224] munmap(0x7f670b400000, 138412032 [pid 9220] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9226] <... close resumed>) = 0 [pid 9223] <... munmap resumed>) = 0 [pid 9220] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9226] symlink("/dev/binderfs", "./binderfs" [pid 9223] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9220] <... futex resumed>) = 1 [pid 9226] <... symlink resumed>) = 0 [pid 9223] <... openat resumed>) = 4 [pid 9220] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9219] <... futex resumed>) = 0 [pid 9226] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9224] <... munmap resumed>) = 0 [pid 9223] ioctl(4, LOOP_SET_FD, 3 [pid 9219] exit_group(0) = ? [pid 9226] <... futex resumed>) = 0 [pid 9224] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9226] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9224] <... openat resumed>) = 4 [pid 9226] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9224] ioctl(4, LOOP_SET_FD, 3 [pid 9226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9227] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9224] <... ioctl resumed>) = 0 [pid 9223] <... ioctl resumed>) = 0 [pid 9220] <... futex resumed>) = ? [pid 9226] <... mmap resumed>) = 0x7f6713892000 [pid 9224] close(3 [pid 9223] close(3 [pid 9220] +++ exited with 0 +++ [pid 9219] +++ exited with 0 +++ [pid 9226] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9224] <... close resumed>) = 0 [pid 9223] <... close resumed>) = 0 [pid 9226] <... mprotect resumed>) = 0 [pid 9224] close(4 [pid 9223] close(4 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9219, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 9226] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9224] <... close resumed>) = 0 [pid 5063] restart_syscall(<... resuming interrupted clone ...> [pid 9226] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9223] <... close resumed>) = 0 [pid 5063] <... restart_syscall resumed>) = 0 [pid 9226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9224] mkdir("./file0", 0777 [pid 9226] <... clone3 resumed> => {parent_tid=[9228]}, 88) = 9228 [pid 9226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9223] mkdir("./file0", 0777 [pid 9226] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9223] <... mkdir resumed>) = 0 [pid 9226] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9224] <... mkdir resumed>) = 0 [pid 9224] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9223] mount("/dev/loop3", "./file0", "ntfs3", 0, ""./strace-static-x86_64: Process 9228 attached [pid 9228] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9227] <... write resumed>) = 2097152 [pid 9228] <... rseq resumed>) = 0 [pid 9227] munmap(0x7f670b400000, 138412032 [pid 5063] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9228] set_robust_list(0x7f67138b29a0, 24 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9228] <... set_robust_list resumed>) = 0 [ 334.123743][ T9223] loop3: detected capacity change from 0 to 4096 [ 334.133499][ T9224] loop4: detected capacity change from 0 to 4096 [pid 5063] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9228] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... openat resumed>) = 3 [pid 9228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] newfstatat(3, "", [pid 9228] memfd_create("syzkaller", 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9227] <... munmap resumed>) = 0 [pid 9228] <... memfd_create resumed>) = 3 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./417/binderfs", [pid 9228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./417/binderfs") = 0 [pid 5063] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9227] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9227] ioctl(4, LOOP_SET_FD, 3 [pid 9224] <... mount resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 9227] <... ioctl resumed>) = 0 [pid 9223] <... mount resumed>) = 0 [pid 9227] close(3 [pid 9224] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9223] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9224] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9227] <... close resumed>) = 0 [pid 9224] chdir("./file0" [pid 9223] <... openat resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./417/file0", [pid 9227] close(4 [pid 9224] <... chdir resumed>) = 0 [pid 9223] chdir("./file0" [pid 9227] <... close resumed>) = 0 [pid 9224] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9227] mkdir("./file0", 0777 [pid 9224] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9223] <... chdir resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9227] <... mkdir resumed>) = 0 [pid 9224] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9223] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9224] <... futex resumed>) = 1 [pid 9223] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9227] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9224] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9223] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9222] <... futex resumed>) = 0 [ 334.214994][ T9227] loop2: detected capacity change from 0 to 4096 [pid 5063] <... openat resumed>) = 4 [pid 9228] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9223] <... futex resumed>) = 1 [pid 9222] exit_group(0 [pid 9221] <... futex resumed>) = 0 [pid 9223] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9224] <... futex resumed>) = ? [pid 9222] <... exit_group resumed>) = ? [pid 9221] exit_group(0 [pid 5063] newfstatat(4, "", [pid 9224] +++ exited with 0 +++ [pid 9223] <... futex resumed>) = ? [pid 9222] +++ exited with 0 +++ [pid 9221] <... exit_group resumed>) = ? [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9223] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9222, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5063] getdents64(4, [pid 5066] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 9221] +++ exited with 0 +++ [pid 5066] newfstatat(3, "", [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9221, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 5063] getdents64(4, [pid 5066] getdents64(3, [pid 5065] <... restart_syscall resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] close(4 [pid 5066] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] rmdir("./417/file0" [pid 5066] newfstatat(AT_FDCWD, "./412/binderfs", [pid 5065] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./412/binderfs" [pid 5063] getdents64(3, [pid 5066] <... unlink resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] close(3 [pid 5065] getdents64(3, [pid 5063] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] rmdir("./417" [pid 5065] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5066] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] mkdir("./418", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./413/binderfs", [pid 5066] newfstatat(AT_FDCWD, "./412/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] unlink("./413/binderfs" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... unlink resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5065] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... openat resumed>) = 3 [pid 5066] getdents64(4, [pid 5063] ioctl(3, LOOP_CLR_FD [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9228] <... write resumed>) = 2097152 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./412/file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./413/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(3, [pid 9228] munmap(0x7f670b400000, 138412032 [pid 9227] <... mount resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] close(3 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 9227] <... openat resumed>) = 3 [pid 5066] rmdir("./412" [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] close(4 [pid 9227] chdir("./file0" [pid 5065] <... close resumed>) = 0 [pid 9227] <... chdir resumed>) = 0 [pid 5065] rmdir("./413/file0" [pid 9227] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5065] <... rmdir resumed>) = 0 [pid 5066] mkdir("./413", 0777 [pid 9227] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] getdents64(3, [pid 9228] <... munmap resumed>) = 0 [pid 9227] <... futex resumed>) = 1 [pid 9225] <... futex resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9228] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9227] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] close(3 [pid 9225] exit_group(0) = ? [pid 9227] <... futex resumed>) = ? [pid 9228] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 9228] ioctl(4, LOOP_SET_FD, 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] rmdir("./413" [pid 9227] +++ exited with 0 +++ [pid 9225] +++ exited with 0 +++ [pid 5065] <... rmdir resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9225, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 5065] mkdir("./414", 0777) = 0 [pid 5064] <... restart_syscall resumed>) = 0 [pid 9228] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] <... ioctl resumed>) = 0 [pid 9228] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5063] close(3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 9228] <... close resumed>) = 0 [pid 9228] close(4) = 0 [pid 9228] mkdir("./file0", 0777) = 0 [pid 9228] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9229 [ 334.373469][ T9228] loop0: detected capacity change from 0 to 4096 [pid 5064] newfstatat(3, "", [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 9229 attached [pid 9229] set_robust_list(0x5555569076a0, 24) = 0 [pid 9229] chdir("./418") = 0 [pid 9229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9229] setpgid(0, 0) = 0 [pid 9229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9229] write(3, "1000", 4) = 4 [pid 9229] close(3) = 0 [pid 9229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9229] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] getdents64(3, [pid 9229] <... futex resumed>) = 0 [pid 9229] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9229] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9229] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9229] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./415/binderfs", [pid 9229] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(3 [pid 5064] unlink("./415/binderfs"./strace-static-x86_64: Process 9230 attached ) = 0 [pid 9230] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9229] <... clone3 resumed> => {parent_tid=[9230]}, 88) = 9230 [pid 9230] <... rseq resumed>) = 0 [pid 9229] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9230] set_robust_list(0x7f67138b29a0, 24 [pid 9229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9230] <... set_robust_list resumed>) = 0 [pid 9229] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9230] rt_sigprocmask(SIG_SETMASK, [], [pid 9229] <... futex resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 9230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9229] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9231 attached [pid 9231] set_robust_list(0x5555569076a0, 24) = 0 [pid 5064] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9231] chdir("./413" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9231] <... chdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9231 [pid 5064] newfstatat(AT_FDCWD, "./415/file0", [pid 9231] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9230] memfd_create("syzkaller", 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9231] <... prctl resumed>) = 0 [pid 9230] <... memfd_create resumed>) = 3 [pid 5064] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9231] setpgid(0, 0 [pid 9230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9231] <... setpgid resumed>) = 0 [pid 9230] <... mmap resumed>) = 0x7f670b400000 [pid 9231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9231] <... openat resumed>) = 3 [pid 5064] newfstatat(4, "", [pid 9231] write(3, "1000", 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9231] <... write resumed>) = 4 [pid 9228] <... mount resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] getdents64(4, [pid 9228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] close(3 [pid 9228] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 9228] chdir("./file0" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9228] <... chdir resumed>) = 0 [pid 9231] close(3 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 9231] <... close resumed>) = 0 [pid 5064] close(4 [pid 9231] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... close resumed>) = 0 [pid 9231] <... symlink resumed>) = 0 [pid 9228] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5064] rmdir("./415/file0"./strace-static-x86_64: Process 9232 attached [pid 9228] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9232 [pid 5064] <... rmdir resumed>) = 0 [pid 9232] set_robust_list(0x5555569076a0, 24 [pid 9228] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] getdents64(3, [pid 9232] <... set_robust_list resumed>) = 0 [pid 9228] <... futex resumed>) = 1 [pid 9226] <... futex resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9228] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9226] exit_group(0 [pid 5064] close(3 [pid 9232] chdir("./414" [pid 9231] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9230] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9228] <... futex resumed>) = ? [pid 9226] <... exit_group resumed>) = ? [pid 9232] <... chdir resumed>) = 0 [pid 9232] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9231] <... futex resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 9232] <... prctl resumed>) = 0 [pid 9232] setpgid(0, 0 [pid 9231] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] rmdir("./415" [pid 9231] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 9231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] mkdir("./416", 0777 [pid 9231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9232] <... setpgid resumed>) = 0 [pid 9231] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9231] <... mprotect resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 9231] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9232] <... openat resumed>) = 3 [pid 9231] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9232] write(3, "1000", 4 [pid 9228] +++ exited with 0 +++ [pid 9226] +++ exited with 0 +++ [pid 9232] <... write resumed>) = 4 ./strace-static-x86_64: Process 9233 attached [pid 9232] close(3 [pid 9231] <... clone3 resumed> => {parent_tid=[9233]}, 88) = 9233 [pid 9233] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9231] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9226, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 9233] <... rseq resumed>) = 0 [pid 9232] <... close resumed>) = 0 [pid 9233] set_robust_list(0x7f67138b29a0, 24 [pid 9232] symlink("/dev/binderfs", "./binderfs" [pid 5062] restart_syscall(<... resuming interrupted clone ...> [pid 9233] <... set_robust_list resumed>) = 0 [pid 5062] <... restart_syscall resumed>) = 0 [pid 9233] rt_sigprocmask(SIG_SETMASK, [], [pid 9231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9232] <... symlink resumed>) = 0 [pid 9231] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9233] memfd_create("syzkaller", 0 [pid 9231] <... futex resumed>) = 0 [pid 9232] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9231] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9233] <... memfd_create resumed>) = 3 [pid 9232] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9232] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5062] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9233] <... mmap resumed>) = 0x7f670b400000 [pid 9232] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./410/binderfs" [pid 9232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5062] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./410/file0", [pid 9232] <... mmap resumed>) = 0x7f6713892000 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9232] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9230] <... write resumed>) = 2097152 [pid 5062] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./410/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./410") = 0 [pid 5062] mkdir("./411", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9232] <... mprotect resumed>) = 0 [pid 9230] munmap(0x7f670b400000, 138412032) = 0 [pid 9232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9230] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9230] <... openat resumed>) = 4 [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9230] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3./strace-static-x86_64: Process 9234 attached [pid 9233] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9232] <... clone3 resumed> => {parent_tid=[9234]}, 88) = 9234 [pid 9230] <... ioctl resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 9234] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9232] rt_sigprocmask(SIG_SETMASK, [], [pid 9230] close(3 [pid 9234] <... rseq resumed>) = 0 [pid 9232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9230] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9232] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9230] close(4 [pid 9234] set_robust_list(0x7f67138b29a0, 24 [pid 9232] <... futex resumed>) = 0 [pid 9234] <... set_robust_list resumed>) = 0 [pid 9230] <... close resumed>) = 0 [pid 9234] rt_sigprocmask(SIG_SETMASK, [], [pid 9232] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9230] mkdir("./file0", 0777 [pid 9234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9230] <... mkdir resumed>) = 0 [pid 9234] memfd_create("syzkaller", 0 [pid 9230] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9234] <... memfd_create resumed>) = 3 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9235 [pid 9234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 ./strace-static-x86_64: Process 9235 attached [pid 9235] set_robust_list(0x5555569076a0, 24) = 0 [pid 9235] chdir("./416") = 0 [pid 9235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9235] setpgid(0, 0) = 0 [pid 9235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 334.620147][ T9230] loop1: detected capacity change from 0 to 4096 [pid 9235] write(3, "1000", 4) = 4 [pid 9235] close(3) = 0 [pid 9235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9235] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9235] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9233] <... write resumed>) = 2097152 [pid 9235] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9235] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9235] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9230] <... mount resumed>) = 0 [pid 9230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9235] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9230] <... openat resumed>) = 3 [pid 9230] chdir("./file0" [pid 9233] munmap(0x7f670b400000, 138412032 [pid 9230] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 9236 attached [pid 9235] <... clone3 resumed> => {parent_tid=[9236]}, 88) = 9236 [pid 9236] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9235] rt_sigprocmask(SIG_SETMASK, [], [pid 9230] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9236] <... rseq resumed>) = 0 [pid 9235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9236] set_robust_list(0x7f67138b29a0, 24 [pid 9235] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9230] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9236] <... set_robust_list resumed>) = 0 [pid 9235] <... futex resumed>) = 0 [pid 9236] rt_sigprocmask(SIG_SETMASK, [], [pid 9235] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9230] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9230] <... futex resumed>) = 1 [pid 9229] <... futex resumed>) = 0 [pid 5062] <... ioctl resumed>) = 0 [pid 9236] memfd_create("syzkaller", 0 [pid 9234] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5062] close(3) = 0 [pid 9236] <... memfd_create resumed>) = 3 [pid 9233] <... munmap resumed>) = 0 [pid 9230] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9229] exit_group(0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9230] <... futex resumed>) = ? [pid 9229] <... exit_group resumed>) = ? [pid 9230] +++ exited with 0 +++ [pid 9236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9233] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9236] <... mmap resumed>) = 0x7f670b400000 [pid 9233] <... openat resumed>) = 4 [pid 9233] ioctl(4, LOOP_SET_FD, 3 [pid 9229] +++ exited with 0 +++ [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9229, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9237 [pid 5063] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9237 attached ) = -1 EINVAL (Invalid argument) [pid 9237] set_robust_list(0x5555569076a0, 24 [pid 5063] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9237] <... set_robust_list resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [pid 9237] chdir("./411" [pid 5063] newfstatat(3, "", [pid 9233] <... ioctl resumed>) = 0 [pid 9233] close(3) = 0 [pid 9233] close(4) = 0 [pid 9233] mkdir("./file0", 0777 [pid 9237] <... chdir resumed>) = 0 [pid 9233] <... mkdir resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9237] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] getdents64(3, [pid 9237] <... prctl resumed>) = 0 [pid 9237] setpgid(0, 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9237] <... setpgid resumed>) = 0 [pid 5063] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9233] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9237] <... openat resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./418/binderfs", [pid 9237] write(3, "1000", 4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9237] <... write resumed>) = 4 [pid 5063] unlink("./418/binderfs" [pid 9237] close(3) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 9237] symlink("/dev/binderfs", "./binderfs" [pid 5063] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9237] <... symlink resumed>) = 0 [pid 9237] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... umount2 resumed>) = 0 [pid 9237] <... futex resumed>) = 0 [pid 5063] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9237] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] newfstatat(AT_FDCWD, "./418/file0", [pid 9237] <... rt_sigaction resumed>NULL, 8) = 0 [ 334.738782][ T9233] loop4: detected capacity change from 0 to 4096 [pid 9237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9236] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9237] <... mmap resumed>) = 0x7f6713892000 [pid 5063] openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9237] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... openat resumed>) = 4 [pid 9237] <... mprotect resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 9237] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 9237] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] getdents64(4, [pid 9234] <... write resumed>) = 2097152 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9237] <... clone3 resumed> => {parent_tid=[9238]}, 88) = 9238 [pid 5063] close(4 [pid 9237] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... close resumed>) = 0 [pid 9237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] rmdir("./418/file0" [pid 9237] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... rmdir resumed>) = 0 [pid 9237] <... futex resumed>) = 0 [pid 5063] getdents64(3, [pid 9237] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9234] munmap(0x7f670b400000, 138412032 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./418") = 0 [pid 5063] mkdir("./419", 0777) = 0 ./strace-static-x86_64: Process 9238 attached [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 9238] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9238] <... rseq resumed>) = 0 [pid 9238] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9238] memfd_create("syzkaller", 0 [pid 9234] <... munmap resumed>) = 0 [pid 9238] <... memfd_create resumed>) = 3 [pid 9236] <... write resumed>) = 2097152 [pid 9234] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9234] ioctl(4, LOOP_SET_FD, 3 [pid 9238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9236] munmap(0x7f670b400000, 138412032 [pid 9233] <... mount resumed>) = 0 [pid 9238] <... mmap resumed>) = 0x7f670b400000 [pid 9234] <... ioctl resumed>) = 0 [pid 9233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9236] <... munmap resumed>) = 0 [pid 9233] <... openat resumed>) = 3 [pid 9236] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9234] close(3 [pid 9233] chdir("./file0" [pid 9236] <... openat resumed>) = 4 [pid 9236] ioctl(4, LOOP_SET_FD, 3 [pid 9234] <... close resumed>) = 0 [pid 9234] close(4) = 0 [pid 9234] mkdir("./file0", 0777) = 0 [pid 9234] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9233] <... chdir resumed>) = 0 [pid 9233] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9236] <... ioctl resumed>) = 0 [pid 9233] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9238] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9236] close(3 [pid 9233] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9231] <... futex resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9236] <... close resumed>) = 0 [pid 9236] close(4 [pid 9231] exit_group(0 [pid 9236] <... close resumed>) = 0 [pid 9233] <... futex resumed>) = ? [pid 9231] <... exit_group resumed>) = ? [pid 9236] mkdir("./file0", 0777 [pid 9233] +++ exited with 0 +++ [pid 5063] close(3) = 0 [pid 9236] <... mkdir resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9236] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9231] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9231, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- ./strace-static-x86_64: Process 9239 attached [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9239 [pid 9239] set_robust_list(0x5555569076a0, 24) = 0 [ 334.858056][ T9234] loop3: detected capacity change from 0 to 4096 [ 334.881064][ T9236] loop2: detected capacity change from 0 to 4096 [pid 9239] chdir("./419") = 0 [pid 9239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9239] setpgid(0, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9239] <... setpgid resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9239] <... openat resumed>) = 3 [pid 5066] getdents64(3, [pid 9239] write(3, "1000", 4 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9239] <... write resumed>) = 4 [pid 5066] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9239] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9239] <... close resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./413/binderfs", [pid 9239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./413/binderfs" [pid 9239] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9239] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] <... unlink resumed>) = 0 [pid 9234] <... mount resumed>) = 0 [pid 9239] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9234] <... openat resumed>) = 3 [pid 9239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9234] chdir("./file0" [pid 9239] <... mmap resumed>) = 0x7f6713892000 [pid 9234] <... chdir resumed>) = 0 [pid 9239] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9234] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9239] <... mprotect resumed>) = 0 [pid 9234] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9239] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9234] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9239] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9234] <... futex resumed>) = 1 [pid 9232] <... futex resumed>) = 0 [pid 9239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9234] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9232] exit_group(0 [pid 9234] <... futex resumed>) = ? [pid 9232] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 9240 attached [pid 9239] <... clone3 resumed> => {parent_tid=[9240]}, 88) = 9240 [pid 9236] <... mount resumed>) = 0 [pid 9234] +++ exited with 0 +++ [pid 9232] +++ exited with 0 +++ [pid 9240] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9239] rt_sigprocmask(SIG_SETMASK, [], [pid 9240] <... rseq resumed>) = 0 [pid 9239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9240] set_robust_list(0x7f67138b29a0, 24 [pid 9239] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9240] <... set_robust_list resumed>) = 0 [pid 9239] <... futex resumed>) = 0 [pid 9240] rt_sigprocmask(SIG_SETMASK, [], [pid 9239] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9238] <... write resumed>) = 2097152 [pid 9236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9232, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 9240] memfd_create("syzkaller", 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 9240] <... memfd_create resumed>) = 3 [pid 5065] <... restart_syscall resumed>) = 0 [pid 9240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9236] <... openat resumed>) = 3 [pid 9240] <... mmap resumed>) = 0x7f670b400000 [pid 9236] chdir("./file0" [pid 5066] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9238] munmap(0x7f670b400000, 138412032 [pid 9236] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9238] <... munmap resumed>) = 0 [pid 9236] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] newfstatat(AT_FDCWD, "./413/file0", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9236] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5066] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(3, "", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9236] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9236] <... futex resumed>) = 1 [pid 9235] <... futex resumed>) = 0 [pid 9236] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9235] exit_group(0 [pid 5066] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9236] <... futex resumed>) = ? [pid 9235] <... exit_group resumed>) = ? [pid 5065] newfstatat(AT_FDCWD, "./414/binderfs", [pid 9236] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] unlink("./414/binderfs" [pid 5066] getdents64(4, [pid 5065] <... unlink resumed>) = 0 [pid 9235] +++ exited with 0 +++ [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9238] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] getdents64(4, [pid 5065] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9238] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 9238] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... close resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9235, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 9238] <... ioctl resumed>) = 0 [pid 5066] rmdir("./413/file0" [pid 5065] <... umount2 resumed>) = 0 [pid 5064] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 5066] getdents64(3, [pid 5065] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] close(3 [pid 5065] newfstatat(AT_FDCWD, "./414/file0", [pid 5064] newfstatat(AT_FDCWD, "./416/binderfs", [pid 5066] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] rmdir("./413" [pid 5065] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] unlink("./416/binderfs" [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] mkdir("./414", 0777 [pid 5065] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... unlink resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5064] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... openat resumed>) = 3 [pid 5065] getdents64(4, [pid 5064] <... umount2 resumed>) = 0 [pid 9238] close(3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9238] <... close resumed>) = 0 [pid 5065] close(4 [pid 5064] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9238] close(4 [pid 5065] <... close resumed>) = 0 [pid 9238] <... close resumed>) = 0 [pid 5065] rmdir("./414/file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9238] mkdir("./file0", 0777 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./416/file0", [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9238] <... mkdir resumed>) = 0 [pid 5065] close(3 [pid 9240] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./414") = 0 [pid 9238] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] mkdir("./415", 0777) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 335.018463][ T9238] loop0: detected capacity change from 0 to 4096 [pid 5064] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5064] <... openat resumed>) = 4 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./416/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./416") = 0 [pid 5064] mkdir("./417", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9238] <... mount resumed>) = 0 [pid 9238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9238] chdir("./file0") = 0 [pid 9238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9238] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9237] <... futex resumed>) = 0 [pid 9238] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9237] exit_group(0) = ? [pid 9238] <... futex resumed>) = ? [pid 9238] +++ exited with 0 +++ [pid 9237] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9237, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5062] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9240] <... write resumed>) = 2097152 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./411/binderfs") = 0 [pid 5062] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 9240] munmap(0x7f670b400000, 138412032 [pid 5065] <... ioctl resumed>) = 0 [pid 5062] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./411/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] close(3 [pid 5062] <... openat resumed>) = 4 [pid 5066] <... close resumed>) = 0 [pid 5065] close(3 [pid 5062] newfstatat(4, "", [pid 5065] <... close resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] getdents64(4, ./strace-static-x86_64: Process 9241 attached [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9241] set_robust_list(0x5555569076a0, 24./strace-static-x86_64: Process 9242 attached ) = 0 [pid 5062] getdents64(4, [pid 9242] set_robust_list(0x5555569076a0, 24 [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9242] <... set_robust_list resumed>) = 0 [pid 5062] close(4 [pid 9242] chdir("./414" [pid 9241] chdir("./415" [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9241 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./411/file0") = 0 [pid 9242] <... chdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9242 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 9242] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9241] <... chdir resumed>) = 0 [pid 5062] close(3 [pid 9241] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9242] <... prctl resumed>) = 0 [pid 9242] setpgid(0, 0 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./411") = 0 [pid 9242] <... setpgid resumed>) = 0 [pid 9242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9241] <... prctl resumed>) = 0 [pid 9240] <... munmap resumed>) = 0 [pid 5062] mkdir("./412", 0777 [pid 9242] write(3, "1000", 4 [pid 9241] setpgid(0, 0 [pid 9240] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5062] <... mkdir resumed>) = 0 [pid 9242] <... write resumed>) = 4 [pid 9241] <... setpgid resumed>) = 0 [pid 9240] <... openat resumed>) = 4 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9242] close(3 [pid 9241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9240] ioctl(4, LOOP_SET_FD, 3 [pid 9242] <... close resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 9242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9242] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... ioctl resumed>) = 0 [pid 9242] <... futex resumed>) = 0 [pid 9241] <... openat resumed>) = 3 [pid 9240] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5062] close(3 [pid 9242] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9241] write(3, "1000", 4) = 4 [pid 9241] close(3 [pid 9240] close(3) = 0 [pid 9241] <... close resumed>) = 0 [pid 9240] close(4 [pid 5064] close(3 [pid 9242] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9240] <... close resumed>) = 0 [pid 9242] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9240] mkdir("./file0", 0777 [pid 9241] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... close resumed>) = 0 [pid 9242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9241] <... symlink resumed>) = 0 [pid 9240] <... mkdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9242] <... mmap resumed>) = 0x7f6713892000 [pid 9242] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9240] mount("/dev/loop1", "./file0", "ntfs3", 0, ""./strace-static-x86_64: Process 9243 attached [pid 9242] <... mprotect resumed>) = 0 [pid 9241] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9243] set_robust_list(0x5555569076a0, 24 [pid 9241] <... futex resumed>) = 0 [pid 9242] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9241] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9243] <... set_robust_list resumed>) = 0 [pid 9241] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9243] chdir("./417" [pid 9242] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9243 [pid 9243] <... chdir resumed>) = 0 [pid 9242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9241] <... mmap resumed>) = 0x7f6713892000 ./strace-static-x86_64: Process 9244 attached [ 335.219382][ T9240] loop1: detected capacity change from 0 to 4096 [pid 9243] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9241] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9244] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9243] <... prctl resumed>) = 0 [pid 9242] <... clone3 resumed> => {parent_tid=[9244]}, 88) = 9244 [pid 9241] <... mprotect resumed>) = 0 [pid 9242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9241] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9242] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9244] <... rseq resumed>) = 0 [pid 9243] setpgid(0, 0 [pid 9242] <... futex resumed>) = 0 [pid 9241] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9244] set_robust_list(0x7f67138b29a0, 24 [pid 9242] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9244] <... set_robust_list resumed>) = 0 [pid 9243] <... setpgid resumed>) = 0 [pid 9241] <... clone3 resumed> => {parent_tid=[9245]}, 88) = 9245 ./strace-static-x86_64: Process 9245 attached [pid 9244] rt_sigprocmask(SIG_SETMASK, [], [pid 9243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9241] rt_sigprocmask(SIG_SETMASK, [], [pid 9245] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9243] <... openat resumed>) = 3 [pid 9241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9245] <... rseq resumed>) = 0 [pid 9245] set_robust_list(0x7f67138b29a0, 24 [pid 9241] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9245] <... set_robust_list resumed>) = 0 [pid 9245] rt_sigprocmask(SIG_SETMASK, [], [pid 9244] memfd_create("syzkaller", 0 [pid 9243] write(3, "1000", 4 [pid 9241] <... futex resumed>) = 0 [pid 9240] <... mount resumed>) = 0 [pid 9245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9243] <... write resumed>) = 4 [pid 9241] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9245] memfd_create("syzkaller", 0 [pid 9244] <... memfd_create resumed>) = 3 [pid 9243] close(3 [pid 9240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5062] <... close resumed>) = 0 [pid 9244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9243] <... close resumed>) = 0 [pid 9244] <... mmap resumed>) = 0x7f670b400000 [pid 9243] symlink("/dev/binderfs", "./binderfs" [pid 9240] <... openat resumed>) = 3 [pid 9240] chdir("./file0") = 0 [pid 9243] <... symlink resumed>) = 0 [pid 9240] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9243] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9245] <... memfd_create resumed>) = 3 [pid 9243] <... futex resumed>) = 0 [pid 9240] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9243] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9240] <... futex resumed>) = 1 [pid 9239] <... futex resumed>) = 0 [pid 9245] <... mmap resumed>) = 0x7f670b400000 [pid 9240] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9239] exit_group(0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9240] <... futex resumed>) = ? [pid 9243] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9239] <... exit_group resumed>) = ? [pid 9240] +++ exited with 0 +++ [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9246 ./strace-static-x86_64: Process 9246 attached [pid 9246] set_robust_list(0x5555569076a0, 24) = 0 [pid 9239] +++ exited with 0 +++ [pid 9243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9239, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- [pid 9243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9246] chdir("./412") = 0 [pid 9243] <... mmap resumed>) = 0x7f6713892000 [pid 9246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9243] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9246] setpgid(0, 0 [pid 9243] <... mprotect resumed>) = 0 [pid 5063] umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9246] <... setpgid resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9243] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9246] <... openat resumed>) = 3 [pid 9243] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... openat resumed>) = 3 [pid 9243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] newfstatat(3, "", ./strace-static-x86_64: Process 9247 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9247] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9246] write(3, "1000", 4 [pid 9243] <... clone3 resumed> => {parent_tid=[9247]}, 88) = 9247 [pid 5063] getdents64(3, [pid 9247] <... rseq resumed>) = 0 [pid 9246] <... write resumed>) = 4 [pid 9247] set_robust_list(0x7f67138b29a0, 24 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9247] <... set_robust_list resumed>) = 0 [pid 9243] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9247] rt_sigprocmask(SIG_SETMASK, [], [pid 9243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9243] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] newfstatat(AT_FDCWD, "./419/binderfs", [pid 9243] <... futex resumed>) = 0 [pid 9246] close(3) = 0 [pid 9246] symlink("/dev/binderfs", "./binderfs" [pid 9247] memfd_create("syzkaller", 0 [pid 9246] <... symlink resumed>) = 0 [pid 9243] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9246] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] unlink("./419/binderfs" [pid 9246] <... futex resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 5063] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9246] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9246] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 9246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9247] <... memfd_create resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 9248 attached [pid 9247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9246] <... clone3 resumed> => {parent_tid=[9248]}, 88) = 9248 [pid 5063] newfstatat(AT_FDCWD, "./419/file0", [pid 9246] rt_sigprocmask(SIG_SETMASK, [], [pid 9248] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9247] <... mmap resumed>) = 0x7f670b400000 [pid 9246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9244] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9248] <... rseq resumed>) = 0 [pid 9246] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9245] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9246] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9246] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9248] set_robust_list(0x7f67138b29a0, 24 [pid 5063] openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9248] <... set_robust_list resumed>) = 0 [pid 9248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] <... openat resumed>) = 4 [pid 9248] memfd_create("syzkaller", 0 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4 [pid 9248] <... memfd_create resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 9248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] rmdir("./419/file0") = 0 [pid 9248] <... mmap resumed>) = 0x7f670b400000 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./419") = 0 [pid 5063] mkdir("./420", 0777) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9247] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9245] <... write resumed>) = 2097152 [pid 9244] <... write resumed>) = 2097152 [pid 5063] <... openat resumed>) = 3 [pid 9245] munmap(0x7f670b400000, 138412032 [pid 9244] munmap(0x7f670b400000, 138412032 [pid 9245] <... munmap resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9245] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9248] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9247] <... write resumed>) = 2097152 [pid 9244] <... munmap resumed>) = 0 [pid 9245] <... openat resumed>) = 4 [pid 9247] munmap(0x7f670b400000, 138412032 [pid 9244] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9245] ioctl(4, LOOP_SET_FD, 3 [pid 9244] ioctl(4, LOOP_SET_FD, 3 [pid 9247] <... munmap resumed>) = 0 [pid 9244] <... ioctl resumed>) = 0 [pid 9248] <... write resumed>) = 2097152 [pid 9247] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9245] <... ioctl resumed>) = 0 [pid 9248] munmap(0x7f670b400000, 138412032 [pid 9247] <... openat resumed>) = 4 [pid 9244] close(3 [pid 9247] ioctl(4, LOOP_SET_FD, 3 [pid 9245] close(3 [pid 9248] <... munmap resumed>) = 0 [pid 9244] <... close resumed>) = 0 [pid 9244] close(4 [pid 9248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9244] <... close resumed>) = 0 [pid 9244] mkdir("./file0", 0777 [pid 9248] ioctl(4, LOOP_SET_FD, 3 [pid 9244] <... mkdir resumed>) = 0 [pid 9244] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9245] <... close resumed>) = 0 [pid 9245] close(4 [pid 9248] <... ioctl resumed>) = 0 [pid 9247] <... ioctl resumed>) = 0 [pid 9245] <... close resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9248] close(3 [pid 9247] close(3 [pid 9245] mkdir("./file0", 0777 [pid 9248] <... close resumed>) = 0 [pid 9247] <... close resumed>) = 0 [pid 5063] close(3 [pid 9248] close(4 [pid 9247] close(4 [pid 5063] <... close resumed>) = 0 [pid 9248] <... close resumed>) = 0 [pid 9245] <... mkdir resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9248] mkdir("./file0", 0777 [pid 9247] <... close resumed>) = 0 [pid 9245] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9248] <... mkdir resumed>) = 0 [pid 9247] mkdir("./file0", 0777 [pid 9248] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9247] <... mkdir resumed>) = 0 [ 335.493168][ T9244] loop4: detected capacity change from 0 to 4096 [ 335.500563][ T9245] loop3: detected capacity change from 0 to 4096 [ 335.515060][ T9247] loop2: detected capacity change from 0 to 4096 [ 335.523353][ T9248] loop0: detected capacity change from 0 to 4096 [pid 9247] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9249 ./strace-static-x86_64: Process 9249 attached [pid 9249] set_robust_list(0x5555569076a0, 24) = 0 [pid 9249] chdir("./420") = 0 [pid 9249] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9245] <... mount resumed>) = 0 [pid 9249] <... prctl resumed>) = 0 [pid 9249] setpgid(0, 0) = 0 [pid 9245] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9245] chdir("./file0") = 0 [pid 9245] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9249] write(3, "1000", 4 [pid 9245] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9249] <... write resumed>) = 4 [pid 9245] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9249] close(3 [pid 9245] <... futex resumed>) = 1 [pid 9241] <... futex resumed>) = 0 [pid 9249] <... close resumed>) = 0 [pid 9245] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9241] exit_group(0 [pid 9249] symlink("/dev/binderfs", "./binderfs" [pid 9245] <... futex resumed>) = ? [pid 9241] <... exit_group resumed>) = ? [pid 9249] <... symlink resumed>) = 0 [pid 9245] +++ exited with 0 +++ [pid 9241] +++ exited with 0 +++ [pid 9249] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9244] <... mount resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9241, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 9249] <... futex resumed>) = 0 [pid 9249] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9244] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 9249] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5065] <... restart_syscall resumed>) = 0 [pid 9249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9244] <... openat resumed>) = 3 [pid 5065] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9249] <... mmap resumed>) = 0x7f6713892000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9249] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9249] <... mprotect resumed>) = 0 [pid 9247] <... mount resumed>) = 0 [pid 9244] chdir("./file0" [pid 9249] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9247] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9244] <... chdir resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 9249] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9247] <... openat resumed>) = 3 [pid 9244] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] newfstatat(3, "", [pid 9249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9247] chdir("./file0" [pid 9244] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 9250 attached [pid 9247] <... chdir resumed>) = 0 [pid 9244] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] getdents64(3, [pid 9250] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9249] <... clone3 resumed> => {parent_tid=[9250]}, 88) = 9250 [pid 9244] <... futex resumed>) = 1 [pid 9242] <... futex resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9250] <... rseq resumed>) = 0 [pid 9249] rt_sigprocmask(SIG_SETMASK, [], [pid 9248] <... mount resumed>) = 0 [pid 9247] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9244] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9242] exit_group(0 [pid 5065] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9250] set_robust_list(0x7f67138b29a0, 24 [pid 9249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9247] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9244] <... futex resumed>) = ? [pid 9242] <... exit_group resumed>) = ? [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9250] <... set_robust_list resumed>) = 0 [pid 9249] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9248] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9247] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9244] +++ exited with 0 +++ [pid 5065] newfstatat(AT_FDCWD, "./415/binderfs", [pid 9250] rt_sigprocmask(SIG_SETMASK, [], [pid 9249] <... futex resumed>) = 0 [pid 9248] <... openat resumed>) = 3 [pid 9247] <... futex resumed>) = 1 [pid 9243] <... futex resumed>) = 0 [pid 9242] +++ exited with 0 +++ [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9243] exit_group(0) = ? [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9242, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5065] unlink("./415/binderfs" [pid 9250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9249] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9248] chdir("./file0" [pid 5066] <... restart_syscall resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 9248] <... chdir resumed>) = 0 [pid 9250] memfd_create("syzkaller", 0 [pid 5065] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9248] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 9248] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] newfstatat(3, "", [pid 9250] <... memfd_create resumed>) = 3 [pid 9248] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9248] <... futex resumed>) = 1 [pid 9246] <... futex resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] <... umount2 resumed>) = 0 [pid 9250] <... mmap resumed>) = 0x7f670b400000 [pid 9248] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9246] exit_group(0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9246] <... exit_group resumed>) = ? [pid 5066] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9248] <... futex resumed>) = ? [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./414/binderfs") = 0 [pid 5066] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./415/file0", [pid 9248] +++ exited with 0 +++ [pid 9246] +++ exited with 0 +++ [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9246, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5065] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9247] +++ exited with 0 +++ [pid 9243] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9243, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(4, "", [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 5062] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... restart_syscall resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, [pid 5062] newfstatat(3, "", [pid 5066] newfstatat(AT_FDCWD, "./414/file0", [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(4, [pid 5066] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] close(4 [pid 5064] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 5062] getdents64(3, [pid 5066] newfstatat(4, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] rmdir("./415/file0" [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 5065] getdents64(3, [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(4, [pid 5065] close(3 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] newfstatat(AT_FDCWD, "./412/binderfs", [pid 5066] close(4 [pid 5065] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] rmdir("./415" [pid 5064] newfstatat(3, "", [pid 5062] unlink("./412/binderfs" [pid 5066] rmdir("./414/file0" [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] mkdir("./416", 0777 [pid 5062] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(3, [pid 5065] <... mkdir resumed>) = 0 [pid 5064] getdents64(3, [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5062] <... umount2 resumed>) = 0 [pid 5066] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] rmdir("./414" [pid 5062] newfstatat(AT_FDCWD, "./412/file0", [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] mkdir("./415", 0777 [pid 5062] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... mkdir resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./412/file0") = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5062] getdents64(3, [pid 5066] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] newfstatat(AT_FDCWD, "./417/binderfs", [pid 5062] close(3 [pid 9250] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... close resumed>) = 0 [pid 5064] unlink("./417/binderfs") = 0 [pid 5064] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5064] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./417/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] rmdir("./412") = 0 [pid 5062] mkdir("./413", 0777 [pid 5064] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... mkdir resumed>) = 0 [pid 5066] close(3 [pid 5064] <... openat resumed>) = 4 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... close resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 5062] <... openat resumed>) = 3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5064] getdents64(4, [pid 5062] <... ioctl resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 5064] close(4 [pid 5062] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9251 [pid 5064] rmdir("./417/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9252 [pid 5064] close(3./strace-static-x86_64: Process 9251 attached [pid 9251] set_robust_list(0x5555569076a0, 24) = 0 [pid 9251] chdir("./415") = 0 [pid 9251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9251] setpgid(0, 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./417") = 0 [pid 9251] <... setpgid resumed>) = 0 [pid 5064] mkdir("./418", 0777) = 0 ./strace-static-x86_64: Process 9252 attached [pid 9251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9252] set_robust_list(0x5555569076a0, 24 [pid 9251] <... openat resumed>) = 3 [pid 9252] <... set_robust_list resumed>) = 0 [pid 9252] chdir("./413") = 0 [pid 9252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9252] setpgid(0, 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 9251] write(3, "1000", 4) = 4 [pid 9251] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9251] <... close resumed>) = 0 [pid 9251] symlink("/dev/binderfs", "./binderfs" [pid 9252] <... setpgid resumed>) = 0 [pid 9251] <... symlink resumed>) = 0 [pid 9251] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9251] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9251] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9251] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9253]}, 88) = 9253 ./strace-static-x86_64: Process 9253 attached [pid 9252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9251] rt_sigprocmask(SIG_SETMASK, [], [pid 9253] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9253] <... rseq resumed>) = 0 [pid 9252] <... openat resumed>) = 3 [pid 9251] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9253] set_robust_list(0x7f67138b29a0, 24 [pid 9251] <... futex resumed>) = 0 [pid 9253] <... set_robust_list resumed>) = 0 [pid 9251] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9253] rt_sigprocmask(SIG_SETMASK, [], [pid 9252] write(3, "1000", 4 [pid 9253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9253] memfd_create("syzkaller", 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9253] <... memfd_create resumed>) = 3 [pid 9252] <... write resumed>) = 4 [pid 9253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9252] close(3 [pid 9253] <... mmap resumed>) = 0x7f670b400000 [pid 9250] <... write resumed>) = 2097152 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9254 [pid 9252] <... close resumed>) = 0 ./strace-static-x86_64: Process 9254 attached [pid 9252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9254] set_robust_list(0x5555569076a0, 24) = 0 [pid 9252] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9250] munmap(0x7f670b400000, 138412032 [pid 9254] chdir("./416" [pid 9252] <... futex resumed>) = 0 [pid 9254] <... chdir resumed>) = 0 [pid 9252] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9250] <... munmap resumed>) = 0 [pid 9252] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9254] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9253] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9254] <... prctl resumed>) = 0 [pid 9252] <... mmap resumed>) = 0x7f6713892000 [pid 9254] setpgid(0, 0) = 0 [pid 9252] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9252] <... mprotect resumed>) = 0 [pid 9250] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9254] <... openat resumed>) = 3 [pid 9250] <... openat resumed>) = 4 [pid 9252] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9250] ioctl(4, LOOP_SET_FD, 3 [pid 9254] write(3, "1000", 4 [pid 9252] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9254] <... write resumed>) = 4 [pid 9252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9255 attached [pid 9254] close(3 [pid 5064] <... ioctl resumed>) = 0 [pid 9255] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9254] <... close resumed>) = 0 [pid 9252] <... clone3 resumed> => {parent_tid=[9255]}, 88) = 9255 [pid 9255] <... rseq resumed>) = 0 [pid 9254] symlink("/dev/binderfs", "./binderfs" [pid 9252] rt_sigprocmask(SIG_SETMASK, [], [pid 9255] set_robust_list(0x7f67138b29a0, 24 [pid 9254] <... symlink resumed>) = 0 [pid 9252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9252] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9254] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9255] <... set_robust_list resumed>) = 0 [pid 9254] <... futex resumed>) = 0 [pid 9252] <... futex resumed>) = 0 [pid 9255] rt_sigprocmask(SIG_SETMASK, [], [pid 9254] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9252] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9254] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9255] memfd_create("syzkaller", 0 [pid 9254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9255] <... memfd_create resumed>) = 3 [pid 9254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] close(3 [pid 9255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... close resumed>) = 0 [pid 9255] <... mmap resumed>) = 0x7f670b400000 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9254] <... mmap resumed>) = 0x7f6713892000 [pid 9254] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9250] <... ioctl resumed>) = 0 [pid 9250] close(3 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9256 [pid 9250] <... close resumed>) = 0 [pid 9250] close(4 [pid 9254] <... mprotect resumed>) = 0 [pid 9250] <... close resumed>) = 0 [pid 9250] mkdir("./file0", 0777) = 0 [pid 9250] mount("/dev/loop1", "./file0", "ntfs3", 0, ""./strace-static-x86_64: Process 9256 attached [pid 9254] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9256] set_robust_list(0x5555569076a0, 24 [pid 9254] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9256] <... set_robust_list resumed>) = 0 [ 335.881355][ T9250] loop1: detected capacity change from 0 to 4096 [pid 9254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9256] chdir("./418"./strace-static-x86_64: Process 9257 attached [pid 9254] <... clone3 resumed> => {parent_tid=[9257]}, 88) = 9257 [pid 9257] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9256] <... chdir resumed>) = 0 [pid 9254] rt_sigprocmask(SIG_SETMASK, [], [pid 9257] <... rseq resumed>) = 0 [pid 9254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9257] set_robust_list(0x7f67138b29a0, 24 [pid 9256] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9254] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9257] <... set_robust_list resumed>) = 0 [pid 9256] <... prctl resumed>) = 0 [pid 9257] rt_sigprocmask(SIG_SETMASK, [], [pid 9256] setpgid(0, 0 [pid 9254] <... futex resumed>) = 0 [pid 9257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9256] <... setpgid resumed>) = 0 [pid 9254] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9257] memfd_create("syzkaller", 0 [pid 9256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9256] write(3, "1000", 4) = 4 [pid 9256] close(3) = 0 [pid 9256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9250] <... mount resumed>) = 0 [pid 9250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9250] chdir("./file0") = 0 [pid 9250] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9250] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9249] <... futex resumed>) = 0 [pid 9250] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9249] exit_group(0 [pid 9250] <... futex resumed>) = ? [pid 9249] <... exit_group resumed>) = ? [pid 9257] <... memfd_create resumed>) = 3 [pid 9256] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9250] +++ exited with 0 +++ [pid 9249] +++ exited with 0 +++ [pid 9257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9256] <... futex resumed>) = 0 [pid 9257] <... mmap resumed>) = 0x7f670b400000 [pid 9256] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9249, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 9253] <... write resumed>) = 2097152 [pid 5063] umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 9253] munmap(0x7f670b400000, 138412032 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./420/binderfs") = 0 [pid 9256] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9255] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 9256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5063] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9256] <... mmap resumed>) = 0x7f6713892000 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9256] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] newfstatat(AT_FDCWD, "./420/file0", [pid 9256] <... mprotect resumed>) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9256] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9253] <... munmap resumed>) = 0 [pid 5063] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9256] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9253] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] newfstatat(4, "", [pid 9253] <... openat resumed>) = 4 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9253] ioctl(4, LOOP_SET_FD, 3 [pid 9256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 9258 attached [pid 9256] <... clone3 resumed> => {parent_tid=[9258]}, 88) = 9258 [pid 9256] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] getdents64(4, [pid 9256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9256] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9258] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9257] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9256] <... futex resumed>) = 0 [pid 9253] <... ioctl resumed>) = 0 [pid 5063] close(4 [pid 9258] <... rseq resumed>) = 0 [pid 9256] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9253] close(3 [pid 5063] <... close resumed>) = 0 [pid 9258] set_robust_list(0x7f67138b29a0, 24 [pid 9253] <... close resumed>) = 0 [pid 5063] rmdir("./420/file0" [pid 9258] <... set_robust_list resumed>) = 0 [pid 9253] close(4 [pid 5063] <... rmdir resumed>) = 0 [pid 9253] <... close resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./420") = 0 [pid 5063] mkdir("./421", 0777 [pid 9258] rt_sigprocmask(SIG_SETMASK, [], [pid 9253] mkdir("./file0", 0777 [pid 9258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9257] <... write resumed>) = 2097152 [pid 9253] <... mkdir resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 9258] memfd_create("syzkaller", 0 [pid 9253] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 9258] <... memfd_create resumed>) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [ 336.021875][ T9253] loop4: detected capacity change from 0 to 4096 [pid 9257] munmap(0x7f670b400000, 138412032 [pid 9255] <... write resumed>) = 2097152 [pid 9255] munmap(0x7f670b400000, 138412032 [pid 9257] <... munmap resumed>) = 0 [pid 9257] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9257] ioctl(4, LOOP_SET_FD, 3 [pid 9255] <... munmap resumed>) = 0 [pid 9257] <... ioctl resumed>) = 0 [pid 9255] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... ioctl resumed>) = 0 [pid 9255] <... openat resumed>) = 4 [pid 9255] ioctl(4, LOOP_SET_FD, 3 [pid 9257] close(3) = 0 [pid 9257] close(4) = 0 [pid 9257] mkdir("./file0", 0777) = 0 [pid 9257] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 5063] close(3) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9258] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9255] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 9259 attached [pid 9255] close(3) = 0 [pid 9255] close(4 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9259 [pid 9259] set_robust_list(0x5555569076a0, 24 [pid 9255] <... close resumed>) = 0 [pid 9259] <... set_robust_list resumed>) = 0 [pid 9255] mkdir("./file0", 0777 [pid 9259] chdir("./421") = 0 [pid 9259] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9255] <... mkdir resumed>) = 0 [pid 9259] <... prctl resumed>) = 0 [pid 9259] setpgid(0, 0 [pid 9255] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9259] <... setpgid resumed>) = 0 [ 336.093496][ T9257] loop3: detected capacity change from 0 to 4096 [ 336.124271][ T9255] loop0: detected capacity change from 0 to 4096 [pid 9259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9259] write(3, "1000", 4) = 4 [pid 9253] <... mount resumed>) = 0 [pid 9259] close(3 [pid 9253] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9259] <... close resumed>) = 0 [pid 9253] <... openat resumed>) = 3 [pid 9259] symlink("/dev/binderfs", "./binderfs" [pid 9253] chdir("./file0" [pid 9259] <... symlink resumed>) = 0 [pid 9253] <... chdir resumed>) = 0 [pid 9259] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9253] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9259] <... futex resumed>) = 0 [pid 9259] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9253] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9259] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9253] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9253] <... futex resumed>) = 1 [pid 9251] <... futex resumed>) = 0 [pid 9259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9257] <... mount resumed>) = 0 [pid 9253] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9251] exit_group(0 [pid 9259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9253] <... futex resumed>) = ? [pid 9251] <... exit_group resumed>) = ? [pid 9259] <... mmap resumed>) = 0x7f6713892000 [pid 9257] <... openat resumed>) = 3 [pid 9257] chdir("./file0") = 0 [pid 9257] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9259] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9257] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9253] +++ exited with 0 +++ [pid 9251] +++ exited with 0 +++ [pid 9259] <... mprotect resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9251, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5066] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9259] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9257] <... futex resumed>) = 1 [pid 9254] <... futex resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9257] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9254] exit_group(0 [pid 5066] <... openat resumed>) = 3 [pid 9257] <... futex resumed>) = ? [pid 9254] <... exit_group resumed>) = ? [pid 5066] newfstatat(3, "", [pid 9257] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./415/binderfs", [pid 9254] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./415/binderfs" [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9254, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 9259] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9258] <... write resumed>) = 2097152 [pid 5066] <... unlink resumed>) = 0 [pid 9259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9259] <... clone3 resumed> => {parent_tid=[9260]}, 88) = 9260 [pid 9258] munmap(0x7f670b400000, 138412032 [pid 9259] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... umount2 resumed>) = 0 [pid 5065] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 9260 attached [pid 5065] getdents64(3, [pid 9259] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9259] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9260] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5066] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./416/binderfs", [pid 9260] <... rseq resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9260] set_robust_list(0x7f67138b29a0, 24 [pid 5066] newfstatat(AT_FDCWD, "./415/file0", [pid 5065] unlink("./416/binderfs" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5066] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9260] <... set_robust_list resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9260] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... openat resumed>) = 4 [pid 9260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] newfstatat(4, "", [pid 9260] memfd_create("syzkaller", 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(4, [pid 5065] newfstatat(AT_FDCWD, "./416/file0", [pid 9258] <... munmap resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9260] <... memfd_create resumed>) = 3 [pid 5065] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9258] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9260] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... close resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] rmdir("./415/file0" [pid 5065] <... openat resumed>) = 4 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 9258] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9255] <... mount resumed>) = 0 [pid 5066] close(3 [pid 5065] newfstatat(4, "", [pid 5066] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] rmdir("./415" [pid 5065] getdents64(4, [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 9258] ioctl(4, LOOP_SET_FD, 3 [pid 9255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5066] mkdir("./416", 0777 [pid 5065] rmdir("./416/file0" [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 9255] <... openat resumed>) = 3 [pid 9255] chdir("./file0" [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] getdents64(3, [pid 9255] <... chdir resumed>) = 0 [pid 9255] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... openat resumed>) = 3 [pid 9255] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9255] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9252] <... futex resumed>) = 0 [pid 9255] <... futex resumed>) = 1 [pid 9252] exit_group(0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] close(3 [pid 9258] <... ioctl resumed>) = 0 [pid 9252] <... exit_group resumed>) = ? [pid 5065] <... close resumed>) = 0 [pid 9258] close(3 [pid 9255] +++ exited with 0 +++ [pid 9252] +++ exited with 0 +++ [pid 5065] rmdir("./416" [pid 9258] <... close resumed>) = 0 [pid 9258] close(4 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9252, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=5 /* 0.05 s */} --- [pid 9258] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9258] mkdir("./file0", 0777 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] mkdir("./417", 0777 [pid 9258] <... mkdir resumed>) = 0 [pid 9258] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9260] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5062] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 336.263652][ T9258] loop2: detected capacity change from 0 to 4096 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./413/binderfs") = 0 [pid 5062] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5062] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./413/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9260] <... write resumed>) = 2097152 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./413/file0" [pid 5066] <... ioctl resumed>) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3 [pid 9260] munmap(0x7f670b400000, 138412032 [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./413") = 0 [pid 5062] mkdir("./414", 0777) = 0 [pid 5066] close(3 [pid 9258] <... mount resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9260] <... munmap resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9258] chdir("./file0") = 0 [pid 9258] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9258] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... close resumed>) = 0 [pid 9258] <... futex resumed>) = 1 [pid 9256] <... futex resumed>) = 0 [pid 9258] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9256] exit_group(0 [pid 9258] <... futex resumed>) = ? [pid 9256] <... exit_group resumed>) = ? [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9260] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9258] +++ exited with 0 +++ [pid 9256] +++ exited with 0 +++ [pid 9260] <... openat resumed>) = 4 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9256, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5064] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9260] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 9261 attached [pid 5065] <... ioctl resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9261 [pid 5065] close(3) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./418/binderfs") = 0 [pid 9261] set_robust_list(0x5555569076a0, 24 [pid 5064] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9262 ./strace-static-x86_64: Process 9262 attached [pid 9262] set_robust_list(0x5555569076a0, 24) = 0 [pid 9262] chdir("./417" [pid 9261] <... set_robust_list resumed>) = 0 [pid 9261] chdir("./416" [pid 5064] <... umount2 resumed>) = 0 [pid 9262] <... chdir resumed>) = 0 [pid 9262] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9261] <... chdir resumed>) = 0 [pid 9261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9261] setpgid(0, 0) = 0 [pid 9261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9262] <... prctl resumed>) = 0 [pid 9261] <... openat resumed>) = 3 [pid 9260] <... ioctl resumed>) = 0 [pid 5064] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9262] setpgid(0, 0) = 0 [pid 9262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9261] write(3, "1000", 4 [pid 9260] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... ioctl resumed>) = 0 [pid 9262] <... openat resumed>) = 3 [pid 9261] <... write resumed>) = 4 [pid 9260] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./418/file0", [pid 9262] write(3, "1000", 4 [pid 9261] close(3 [pid 9260] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 336.415095][ T9260] loop1: detected capacity change from 0 to 4096 [pid 9262] <... write resumed>) = 4 [pid 9261] <... close resumed>) = 0 [pid 9260] <... close resumed>) = 0 [pid 5064] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9262] close(3 [pid 9261] symlink("/dev/binderfs", "./binderfs" [pid 9260] mkdir("./file0", 0777 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9262] <... close resumed>) = 0 [pid 9261] <... symlink resumed>) = 0 [pid 9260] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9262] symlink("/dev/binderfs", "./binderfs" [pid 9261] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9260] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... openat resumed>) = 4 [pid 5062] close(3 [pid 9262] <... symlink resumed>) = 0 [pid 9261] <... futex resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 9262] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9261] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... close resumed>) = 0 [pid 9262] <... futex resumed>) = 0 [pid 9261] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] getdents64(4, [pid 9262] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9262] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] getdents64(4, [pid 9262] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9261] <... mmap resumed>) = 0x7f6713892000 [pid 5064] close(4 [pid 9261] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... close resumed>) = 0 [pid 9262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9261] <... mprotect resumed>) = 0 [pid 5064] rmdir("./418/file0" [pid 9262] <... mmap resumed>) = 0x7f6713892000 [pid 9261] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... rmdir resumed>) = 0 [pid 9262] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9261] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] getdents64(3, [pid 9262] <... mprotect resumed>) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9263 [pid 9262] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9262] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9265 attached ./strace-static-x86_64: Process 9264 attached [pid 9261] <... clone3 resumed> => {parent_tid=[9264]}, 88) = 9264 [pid 5064] close(3./strace-static-x86_64: Process 9263 attached [pid 9265] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9264] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9262] <... clone3 resumed> => {parent_tid=[9265]}, 88) = 9265 [pid 9261] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... close resumed>) = 0 [pid 9265] <... rseq resumed>) = 0 [pid 9264] <... rseq resumed>) = 0 [pid 9263] set_robust_list(0x5555569076a0, 24 [pid 9262] rt_sigprocmask(SIG_SETMASK, [], [pid 9261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] rmdir("./418" [pid 9265] set_robust_list(0x7f67138b29a0, 24 [pid 9264] set_robust_list(0x7f67138b29a0, 24 [pid 9263] <... set_robust_list resumed>) = 0 [pid 9262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9261] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... rmdir resumed>) = 0 [pid 9265] <... set_robust_list resumed>) = 0 [pid 9264] <... set_robust_list resumed>) = 0 [pid 9263] chdir("./414" [pid 9262] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9261] <... futex resumed>) = 0 [pid 9265] rt_sigprocmask(SIG_SETMASK, [], [pid 9264] rt_sigprocmask(SIG_SETMASK, [], [pid 9263] <... chdir resumed>) = 0 [pid 9262] <... futex resumed>) = 0 [pid 9261] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] mkdir("./419", 0777 [pid 9265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9263] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9262] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9260] <... mount resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 9265] memfd_create("syzkaller", 0 [pid 9264] memfd_create("syzkaller", 0 [pid 9265] <... memfd_create resumed>) = 3 [pid 9263] <... prctl resumed>) = 0 [pid 9260] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9263] setpgid(0, 0 [pid 9265] <... mmap resumed>) = 0x7f670b400000 [pid 9263] <... setpgid resumed>) = 0 [pid 9260] <... openat resumed>) = 3 [pid 9263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9260] chdir("./file0" [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9264] <... memfd_create resumed>) = 3 [pid 9263] <... openat resumed>) = 3 [pid 9260] <... chdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 9264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9260] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9263] write(3, "1000", 4 [pid 9264] <... mmap resumed>) = 0x7f670b400000 [pid 9263] <... write resumed>) = 4 [pid 9260] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9263] close(3 [pid 9260] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9263] <... close resumed>) = 0 [pid 9260] <... futex resumed>) = 1 [pid 9263] symlink("/dev/binderfs", "./binderfs" [pid 9260] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9263] <... symlink resumed>) = 0 [pid 9259] <... futex resumed>) = 0 [pid 9263] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9259] exit_group(0 [pid 9263] <... futex resumed>) = 0 [pid 9260] <... futex resumed>) = ? [pid 9259] <... exit_group resumed>) = ? [pid 9263] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9260] +++ exited with 0 +++ [pid 9259] +++ exited with 0 +++ [pid 9263] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9259, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 9263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9263] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9263] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... openat resumed>) = 3 [pid 5063] newfstatat(3, "", [pid 9265] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9263] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 9266 attached [pid 5063] umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9266] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9266] <... rseq resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./421/binderfs", [pid 9263] <... clone3 resumed> => {parent_tid=[9266]}, 88) = 9266 [pid 9263] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] unlink("./421/binderfs" [pid 9266] set_robust_list(0x7f67138b29a0, 24 [pid 9263] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9266] <... set_robust_list resumed>) = 0 [pid 9263] <... futex resumed>) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 9266] rt_sigprocmask(SIG_SETMASK, [], [pid 9263] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 9266] memfd_create("syzkaller", 0 [pid 5063] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9266] <... memfd_create resumed>) = 3 [pid 5063] newfstatat(AT_FDCWD, "./421/file0", [pid 9266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9266] <... mmap resumed>) = 0x7f670b400000 [pid 5063] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9264] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./421/file0") = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 9265] <... write resumed>) = 2097152 [pid 5064] close(3 [pid 5063] getdents64(3, [pid 5064] <... close resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] close(3) = 0 [pid 5063] rmdir("./421" [pid 9265] munmap(0x7f670b400000, 138412032) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5063] mkdir("./422", 0777 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9267 [pid 9266] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 9267 attached [pid 9267] set_robust_list(0x5555569076a0, 24) = 0 [pid 9265] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9267] chdir("./419" [pid 9265] <... openat resumed>) = 4 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9267] <... chdir resumed>) = 0 [pid 9265] ioctl(4, LOOP_SET_FD, 3 [pid 9267] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9264] <... write resumed>) = 2097152 [pid 5063] <... openat resumed>) = 3 [pid 9267] <... prctl resumed>) = 0 [pid 9265] <... ioctl resumed>) = 0 [pid 9264] munmap(0x7f670b400000, 138412032 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9267] setpgid(0, 0 [pid 9264] <... munmap resumed>) = 0 [pid 9267] <... setpgid resumed>) = 0 [pid 9267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9267] write(3, "1000", 4) = 4 [pid 9267] close(3) = 0 [pid 9267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9267] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9267] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9267] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9267] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9265] close(3 [pid 9264] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9267] <... clone3 resumed> => {parent_tid=[9268]}, 88) = 9268 [pid 9264] <... openat resumed>) = 4 ./strace-static-x86_64: Process 9268 attached [pid 9267] rt_sigprocmask(SIG_SETMASK, [], [pid 9265] <... close resumed>) = 0 [pid 9268] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9265] close(4 [pid 9264] ioctl(4, LOOP_SET_FD, 3 [pid 9268] <... rseq resumed>) = 0 [pid 9267] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9265] <... close resumed>) = 0 [pid 9268] set_robust_list(0x7f67138b29a0, 24 [pid 9267] <... futex resumed>) = 0 [pid 9265] mkdir("./file0", 0777 [pid 9267] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9268] <... set_robust_list resumed>) = 0 [pid 9266] <... write resumed>) = 2097152 [pid 9265] <... mkdir resumed>) = 0 [pid 9264] <... ioctl resumed>) = 0 [pid 9268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9268] memfd_create("syzkaller", 0 [pid 9266] munmap(0x7f670b400000, 138412032 [pid 9265] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9264] close(3) = 0 [pid 9268] <... memfd_create resumed>) = 3 [pid 9264] close(4 [pid 9268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9264] <... close resumed>) = 0 [pid 9268] <... mmap resumed>) = 0x7f670b400000 [pid 9264] mkdir("./file0", 0777) = 0 [pid 9266] <... munmap resumed>) = 0 [pid 9264] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 336.679819][ T9265] loop3: detected capacity change from 0 to 4096 [ 336.706000][ T9264] loop4: detected capacity change from 0 to 4096 [pid 9266] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... ioctl resumed>) = 0 [pid 9266] <... ioctl resumed>) = 0 [pid 9266] close(3 [pid 9264] <... mount resumed>) = 0 [pid 9264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5063] close(3 [pid 9268] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9266] <... close resumed>) = 0 [pid 9264] <... openat resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 9264] chdir("./file0" [pid 9266] close(4) = 0 [pid 9266] mkdir("./file0", 0777 [pid 9264] <... chdir resumed>) = 0 [pid 9264] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9266] <... mkdir resumed>) = 0 [pid 9264] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 336.756961][ T9266] loop0: detected capacity change from 0 to 4096 [pid 9264] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9266] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9265] <... mount resumed>) = 0 [pid 9264] <... futex resumed>) = 1 [pid 9261] <... futex resumed>) = 0 ./strace-static-x86_64: Process 9269 attached [pid 9265] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9264] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9261] exit_group(0 [pid 9269] set_robust_list(0x5555569076a0, 24 [pid 9265] <... openat resumed>) = 3 [pid 9264] <... futex resumed>) = ? [pid 9261] <... exit_group resumed>) = ? [pid 9269] <... set_robust_list resumed>) = 0 [pid 9265] chdir("./file0" [pid 9264] +++ exited with 0 +++ [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9269 [pid 9265] <... chdir resumed>) = 0 [pid 9269] chdir("./422" [pid 9265] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9269] <... chdir resumed>) = 0 [pid 9265] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9261] +++ exited with 0 +++ [pid 9269] setpgid(0, 0 [pid 9265] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9261, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- [pid 9269] <... setpgid resumed>) = 0 [pid 9265] <... futex resumed>) = 1 [pid 9262] <... futex resumed>) = 0 [pid 9269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9265] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9262] exit_group(0 [pid 9269] <... openat resumed>) = 3 [pid 9265] <... futex resumed>) = ? [pid 9262] <... exit_group resumed>) = ? [pid 9265] +++ exited with 0 +++ [pid 9269] write(3, "1000", 4 [pid 9262] +++ exited with 0 +++ [pid 5066] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9262, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 9269] <... write resumed>) = 4 [pid 9266] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9269] close(3 [pid 5066] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9269] <... close resumed>) = 0 [pid 9266] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 5065] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9269] symlink("/dev/binderfs", "./binderfs" [pid 5066] newfstatat(3, "", [pid 9269] <... symlink resumed>) = 0 [pid 9266] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9269] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9266] chdir("./file0" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9269] <... futex resumed>) = 0 [pid 5066] getdents64(3, [pid 9269] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9266] <... chdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... openat resumed>) = 3 [pid 9269] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9268] <... write resumed>) = 2097152 [pid 9266] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9266] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 5065] newfstatat(3, "", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] newfstatat(AT_FDCWD, "./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./416/binderfs" [pid 9266] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] getdents64(3, [pid 9266] <... futex resumed>) = 1 [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9266] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9269] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9263] <... futex resumed>) = 0 [pid 5066] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9269] <... mprotect resumed>) = 0 [pid 9263] exit_group(0 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./417/binderfs", [pid 9266] <... futex resumed>) = ? [pid 9263] <... exit_group resumed>) = ? [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9266] +++ exited with 0 +++ [pid 9263] +++ exited with 0 +++ [pid 9269] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9263, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 9269] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5066] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] unlink("./417/binderfs" [pid 9269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9269] <... clone3 resumed> => {parent_tid=[9270]}, 88) = 9270 [pid 5066] newfstatat(AT_FDCWD, "./416/file0", [pid 5062] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9269] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... unlink resumed>) = 0 [pid 9269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9269] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9268] munmap(0x7f670b400000, 138412032 [pid 5065] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 9270 attached [pid 9269] <... futex resumed>) = 0 [pid 5066] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 9270] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9269] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9268] <... munmap resumed>) = 0 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9270] <... rseq resumed>) = 0 [pid 9268] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] getdents64(3, [pid 5065] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9270] set_robust_list(0x7f67138b29a0, 24 [pid 9268] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9270] <... set_robust_list resumed>) = 0 [pid 9268] ioctl(4, LOOP_SET_FD, 3 [pid 5066] newfstatat(4, "", [pid 5065] newfstatat(AT_FDCWD, "./417/file0", [pid 5062] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9270] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] newfstatat(AT_FDCWD, "./414/binderfs", [pid 5066] getdents64(4, [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./414/binderfs" [pid 9270] memfd_create("syzkaller", 0 [pid 5062] <... unlink resumed>) = 0 [pid 5062] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9270] <... memfd_create resumed>) = 3 [pid 9268] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = 0 [pid 9270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9268] close(3 [pid 5066] getdents64(4, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9270] <... mmap resumed>) = 0x7f670b400000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9268] <... close resumed>) = 0 [pid 5066] close(4 [pid 5065] <... openat resumed>) = 4 [pid 5062] newfstatat(AT_FDCWD, "./414/file0", [pid 5066] <... close resumed>) = 0 [pid 9268] close(4 [pid 5066] rmdir("./416/file0" [pid 5065] newfstatat(4, "", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9268] <... close resumed>) = 0 [pid 5062] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9268] mkdir("./file0", 0777) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9268] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(3, [pid 5065] getdents64(4, [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] <... openat resumed>) = 4 [pid 5066] close(3 [pid 5065] getdents64(4, [pid 5062] newfstatat(4, "", [pid 5066] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5066] rmdir("./416" [pid 5065] close(4 [pid 5062] rmdir("./414/file0" [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./417/file0" [pid 5062] <... rmdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 9270] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] mkdir("./417", 0777 [pid 5065] getdents64(3, [pid 5062] close(3 [pid 5066] <... mkdir resumed>) = 0 [pid 5062] <... close resumed>) = 0 [ 336.921834][ T9268] loop2: detected capacity change from 0 to 4096 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] rmdir("./414" [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] close(3) = 0 [pid 5062] <... rmdir resumed>) = 0 [pid 5065] rmdir("./417" [pid 5062] mkdir("./415", 0777 [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] mkdir("./418", 0777 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9270] <... write resumed>) = 2097152 [pid 9268] <... mount resumed>) = 0 [pid 9270] munmap(0x7f670b400000, 138412032 [pid 9268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9270] <... munmap resumed>) = 0 [pid 9268] chdir("./file0" [pid 9270] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9268] <... chdir resumed>) = 0 [pid 9268] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9270] <... openat resumed>) = 4 [pid 9268] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9270] ioctl(4, LOOP_SET_FD, 3 [pid 9268] <... futex resumed>) = 1 [pid 9268] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9270] <... ioctl resumed>) = 0 [pid 9267] <... futex resumed>) = 0 [pid 9267] exit_group(0 [pid 5066] <... ioctl resumed>) = 0 [pid 9267] <... exit_group resumed>) = ? [pid 9268] <... futex resumed>) = ? [pid 9268] +++ exited with 0 +++ [pid 9267] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9267, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5062] <... ioctl resumed>) = 0 [pid 9270] close(3 [pid 5066] close(3 [pid 5065] <... ioctl resumed>) = 0 [pid 9270] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] close(3 [pid 5064] <... openat resumed>) = 3 [pid 5062] <... close resumed>) = 0 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9270] close(4 [pid 5064] getdents64(3, [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9271 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 9271 attached [pid 9270] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] close(3 [pid 5064] umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9271] set_robust_list(0x5555569076a0, 24 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9271] <... set_robust_list resumed>) = 0 [pid 9270] mkdir("./file0", 0777 [pid 5065] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9271] chdir("./415" [pid 5064] unlink("./419/binderfs"./strace-static-x86_64: Process 9272 attached [pid 9271] <... chdir resumed>) = 0 [pid 9272] set_robust_list(0x5555569076a0, 24 [pid 9271] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... unlink resumed>) = 0 [pid 9271] <... prctl resumed>) = 0 [pid 9270] <... mkdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9272 [ 337.040078][ T9270] loop1: detected capacity change from 0 to 4096 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 9273 attached [pid 9272] <... set_robust_list resumed>) = 0 [pid 9271] setpgid(0, 0 [pid 9270] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] <... umount2 resumed>) = 0 [pid 9271] <... setpgid resumed>) = 0 [pid 5064] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./419/file0", [pid 9273] set_robust_list(0x5555569076a0, 24 [pid 9272] chdir("./417" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9273] <... set_robust_list resumed>) = 0 [pid 9272] <... chdir resumed>) = 0 [pid 9271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9273] chdir("./418" [pid 9272] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9271] <... openat resumed>) = 3 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9273 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9273] <... chdir resumed>) = 0 [pid 9272] <... prctl resumed>) = 0 [pid 9271] write(3, "1000", 4 [pid 5064] <... openat resumed>) = 4 [pid 9273] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9272] setpgid(0, 0 [pid 9271] <... write resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 9273] <... prctl resumed>) = 0 [pid 9272] <... setpgid resumed>) = 0 [pid 9271] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9273] setpgid(0, 0 [pid 9272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9271] <... close resumed>) = 0 [pid 5064] getdents64(4, [pid 9273] <... setpgid resumed>) = 0 [pid 9272] <... openat resumed>) = 3 [pid 9271] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9272] write(3, "1000", 4 [pid 9271] <... symlink resumed>) = 0 [pid 5064] getdents64(4, [pid 9272] <... write resumed>) = 4 [pid 9271] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9273] <... openat resumed>) = 3 [pid 9271] <... futex resumed>) = 0 [pid 5064] close(4 [pid 9272] close(3 [pid 9273] write(3, "1000", 4 [pid 9271] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9272] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 9273] <... write resumed>) = 4 [pid 9272] symlink("/dev/binderfs", "./binderfs" [pid 9271] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] rmdir("./419/file0" [pid 9273] close(3 [pid 9272] <... symlink resumed>) = 0 [pid 9271] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] <... rmdir resumed>) = 0 [pid 9273] <... close resumed>) = 0 [pid 9272] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] getdents64(3, [pid 9273] symlink("/dev/binderfs", "./binderfs" [pid 9272] <... futex resumed>) = 0 [pid 9271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9273] <... symlink resumed>) = 0 [pid 9272] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9271] <... mmap resumed>) = 0x7f6713892000 [pid 5064] close(3 [pid 9273] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9272] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9271] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... close resumed>) = 0 [pid 9273] <... futex resumed>) = 0 [pid 5064] rmdir("./419" [pid 9272] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9271] <... mprotect resumed>) = 0 [pid 9272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 9272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] mkdir("./420", 0777 [pid 9272] <... mmap resumed>) = 0x7f6713892000 [pid 9271] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... mkdir resumed>) = 0 [pid 9272] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9271] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9273] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9272] <... mprotect resumed>) = 0 [pid 9271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9273] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9272] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9271] <... clone3 resumed> => {parent_tid=[9274]}, 88) = 9274 [pid 5064] <... openat resumed>) = 3 ./strace-static-x86_64: Process 9274 attached [pid 9273] <... mmap resumed>) = 0x7f6713892000 [pid 9271] rt_sigprocmask(SIG_SETMASK, [], [pid 9270] <... mount resumed>) = 0 [pid 9272] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9274] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9273] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9273] <... mprotect resumed>) = 0 [pid 9271] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9274] <... rseq resumed>) = 0 ./strace-static-x86_64: Process 9275 attached [pid 9274] set_robust_list(0x7f67138b29a0, 24 [pid 9273] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9272] <... clone3 resumed> => {parent_tid=[9275]}, 88) = 9275 [pid 9271] <... futex resumed>) = 0 [pid 9270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9275] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9270] <... openat resumed>) = 3 [pid 9275] <... rseq resumed>) = 0 [pid 9270] chdir("./file0" [pid 9274] <... set_robust_list resumed>) = 0 [pid 9271] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9275] set_robust_list(0x7f67138b29a0, 24 [pid 9274] rt_sigprocmask(SIG_SETMASK, [], [pid 9273] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9272] rt_sigprocmask(SIG_SETMASK, [], [pid 9270] <... chdir resumed>) = 0 [pid 9275] <... set_robust_list resumed>) = 0 [pid 9274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9275] rt_sigprocmask(SIG_SETMASK, [], [pid 9272] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9270] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9274] memfd_create("syzkaller", 0 [pid 9273] <... clone3 resumed> => {parent_tid=[9276]}, 88) = 9276 [pid 9272] <... futex resumed>) = 0 [pid 9274] <... memfd_create resumed>) = 3 [pid 9273] rt_sigprocmask(SIG_SETMASK, [], [pid 9272] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9274] <... mmap resumed>) = 0x7f670b400000 [pid 9273] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9273] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9275] memfd_create("syzkaller", 0 [pid 9270] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9270] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9270] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9269] <... futex resumed>) = 0 ./strace-static-x86_64: Process 9276 attached [pid 9275] <... memfd_create resumed>) = 3 [pid 9269] exit_group(0 [pid 9276] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9276] <... rseq resumed>) = 0 [pid 9270] <... futex resumed>) = ? [pid 9269] <... exit_group resumed>) = ? [pid 9276] set_robust_list(0x7f67138b29a0, 24 [pid 9270] +++ exited with 0 +++ [pid 9276] <... set_robust_list resumed>) = 0 [pid 9269] +++ exited with 0 +++ [pid 9276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9275] <... mmap resumed>) = 0x7f670b400000 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9269, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5063] umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", [pid 9276] memfd_create("syzkaller", 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9274] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9276] <... memfd_create resumed>) = 3 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./422/binderfs", [pid 9276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] unlink("./422/binderfs") = 0 [pid 5063] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9276] <... mmap resumed>) = 0x7f670b400000 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] <... umount2 resumed>) = 0 [pid 5063] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./422/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", [pid 5064] close(3 [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5063] close(4) = 0 [pid 5063] rmdir("./422/file0" [pid 5064] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./422") = 0 ./strace-static-x86_64: Process 9277 attached [pid 9277] set_robust_list(0x5555569076a0, 24 [pid 5063] mkdir("./423", 0777 [pid 9277] <... set_robust_list resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 9277] chdir("./420") = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9277] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9275] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9277 [pid 9277] <... prctl resumed>) = 0 [pid 9277] setpgid(0, 0) = 0 [pid 9277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9277] write(3, "1000", 4) = 4 [pid 9277] close(3 [pid 9276] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9274] <... write resumed>) = 2097152 [pid 9277] <... close resumed>) = 0 [pid 9277] symlink("/dev/binderfs", "./binderfs" [pid 9275] <... write resumed>) = 2097152 [pid 9274] munmap(0x7f670b400000, 138412032 [pid 9277] <... symlink resumed>) = 0 [pid 9277] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9275] munmap(0x7f670b400000, 138412032 [pid 9277] <... futex resumed>) = 0 [pid 9277] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9274] <... munmap resumed>) = 0 [pid 9277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9277] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9274] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9277] <... mprotect resumed>) = 0 [pid 9274] <... openat resumed>) = 4 [pid 9277] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9274] ioctl(4, LOOP_SET_FD, 3 [pid 9277] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9275] <... munmap resumed>) = 0 [pid 9277] <... clone3 resumed> => {parent_tid=[9278]}, 88) = 9278 [pid 9277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 9278 attached [pid 9277] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9277] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9275] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9275] ioctl(4, LOOP_SET_FD, 3 [pid 9278] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9276] <... write resumed>) = 2097152 [pid 9274] <... ioctl resumed>) = 0 [pid 5063] <... ioctl resumed>) = 0 [pid 9278] <... rseq resumed>) = 0 [pid 9276] munmap(0x7f670b400000, 138412032 [pid 9274] close(3 [pid 5063] close(3 [pid 9278] set_robust_list(0x7f67138b29a0, 24 [pid 9274] <... close resumed>) = 0 [pid 9278] <... set_robust_list resumed>) = 0 [pid 9274] close(4 [pid 9278] rt_sigprocmask(SIG_SETMASK, [], [pid 9274] <... close resumed>) = 0 [pid 9278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9274] mkdir("./file0", 0777 [pid 9278] memfd_create("syzkaller", 0) = 3 [pid 9276] <... munmap resumed>) = 0 [pid 9274] <... mkdir resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 9278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9275] <... ioctl resumed>) = 0 [pid 9278] <... mmap resumed>) = 0x7f670b400000 [pid 9274] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9275] close(3) = 0 [pid 9275] close(4) = 0 [pid 9275] mkdir("./file0", 0777 [pid 9276] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9275] <... mkdir resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9279 ./strace-static-x86_64: Process 9279 attached [pid 9276] <... openat resumed>) = 4 [pid 9276] ioctl(4, LOOP_SET_FD, 3 [ 337.331472][ T9274] loop0: detected capacity change from 0 to 4096 [ 337.353144][ T9275] loop4: detected capacity change from 0 to 4096 [pid 9279] set_robust_list(0x5555569076a0, 24) = 0 [pid 9279] chdir("./423" [pid 9275] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9279] <... chdir resumed>) = 0 [pid 9279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9279] setpgid(0, 0) = 0 [pid 9279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9279] write(3, "1000", 4) = 4 [pid 9279] close(3) = 0 [pid 9279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9279] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9276] <... ioctl resumed>) = 0 [pid 9279] <... futex resumed>) = 0 [pid 9276] close(3 [pid 9279] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9276] <... close resumed>) = 0 [pid 9279] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9276] close(4 [pid 9279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9276] <... close resumed>) = 0 [pid 9276] mkdir("./file0", 0777 [pid 9279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9279] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9279] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9276] <... mkdir resumed>) = 0 [pid 9275] <... mount resumed>) = 0 [pid 9279] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9276] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9274] <... mount resumed>) = 0 [pid 9279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9275] <... openat resumed>) = 3 ./strace-static-x86_64: Process 9280 attached [pid 9275] chdir("./file0" [pid 9280] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9279] <... clone3 resumed> => {parent_tid=[9280]}, 88) = 9280 [pid 9275] <... chdir resumed>) = 0 [pid 9280] <... rseq resumed>) = 0 [pid 9279] rt_sigprocmask(SIG_SETMASK, [], [pid 9275] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9280] set_robust_list(0x7f67138b29a0, 24 [pid 9279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9275] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9280] <... set_robust_list resumed>) = 0 [pid 9279] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9280] rt_sigprocmask(SIG_SETMASK, [], [pid 9279] <... futex resumed>) = 0 [pid 9275] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9274] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9280] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 337.392923][ T9276] loop3: detected capacity change from 0 to 4096 [pid 9279] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9275] <... futex resumed>) = 1 [pid 9272] <... futex resumed>) = 0 [pid 9280] memfd_create("syzkaller", 0 [pid 9275] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9274] <... openat resumed>) = 3 [pid 9272] exit_group(0 [pid 9274] chdir("./file0" [pid 9272] <... exit_group resumed>) = ? [pid 9274] <... chdir resumed>) = 0 [pid 9275] <... futex resumed>) = ? [pid 9274] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9275] +++ exited with 0 +++ [pid 9272] +++ exited with 0 +++ [pid 9280] <... memfd_create resumed>) = 3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9272, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=7 /* 0.07 s */} --- [pid 9280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9274] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9280] <... mmap resumed>) = 0x7f670b400000 [pid 9274] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9271] <... futex resumed>) = 0 [pid 9271] exit_group(0) = ? [pid 5066] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", [pid 9278] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9274] +++ exited with 0 +++ [pid 9271] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9271, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... openat resumed>) = 3 [pid 5062] newfstatat(3, "", [pid 5066] newfstatat(AT_FDCWD, "./417/binderfs", [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./417/binderfs" [pid 5062] getdents64(3, [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9276] <... mount resumed>) = 0 [pid 5062] newfstatat(AT_FDCWD, "./415/binderfs", [pid 9276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9276] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./417/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9276] chdir("./file0" [pid 5062] unlink("./415/binderfs" [pid 5066] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... unlink resumed>) = 0 [pid 9276] <... chdir resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5062] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9276] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./417/file0" [pid 9276] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 9276] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9273] <... futex resumed>) = 0 [pid 5062] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9276] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9273] exit_group(0 [pid 5062] newfstatat(AT_FDCWD, "./415/file0", [pid 9276] <... futex resumed>) = ? [pid 9273] <... exit_group resumed>) = ? [pid 9276] +++ exited with 0 +++ [pid 5066] getdents64(3, [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9273] +++ exited with 0 +++ [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9273, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] close(3) = 0 [pid 5062] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] rmdir("./417" [pid 5065] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... openat resumed>) = 4 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(4, "", [pid 5065] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5062] getdents64(4, [pid 5066] mkdir("./418", 0777 [pid 5065] newfstatat(3, "", [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4 [pid 9280] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] getdents64(3, [pid 5066] <... openat resumed>) = 3 [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3 [pid 5065] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./418/binderfs", [pid 9278] <... write resumed>) = 2097152 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./415/file0" [pid 5065] unlink("./418/binderfs" [pid 5062] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 9281 attached [pid 5062] getdents64(3, [pid 9281] set_robust_list(0x5555569076a0, 24 [pid 5065] <... unlink resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9281] <... set_robust_list resumed>) = 0 [pid 5062] close(3 [pid 9281] chdir("./418" [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9281 [pid 5065] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... close resumed>) = 0 [pid 5062] rmdir("./415") = 0 [pid 9281] <... chdir resumed>) = 0 [pid 9278] munmap(0x7f670b400000, 138412032 [pid 5062] mkdir("./416", 0777 [pid 9281] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... umount2 resumed>) = 0 [pid 9281] <... prctl resumed>) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 9281] setpgid(0, 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9281] <... setpgid resumed>) = 0 [pid 9281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] <... openat resumed>) = 3 [pid 9281] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9281] write(3, "1000", 4 [pid 5065] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9281] <... write resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./418/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9278] <... munmap resumed>) = 0 [pid 5065] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 9281] close(3 [pid 9278] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] close(4 [pid 9281] <... close resumed>) = 0 [pid 9278] <... openat resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 9281] symlink("/dev/binderfs", "./binderfs" [pid 9278] ioctl(4, LOOP_SET_FD, 3 [pid 5065] rmdir("./418/file0" [pid 9281] <... symlink resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./418") = 0 [pid 9281] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9278] <... ioctl resumed>) = 0 [pid 9281] <... futex resumed>) = 0 [pid 9278] close(3 [pid 9281] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9278] <... close resumed>) = 0 [pid 9281] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9278] close(4 [pid 9281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9278] <... close resumed>) = 0 [pid 9281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9278] mkdir("./file0", 0777 [pid 9281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5065] mkdir("./419", 0777 [pid 9278] <... mkdir resumed>) = 0 [pid 9281] <... mmap resumed>) = 0x7f6713892000 [pid 9278] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] <... mkdir resumed>) = 0 [pid 9281] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9281] <... mprotect resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9282]}, 88) = 9282 [pid 9281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9281] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9281] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 9282 attached [pid 9282] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9282] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9282] memfd_create("syzkaller", 0 [pid 9280] <... write resumed>) = 2097152 [pid 5062] <... ioctl resumed>) = 0 [pid 9280] munmap(0x7f670b400000, 138412032 [pid 5062] close(3 [pid 9282] <... memfd_create resumed>) = 3 [pid 5062] <... close resumed>) = 0 [pid 9282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 337.600201][ T9278] loop2: detected capacity change from 0 to 4096 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9282] <... mmap resumed>) = 0x7f670b400000 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9283 ./strace-static-x86_64: Process 9283 attached [pid 9278] <... mount resumed>) = 0 [pid 9283] set_robust_list(0x5555569076a0, 24) = 0 [pid 9278] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9280] <... munmap resumed>) = 0 [pid 9278] <... openat resumed>) = 3 [pid 9283] chdir("./416" [pid 9280] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9283] <... chdir resumed>) = 0 [pid 9283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9280] ioctl(4, LOOP_SET_FD, 3 [pid 9283] setpgid(0, 0 [pid 9278] chdir("./file0" [pid 9283] <... setpgid resumed>) = 0 [pid 9283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9278] <... chdir resumed>) = 0 [pid 9278] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9283] <... openat resumed>) = 3 [pid 9278] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9280] <... ioctl resumed>) = 0 [pid 9280] close(3) = 0 [pid 9280] close(4 [pid 9283] write(3, "1000", 4 [pid 9280] <... close resumed>) = 0 [pid 9278] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... ioctl resumed>) = 0 [pid 9280] mkdir("./file0", 0777) = 0 [pid 9280] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9278] <... futex resumed>) = 1 [pid 9283] <... write resumed>) = 4 [pid 9277] <... futex resumed>) = 0 [pid 5065] close(3 [pid 9283] close(3 [pid 9278] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9277] exit_group(0 [pid 5065] <... close resumed>) = 0 [pid 9283] <... close resumed>) = 0 [pid 9278] <... futex resumed>) = ? [pid 9277] <... exit_group resumed>) = ? [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9283] symlink("/dev/binderfs", "./binderfs" [pid 9278] +++ exited with 0 +++ [pid 9277] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9277, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 337.689681][ T9280] loop1: detected capacity change from 0 to 4096 ./strace-static-x86_64: Process 9284 attached [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9284 [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 9284] set_robust_list(0x5555569076a0, 24 [pid 5064] umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9283] <... symlink resumed>) = 0 [pid 9284] <... set_robust_list resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9284] chdir("./419" [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9284] <... chdir resumed>) = 0 [pid 9283] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] getdents64(3, [pid 9284] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9283] <... futex resumed>) = 0 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9284] <... prctl resumed>) = 0 [pid 9283] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9284] setpgid(0, 0 [pid 9283] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9284] <... setpgid resumed>) = 0 [pid 9283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5064] newfstatat(AT_FDCWD, "./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] unlink("./420/binderfs" [pid 9284] <... openat resumed>) = 3 [pid 9283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9282] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] <... unlink resumed>) = 0 [pid 9284] write(3, "1000", 4 [pid 9283] <... mmap resumed>) = 0x7f6713892000 [pid 5064] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9284] <... write resumed>) = 4 [pid 9283] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9284] close(3 [pid 9283] <... mprotect resumed>) = 0 [pid 9284] <... close resumed>) = 0 [pid 9283] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... umount2 resumed>) = 0 [pid 9284] symlink("/dev/binderfs", "./binderfs" [pid 9283] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9284] <... symlink resumed>) = 0 [pid 9283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9285]}, 88) = 9285 [pid 9283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9283] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9283] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 9285 attached [pid 9284] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9284] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9285] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053) = 0 [pid 9284] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9284] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9284] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9284] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9285] set_robust_list(0x7f67138b29a0, 24 [pid 9284] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9285] <... set_robust_list resumed>) = 0 [pid 9284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 9286 attached [pid 9285] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] newfstatat(AT_FDCWD, "./420/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9284] <... clone3 resumed> => {parent_tid=[9286]}, 88) = 9286 [pid 9286] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9284] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9284] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9285] memfd_create("syzkaller", 0 [pid 9286] <... rseq resumed>) = 0 [pid 5064] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9286] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9286] memfd_create("syzkaller", 0 [pid 5064] <... openat resumed>) = 4 [pid 9280] <... mount resumed>) = 0 [pid 9285] <... memfd_create resumed>) = 3 [pid 5064] newfstatat(4, "", [pid 9280] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9280] <... openat resumed>) = 3 [pid 9285] <... mmap resumed>) = 0x7f670b400000 [pid 9280] chdir("./file0" [pid 5064] getdents64(4, [pid 9280] <... chdir resumed>) = 0 [pid 9280] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9280] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5064] getdents64(4, [pid 9280] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9279] <... futex resumed>) = 0 [pid 9280] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9279] exit_group(0 [pid 5064] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9286] <... memfd_create resumed>) = 3 [pid 9279] <... exit_group resumed>) = ? [pid 5064] close(4 [pid 9286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9282] <... write resumed>) = 2097152 [pid 9280] <... futex resumed>) = ? [pid 5064] <... close resumed>) = 0 [pid 9286] <... mmap resumed>) = 0x7f670b400000 [pid 9282] munmap(0x7f670b400000, 138412032 [pid 9280] +++ exited with 0 +++ [pid 5064] rmdir("./420/file0" [pid 9282] <... munmap resumed>) = 0 [pid 9279] +++ exited with 0 +++ [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 9285] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9282] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9279, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 5063] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 9282] <... openat resumed>) = 4 [pid 5064] close(3 [pid 9282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] <... close resumed>) = 0 [pid 5063] umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9286] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] rmdir("./420" [pid 5063] unlink("./423/binderfs") = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5063] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9285] <... write resumed>) = 2097152 [pid 9282] close(3 [pid 5064] mkdir("./421", 0777 [pid 5063] <... umount2 resumed>) = 0 [pid 9286] <... write resumed>) = 2097152 [pid 9285] munmap(0x7f670b400000, 138412032 [pid 9282] <... close resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 9282] close(4 [pid 9286] munmap(0x7f670b400000, 138412032 [pid 5063] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9282] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9282] mkdir("./file0", 0777 [pid 5064] <... openat resumed>) = 3 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5063] newfstatat(AT_FDCWD, "./423/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5063] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 9282] <... mkdir resumed>) = 0 [ 337.860692][ T9282] loop4: detected capacity change from 0 to 4096 [pid 5063] close(4 [pid 9286] <... munmap resumed>) = 0 [pid 9282] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 5063] <... close resumed>) = 0 [pid 9286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] rmdir("./423/file0" [pid 9286] <... openat resumed>) = 4 [pid 5063] <... rmdir resumed>) = 0 [pid 9286] ioctl(4, LOOP_SET_FD, 3 [pid 9285] <... munmap resumed>) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./423") = 0 [pid 5063] mkdir("./424", 0777) = 0 [pid 9285] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9285] <... openat resumed>) = 4 [pid 5063] <... openat resumed>) = 3 [pid 9285] ioctl(4, LOOP_SET_FD, 3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9286] <... ioctl resumed>) = 0 [pid 9285] <... ioctl resumed>) = 0 [pid 9285] close(3 [pid 9286] close(3 [pid 9285] <... close resumed>) = 0 [pid 9286] <... close resumed>) = 0 [pid 9285] close(4 [pid 9286] close(4) = 0 [pid 9285] <... close resumed>) = 0 [pid 9286] mkdir("./file0", 0777) = 0 [pid 9285] mkdir("./file0", 0777 [pid 9282] <... mount resumed>) = 0 [ 337.916240][ T9286] loop3: detected capacity change from 0 to 4096 [ 337.929398][ T9285] loop0: detected capacity change from 0 to 4096 [pid 9286] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9285] <... mkdir resumed>) = 0 [pid 9282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9285] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9282] <... openat resumed>) = 3 [pid 9282] chdir("./file0") = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9287 attached [pid 9282] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... ioctl resumed>) = 0 [pid 9282] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9287] set_robust_list(0x5555569076a0, 24 [pid 9282] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9287 [pid 9287] <... set_robust_list resumed>) = 0 [pid 9282] <... futex resumed>) = 1 [pid 9281] <... futex resumed>) = 0 [pid 9287] chdir("./421" [pid 9282] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9281] exit_group(0 [pid 9287] <... chdir resumed>) = 0 [pid 9282] <... futex resumed>) = ? [pid 9281] <... exit_group resumed>) = ? [pid 9287] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9282] +++ exited with 0 +++ [pid 9281] +++ exited with 0 +++ [pid 9287] <... prctl resumed>) = 0 [pid 9287] setpgid(0, 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9281, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 9287] <... setpgid resumed>) = 0 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 9287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... restart_syscall resumed>) = 0 [pid 9287] <... openat resumed>) = 3 [pid 9287] write(3, "1000", 4 [pid 5063] close(3 [pid 5066] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 9287] <... write resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9287] close(3 [pid 5066] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9287] <... close resumed>) = 0 [pid 9287] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... openat resumed>) = 3 [pid 9287] <... symlink resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 9287] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9287] <... futex resumed>) = 0 [pid 9287] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5066] getdents64(3, [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9288 ./strace-static-x86_64: Process 9288 attached [pid 9287] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9287] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9286] <... mount resumed>) = 0 [pid 9288] set_robust_list(0x5555569076a0, 24 [pid 9287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9288] <... set_robust_list resumed>) = 0 [pid 9287] <... mmap resumed>) = 0x7f6713892000 [pid 9286] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9285] <... mount resumed>) = 0 [pid 5066] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9288] chdir("./424" [pid 9287] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9286] <... openat resumed>) = 3 [pid 9285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./418/binderfs", [pid 9288] <... chdir resumed>) = 0 [pid 9288] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9288] <... prctl resumed>) = 0 [pid 9288] setpgid(0, 0 [pid 9287] <... mprotect resumed>) = 0 [pid 9286] chdir("./file0" [pid 9285] <... openat resumed>) = 3 [pid 9288] <... setpgid resumed>) = 0 [pid 9287] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9286] <... chdir resumed>) = 0 [pid 9285] chdir("./file0" [pid 5066] unlink("./418/binderfs" [pid 9286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9285] <... chdir resumed>) = 0 [pid 9288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9287] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9286] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9285] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... unlink resumed>) = 0 [pid 9288] <... openat resumed>) = 3 [pid 9287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9288] write(3, "1000", 4 [pid 9286] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9285] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5066] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9288] <... write resumed>) = 4 [pid 9287] <... clone3 resumed> => {parent_tid=[9289]}, 88) = 9289 [pid 9286] <... futex resumed>) = 1 [pid 9285] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9284] <... futex resumed>) = 0 ./strace-static-x86_64: Process 9289 attached [pid 9288] close(3 [pid 9287] rt_sigprocmask(SIG_SETMASK, [], [pid 9286] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9285] <... futex resumed>) = 1 [pid 9284] exit_group(0 [pid 9283] <... futex resumed>) = 0 [pid 9289] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9288] <... close resumed>) = 0 [pid 9287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9286] <... futex resumed>) = ? [pid 9285] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9284] <... exit_group resumed>) = ? [pid 9283] exit_group(0 [pid 9289] <... rseq resumed>) = 0 [pid 9288] symlink("/dev/binderfs", "./binderfs" [pid 9287] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9286] +++ exited with 0 +++ [pid 9284] +++ exited with 0 +++ [pid 9283] <... exit_group resumed>) = ? [pid 5066] <... umount2 resumed>) = 0 [pid 9289] set_robust_list(0x7f67138b29a0, 24 [pid 9288] <... symlink resumed>) = 0 [pid 9287] <... futex resumed>) = 0 [pid 9285] <... futex resumed>) = ? [pid 5066] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9289] <... set_robust_list resumed>) = 0 [pid 9287] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9284, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5065] umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9289] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9289] memfd_create("syzkaller", 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5066] newfstatat(AT_FDCWD, "./418/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(3, [pid 5066] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9288] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9288] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5065] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9289] <... memfd_create resumed>) = 3 [pid 9288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9289] <... mmap resumed>) = 0x7f670b400000 [pid 9288] <... mmap resumed>) = 0x7f6713892000 [pid 5066] <... openat resumed>) = 4 [pid 9288] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9285] +++ exited with 0 +++ [pid 9283] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9288] <... mprotect resumed>) = 0 [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9283, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5065] newfstatat(AT_FDCWD, "./419/binderfs", [pid 9288] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9288] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9290 attached [pid 9289] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./419/binderfs" [pid 5066] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9290] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9288] <... clone3 resumed> => {parent_tid=[9290]}, 88) = 9290 [pid 5065] <... unlink resumed>) = 0 [pid 9290] <... rseq resumed>) = 0 [pid 9288] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] getdents64(4, [pid 5062] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9290] set_robust_list(0x7f67138b29a0, 24 [pid 9288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9290] <... set_robust_list resumed>) = 0 [pid 9288] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9290] rt_sigprocmask(SIG_SETMASK, [], [pid 9288] <... futex resumed>) = 0 [pid 5066] close(4 [pid 5065] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... openat resumed>) = 3 [pid 9290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9288] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... close resumed>) = 0 [pid 5062] newfstatat(3, "", [pid 5066] rmdir("./418/file0" [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, [pid 9290] memfd_create("syzkaller", 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./416/binderfs", [pid 5066] getdents64(3, [pid 5062] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9290] <... memfd_create resumed>) = 3 [pid 5062] unlink("./416/binderfs" [pid 9290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9289] <... write resumed>) = 2097152 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... unlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 9290] <... mmap resumed>) = 0x7f670b400000 [pid 9289] munmap(0x7f670b400000, 138412032 [pid 5065] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3 [pid 5062] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./418" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5066] mkdir("./419", 0777) = 0 [pid 5065] newfstatat(AT_FDCWD, "./419/file0", [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9289] <... munmap resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9289] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9289] ioctl(4, LOOP_SET_FD, 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... openat resumed>) = 4 [pid 9290] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] newfstatat(4, "", [pid 5062] newfstatat(AT_FDCWD, "./416/file0", [pid 9289] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9289] close(3 [pid 5065] getdents64(4, [pid 9289] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9289] close(4 [pid 5065] getdents64(4, [pid 5062] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9289] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(4 [pid 5062] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9289] mkdir("./file0", 0777 [pid 5065] <... close resumed>) = 0 [pid 9289] <... mkdir resumed>) = 0 [pid 5065] rmdir("./419/file0" [pid 5062] <... openat resumed>) = 4 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./419" [pid 5062] newfstatat(4, "", [pid 9289] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5065] <... rmdir resumed>) = 0 [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] mkdir("./420", 0777) = 0 [pid 5062] getdents64(4, [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9290] <... write resumed>) = 2097152 [pid 5062] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 5065] <... openat resumed>) = 3 [pid 5062] getdents64(4, [pid 9290] munmap(0x7f670b400000, 138412032 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5062] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5062] close(4) = 0 [pid 5062] rmdir("./416/file0") = 0 [pid 5062] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] close(3) = 0 [pid 5062] rmdir("./416") = 0 [pid 5062] mkdir("./417", 0777) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 338.160312][ T9289] loop2: detected capacity change from 0 to 4096 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9290] <... munmap resumed>) = 0 [pid 9290] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 9290] close(3 [pid 9289] <... mount resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 9290] <... close resumed>) = 0 [pid 9290] close(4) = 0 [pid 9290] mkdir("./file0", 0777) = 0 [pid 9290] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 9289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] close(3 [pid 5065] close(3 [pid 9289] chdir("./file0" [pid 5066] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 9289] <... chdir resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9291 attached [pid 9289] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 9292 attached [pid 9292] set_robust_list(0x5555569076a0, 24) = 0 [pid 9292] chdir("./420" [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9292 [pid 9292] <... chdir resumed>) = 0 [pid 9289] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 338.231158][ T9290] loop1: detected capacity change from 0 to 4096 [pid 9292] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9291] set_robust_list(0x5555569076a0, 24 [pid 9289] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9291 [pid 9291] <... set_robust_list resumed>) = 0 [pid 9289] <... futex resumed>) = 1 [pid 9292] <... prctl resumed>) = 0 [pid 9287] <... futex resumed>) = 0 [pid 9291] chdir("./419" [pid 9289] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9292] setpgid(0, 0 [pid 9287] exit_group(0 [pid 9292] <... setpgid resumed>) = 0 [pid 9289] <... futex resumed>) = ? [pid 9287] <... exit_group resumed>) = ? [pid 9292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9291] <... chdir resumed>) = 0 [pid 9289] +++ exited with 0 +++ [pid 9287] +++ exited with 0 +++ [pid 9291] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9287, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 9292] <... openat resumed>) = 3 [pid 9291] <... prctl resumed>) = 0 [pid 9292] write(3, "1000", 4 [pid 9291] setpgid(0, 0 [pid 9292] <... write resumed>) = 4 [pid 9291] <... setpgid resumed>) = 0 [pid 5064] umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... ioctl resumed>) = 0 [pid 9292] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9292] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9292] symlink("/dev/binderfs", "./binderfs" [pid 9291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... openat resumed>) = 3 [pid 9292] <... symlink resumed>) = 0 [pid 5062] close(3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] <... close resumed>) = 0 [pid 9292] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9292] <... futex resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9292] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] newfstatat(AT_FDCWD, "./421/binderfs", [pid 9292] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] unlink("./421/binderfs" [pid 9292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... unlink resumed>) = 0 [pid 9292] <... mmap resumed>) = 0x7f6713892000 [pid 9291] <... openat resumed>) = 3 [pid 5064] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9292] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} => {parent_tid=[9294]}, 88) = 9294 [pid 9292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 9294 attached [pid 9292] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9291] write(3, "1000", 4 [pid 9294] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9292] <... futex resumed>) = 0 [pid 9291] <... write resumed>) = 4 [pid 9291] close(3 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9293 [pid 9294] <... rseq resumed>) = 0 [pid 9292] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9291] <... close resumed>) = 0 [pid 9291] symlink("/dev/binderfs", "./binderfs" [pid 9294] set_robust_list(0x7f67138b29a0, 24 [pid 9291] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 9293 attached [pid 9294] <... set_robust_list resumed>) = 0 [pid 9294] rt_sigprocmask(SIG_SETMASK, [], [pid 9293] set_robust_list(0x5555569076a0, 24) = 0 [pid 9294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9293] chdir("./417" [pid 9294] memfd_create("syzkaller", 0 [pid 9291] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9293] <... chdir resumed>) = 0 [pid 9291] <... futex resumed>) = 0 [pid 9293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9291] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5064] <... umount2 resumed>) = 0 [pid 9293] setpgid(0, 0 [pid 9291] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9291] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9293] <... setpgid resumed>) = 0 [pid 9294] <... memfd_create resumed>) = 3 [pid 9294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9294] <... mmap resumed>) = 0x7f670b400000 [pid 9293] <... openat resumed>) = 3 [pid 9291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./421/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./421/file0") = 0 [pid 5064] getdents64(3, 0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./421" [pid 9293] write(3, "1000", 4 [pid 9291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5064] <... rmdir resumed>) = 0 [pid 9293] <... write resumed>) = 4 [pid 9291] <... mmap resumed>) = 0x7f6713892000 [pid 9293] close(3 [pid 9291] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5064] mkdir("./422", 0777 [pid 9293] <... close resumed>) = 0 [pid 9291] <... mprotect resumed>) = 0 [pid 9290] <... mount resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 9293] symlink("/dev/binderfs", "./binderfs" [pid 9291] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9293] <... symlink resumed>) = 0 [pid 9291] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... openat resumed>) = 3 [pid 9293] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9290] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 9295 attached [pid 9293] <... futex resumed>) = 0 [pid 9291] <... clone3 resumed> => {parent_tid=[9295]}, 88) = 9295 [pid 9290] chdir("./file0" [pid 9295] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9293] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9291] rt_sigprocmask(SIG_SETMASK, [], [pid 9290] <... chdir resumed>) = 0 [pid 9295] <... rseq resumed>) = 0 [pid 9293] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9290] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9295] set_robust_list(0x7f67138b29a0, 24) = 0 [pid 9290] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9291] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9295] rt_sigprocmask(SIG_SETMASK, [], [pid 9291] <... futex resumed>) = 0 [pid 9290] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9291] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9290] <... futex resumed>) = 1 [pid 9288] <... futex resumed>) = 0 [pid 9295] memfd_create("syzkaller", 0 [pid 9293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9290] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9288] exit_group(0 [pid 9293] <... mmap resumed>) = 0x7f6713892000 [pid 9290] <... futex resumed>) = ? [pid 9288] <... exit_group resumed>) = ? [pid 9293] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9295] <... memfd_create resumed>) = 3 [pid 9293] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9293] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9295] <... mmap resumed>) = 0x7f670b400000 [pid 9293] <... clone3 resumed> => {parent_tid=[9296]}, 88) = 9296 ./strace-static-x86_64: Process 9296 attached [pid 9293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9296] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9294] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9290] +++ exited with 0 +++ [pid 9288] +++ exited with 0 +++ [pid 9296] <... rseq resumed>) = 0 [pid 9293] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9288, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 9296] set_robust_list(0x7f67138b29a0, 24 [pid 9293] <... futex resumed>) = 0 [pid 9296] <... set_robust_list resumed>) = 0 [pid 9296] rt_sigprocmask(SIG_SETMASK, [], [pid 9293] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 9296] memfd_create("syzkaller", 0 [pid 5063] umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9296] <... memfd_create resumed>) = 3 [pid 5064] close(3 [pid 9296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... close resumed>) = 0 [pid 9296] <... mmap resumed>) = 0x7f670b400000 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9297 [pid 5063] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 9297 attached [pid 5063] umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9297] set_robust_list(0x5555569076a0, 24 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9297] <... set_robust_list resumed>) = 0 [pid 5063] newfstatat(AT_FDCWD, "./424/binderfs", [pid 9297] chdir("./422") = 0 [pid 9297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9295] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9297] <... prctl resumed>) = 0 [pid 9297] setpgid(0, 0) = 0 [pid 9297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9297] write(3, "1000", 4) = 4 [pid 9297] close(3) = 0 [pid 9297] symlink("/dev/binderfs", "./binderfs" [pid 5063] unlink("./424/binderfs") = 0 [pid 9297] <... symlink resumed>) = 0 [pid 5063] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9294] <... write resumed>) = 2097152 [pid 5063] <... umount2 resumed>) = 0 [pid 9297] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9294] munmap(0x7f670b400000, 138412032 [pid 5063] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./424/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5063] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] openat(AT_FDCWD, "./424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9297] <... futex resumed>) = 0 [pid 9297] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] <... openat resumed>) = 4 [pid 9297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] newfstatat(4, "", [pid 9297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9297] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(4, [pid 9297] <... mprotect resumed>) = 0 [pid 9297] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9297] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9294] <... munmap resumed>) = 0 [pid 5063] getdents64(4, [pid 9297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9294] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 9298 attached ) = 4 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9298] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9297] <... clone3 resumed> => {parent_tid=[9298]}, 88) = 9298 [pid 9298] <... rseq resumed>) = 0 [pid 9297] rt_sigprocmask(SIG_SETMASK, [], [pid 9294] ioctl(4, LOOP_SET_FD, 3 [pid 5063] close(4 [pid 9298] set_robust_list(0x7f67138b29a0, 24 [pid 9297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9296] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... close resumed>) = 0 [pid 9298] <... set_robust_list resumed>) = 0 [pid 9297] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9297] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9298] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] rmdir("./424/file0") = 0 [pid 5063] getdents64(3, [pid 9298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9295] <... write resumed>) = 2097152 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9298] memfd_create("syzkaller", 0 [pid 5063] close(3) = 0 [pid 5063] rmdir("./424") = 0 [pid 9298] <... memfd_create resumed>) = 3 [pid 9295] munmap(0x7f670b400000, 138412032 [pid 9294] <... ioctl resumed>) = 0 [pid 5063] mkdir("./425", 0777 [pid 9298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 5063] <... mkdir resumed>) = 0 [pid 9294] close(3 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9294] <... close resumed>) = 0 [pid 9294] close(4 [pid 5063] <... openat resumed>) = 3 [pid 9294] <... close resumed>) = 0 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9294] mkdir("./file0", 0777) = 0 [pid 9294] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9295] <... munmap resumed>) = 0 [ 338.526351][ T9294] loop3: detected capacity change from 0 to 4096 [pid 9295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9295] ioctl(4, LOOP_SET_FD, 3 [pid 9298] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9295] <... ioctl resumed>) = 0 [pid 9295] close(3) = 0 [pid 9295] close(4) = 0 [pid 9295] mkdir("./file0", 0777) = 0 [pid 9294] <... mount resumed>) = 0 [pid 9294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9295] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9294] <... openat resumed>) = 3 [pid 5063] <... ioctl resumed>) = 0 [pid 9296] <... write resumed>) = 2097152 [pid 9294] chdir("./file0" [pid 5063] close(3 [pid 9294] <... chdir resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 9296] munmap(0x7f670b400000, 138412032 [pid 9294] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9294] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9294] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9292] <... futex resumed>) = 0 ./strace-static-x86_64: Process 9299 attached [pid 9294] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9292] exit_group(0 [ 338.597995][ T9295] loop4: detected capacity change from 0 to 4096 [pid 9294] <... futex resumed>) = ? [pid 9292] <... exit_group resumed>) = ? [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9299 [pid 9299] set_robust_list(0x5555569076a0, 24 [pid 9296] <... munmap resumed>) = 0 [pid 9294] +++ exited with 0 +++ [pid 9292] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9292, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 9299] <... set_robust_list resumed>) = 0 [pid 5065] <... restart_syscall resumed>) = 0 [pid 9299] chdir("./425" [pid 5065] umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9299] <... chdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9299] <... prctl resumed>) = 0 [pid 9296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9299] setpgid(0, 0 [pid 9296] <... openat resumed>) = 4 [pid 5065] <... openat resumed>) = 3 [pid 9299] <... setpgid resumed>) = 0 [pid 9296] ioctl(4, LOOP_SET_FD, 3 [pid 5065] newfstatat(3, "", [pid 9299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./420/binderfs") = 0 [pid 5065] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9299] <... openat resumed>) = 3 [pid 9299] write(3, "1000", 4) = 4 [pid 9298] <... write resumed>) = 2097152 [pid 9296] <... ioctl resumed>) = 0 [pid 9299] close(3 [pid 9295] <... mount resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 9299] <... close resumed>) = 0 [pid 9296] close(3 [pid 9299] symlink("/dev/binderfs", "./binderfs" [pid 9296] <... close resumed>) = 0 [pid 9295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9296] close(4 [pid 9299] <... symlink resumed>) = 0 [pid 9299] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9295] <... openat resumed>) = 3 [pid 9299] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9296] <... close resumed>) = 0 [pid 9299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9296] mkdir("./file0", 0777 [pid 9295] chdir("./file0") = 0 [pid 9295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9295] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9296] <... mkdir resumed>) = 0 [pid 9295] <... futex resumed>) = 1 [pid 9291] <... futex resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9296] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 9295] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9291] exit_group(0 [pid 9299] <... mmap resumed>) = 0x7f6713892000 [pid 5065] newfstatat(AT_FDCWD, "./420/file0", [pid 9299] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9295] <... futex resumed>) = ? [pid 9291] <... exit_group resumed>) = ? [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9299] <... mprotect resumed>) = 0 [pid 9295] +++ exited with 0 +++ [pid 5065] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9299] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9299] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9299] <... clone3 resumed> => {parent_tid=[9300]}, 88) = 9300 ./strace-static-x86_64: Process 9300 attached [pid 5065] getdents64(4, [pid 9299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9300] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9299] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] getdents64(4, [pid 9300] <... rseq resumed>) = 0 [pid 9299] <... futex resumed>) = 0 [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9300] set_robust_list(0x7f67138b29a0, 24 [pid 9299] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9298] munmap(0x7f670b400000, 138412032 [pid 5065] close(4 [pid 9300] <... set_robust_list resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 9300] rt_sigprocmask(SIG_SETMASK, [], [pid 9298] <... munmap resumed>) = 0 [pid 9291] +++ exited with 0 +++ [pid 5065] rmdir("./420/file0" [pid 9300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9291, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 9300] memfd_create("syzkaller", 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5066] umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9300] <... memfd_create resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 338.676806][ T9296] loop0: detected capacity change from 0 to 4096 [pid 5065] close(3 [pid 9300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 9300] <... mmap resumed>) = 0x7f670b400000 [pid 5065] rmdir("./420" [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 9298] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9298] ioctl(4, LOOP_SET_FD, 3 [pid 5065] mkdir("./421", 0777 [pid 9296] <... mount resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] newfstatat(AT_FDCWD, "./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9296] <... openat resumed>) = 3 [pid 5066] unlink("./419/binderfs" [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9296] chdir("./file0" [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 9296] <... chdir resumed>) = 0 [pid 5066] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9296] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9296] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9293] <... futex resumed>) = 0 [pid 9296] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9293] exit_group(0 [pid 9296] <... futex resumed>) = ? [pid 9293] <... exit_group resumed>) = ? [pid 9296] +++ exited with 0 +++ [pid 9298] <... ioctl resumed>) = 0 [pid 9298] close(3) = 0 [pid 9298] close(4) = 0 [pid 9298] mkdir("./file0", 0777) = 0 [pid 9293] +++ exited with 0 +++ [pid 9298] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9293, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5062] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5066] <... umount2 resumed>) = 0 [pid 5062] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 338.752470][ T9298] loop2: detected capacity change from 0 to 4096 [pid 5062] unlink("./417/binderfs" [pid 9300] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5066] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... unlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(AT_FDCWD, "./419/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5062] <... umount2 resumed>) = 0 [pid 5066] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./417/file0", [pid 5066] openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5062] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 4 [pid 5062] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(4, "", [pid 5062] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5062] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(4, [pid 5062] close(4 [pid 5066] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5062] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5062] rmdir("./417/file0" [pid 5066] rmdir("./419/file0" [pid 5062] <... rmdir resumed>) = 0 [pid 5062] getdents64(3, [pid 9300] <... write resumed>) = 2097152 [pid 5066] <... rmdir resumed>) = 0 [pid 5062] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] getdents64(3, [pid 5062] close(3 [pid 5066] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5062] <... close resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555556907690) = 9301 [pid 5062] rmdir("./417"./strace-static-x86_64: Process 9301 attached ) = 0 [pid 5062] mkdir("./418", 0777 [pid 9301] set_robust_list(0x5555569076a0, 24) = 0 [pid 5062] <... mkdir resumed>) = 0 [pid 9301] chdir("./421") = 0 [pid 9301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] close(3 [pid 9301] setpgid(0, 0 [pid 9300] munmap(0x7f670b400000, 138412032 [pid 9298] <... mount resumed>) = 0 [pid 9301] <... setpgid resumed>) = 0 [pid 9300] <... munmap resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9298] <... openat resumed>) = 3 [pid 5066] rmdir("./419" [pid 5062] <... openat resumed>) = 3 [pid 5062] ioctl(3, LOOP_CLR_FD [pid 9298] chdir("./file0" [pid 9301] write(3, "1000", 4 [pid 9298] <... chdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 9301] <... write resumed>) = 4 [pid 9298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5066] mkdir("./420", 0777 [pid 9301] close(3 [pid 9298] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9301] <... close resumed>) = 0 [pid 9298] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9301] symlink("/dev/binderfs", "./binderfs" [pid 9298] <... futex resumed>) = 1 [pid 9297] <... futex resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 9301] <... symlink resumed>) = 0 [pid 9297] exit_group(0 [pid 9301] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9297] <... exit_group resumed>) = ? [pid 9301] <... futex resumed>) = 0 [pid 9300] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9298] +++ exited with 0 +++ [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9301] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9300] <... openat resumed>) = 4 [pid 9297] +++ exited with 0 +++ [pid 5066] <... openat resumed>) = 3 [pid 9301] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9300] ioctl(4, LOOP_SET_FD, 3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9297, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 9301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9301] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9301] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9301] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 9301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 9300] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 9302 attached [pid 9300] close(3 [pid 5064] getdents64(3, [pid 9302] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9301] <... clone3 resumed> => {parent_tid=[9302]}, 88) = 9302 [pid 9300] <... close resumed>) = 0 [pid 9302] <... rseq resumed>) = 0 [pid 9301] rt_sigprocmask(SIG_SETMASK, [], [pid 9300] close(4 [pid 5064] <... getdents64 resumed>0x555556908730 /* 4 entries */, 32768) = 112 [pid 9302] set_robust_list(0x7f67138b29a0, 24 [pid 9301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9302] <... set_robust_list resumed>) = 0 [pid 9301] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9300] <... close resumed>) = 0 [pid 5064] umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9301] <... futex resumed>) = 0 [pid 9300] mkdir("./file0", 0777 [pid 9301] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9302] rt_sigprocmask(SIG_SETMASK, [], [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9300] <... mkdir resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9300] mount("/dev/loop1", "./file0", "ntfs3", 0, "" [pid 5064] unlink("./422/binderfs") = 0 [pid 5064] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9302] memfd_create("syzkaller", 0) = 3 [pid 9302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [ 338.892944][ T9300] loop1: detected capacity change from 0 to 4096 [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3 [pid 5064] <... umount2 resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5064] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./422/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [pid 5062] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] getdents64(4, 0x555556910770 /* 0 entries */, 32768) = 0 [pid 5066] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 9303 attached [pid 9302] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5064] close(4 [pid 5062] <... clone resumed>, child_tidptr=0x555556907690) = 9303 [pid 9303] set_robust_list(0x5555569076a0, 24 [pid 5064] <... close resumed>) = 0 [pid 9303] <... set_robust_list resumed>) = 0 [pid 5064] rmdir("./422/file0" [pid 9303] chdir("./418" [pid 5064] <... rmdir resumed>) = 0 [pid 9303] <... chdir resumed>) = 0 [pid 5064] getdents64(3, [pid 9303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] close(3 [pid 5064] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 9303] <... prctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] rmdir("./422") = 0 [pid 9303] setpgid(0, 0 [pid 5064] mkdir("./423", 0777 [pid 9300] <... mount resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 9300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9303] <... setpgid resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556907690) = 9304 [pid 9300] <... openat resumed>) = 3 [pid 9303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9300] chdir("./file0" [pid 9303] <... openat resumed>) = 3 [pid 9300] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 9304 attached [pid 9303] write(3, "1000", 4 [pid 5064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9304] set_robust_list(0x5555569076a0, 24 [pid 9303] <... write resumed>) = 4 [pid 5064] <... openat resumed>) = 3 [pid 9304] <... set_robust_list resumed>) = 0 [pid 9303] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9304] chdir("./420" [pid 9303] <... close resumed>) = 0 [pid 9303] symlink("/dev/binderfs", "./binderfs" [pid 9300] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9303] <... symlink resumed>) = 0 [pid 9300] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 9304] <... chdir resumed>) = 0 [pid 9303] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9300] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9303] <... futex resumed>) = 0 [pid 9300] <... futex resumed>) = 1 [pid 9299] <... futex resumed>) = 0 [pid 9304] <... prctl resumed>) = 0 [pid 9303] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 9300] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9299] exit_group(0 [pid 9304] setpgid(0, 0 [pid 9303] <... rt_sigaction resumed>NULL, 8) = 0 [pid 9300] <... futex resumed>) = ? [pid 9299] <... exit_group resumed>) = ? [pid 9304] <... setpgid resumed>) = 0 [pid 9303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9300] +++ exited with 0 +++ [pid 9304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9303] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9303] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9304] <... openat resumed>) = 3 [pid 9303] <... rt_sigprocmask resumed>[], 8) = 0 [pid 9303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9305 attached [pid 9305] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9304] write(3, "1000", 4 [pid 9303] <... clone3 resumed> => {parent_tid=[9305]}, 88) = 9305 [pid 9305] <... rseq resumed>) = 0 [pid 9304] <... write resumed>) = 4 [pid 9303] rt_sigprocmask(SIG_SETMASK, [], [pid 9299] +++ exited with 0 +++ [pid 9305] set_robust_list(0x7f67138b29a0, 24 [pid 9304] close(3 [pid 9303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9299, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- [pid 9305] <... set_robust_list resumed>) = 0 [pid 9304] <... close resumed>) = 0 [pid 9303] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9305] rt_sigprocmask(SIG_SETMASK, [], [pid 9304] symlink("/dev/binderfs", "./binderfs" [pid 9303] <... futex resumed>) = 0 [pid 9305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9304] <... symlink resumed>) = 0 [pid 9303] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9305] memfd_create("syzkaller", 0 [pid 9304] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5063] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5063] umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9304] <... futex resumed>) = 0 [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9304] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, [pid 5063] newfstatat(AT_FDCWD, "./425/binderfs", [pid 9305] <... memfd_create resumed>) = 3 [pid 9304] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5063] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5063] unlink("./425/binderfs" [pid 9305] <... mmap resumed>) = 0x7f670b400000 [pid 9304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... unlink resumed>) = 0 [pid 9304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9302] <... write resumed>) = 2097152 [pid 5063] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9304] <... mmap resumed>) = 0x7f6713892000 [pid 9302] munmap(0x7f670b400000, 138412032) = 0 [pid 9304] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9302] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... umount2 resumed>) = 0 [pid 9302] <... openat resumed>) = 4 [pid 9302] ioctl(4, LOOP_SET_FD, 3 [pid 9304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5063] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] newfstatat(AT_FDCWD, "./425/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9304] <... clone3 resumed> => {parent_tid=[9306]}, 88) = 9306 [pid 5063] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9304] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] openat(AT_FDCWD, "./425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] close(3 [pid 5063] <... openat resumed>) = 4 ./strace-static-x86_64: Process 9306 attached [pid 9304] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 5063] newfstatat(4, "", [pid 9306] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9304] <... futex resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9306] <... rseq resumed>) = 0 [pid 9304] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] getdents64(4, [pid 9306] set_robust_list(0x7f67138b29a0, 24./strace-static-x86_64: Process 9307 attached ) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555556907690) = 9307 [pid 5063] <... getdents64 resumed>0x555556910770 /* 2 entries */, 32768) = 48 [pid 9307] set_robust_list(0x5555569076a0, 24 [pid 9306] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] getdents64(4, [pid 9307] <... set_robust_list resumed>) = 0 [pid 9306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9307] chdir("./423" [pid 5063] close(4 [pid 9307] <... chdir resumed>) = 0 [pid 9302] <... ioctl resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 9307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9302] close(3 [pid 5063] rmdir("./425/file0" [pid 9307] <... prctl resumed>) = 0 [pid 9307] setpgid(0, 0 [pid 9302] <... close resumed>) = 0 [pid 5063] <... rmdir resumed>) = 0 [pid 9307] <... setpgid resumed>) = 0 [pid 9302] close(4 [pid 5063] getdents64(3, [pid 9307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9305] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9302] <... close resumed>) = 0 [pid 5063] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 9306] memfd_create("syzkaller", 0 [pid 5063] close(3 [pid 9306] <... memfd_create resumed>) = 3 [pid 5063] <... close resumed>) = 0 [pid 9306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] rmdir("./425") = 0 [pid 9306] <... mmap resumed>) = 0x7f670b400000 [pid 5063] mkdir("./426", 0777 [pid 9302] mkdir("./file0", 0777 [pid 9307] <... openat resumed>) = 3 [pid 9302] <... mkdir resumed>) = 0 [pid 5063] <... mkdir resumed>) = 0 [pid 9307] write(3, "1000", 4 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9307] <... write resumed>) = 4 [pid 5063] <... openat resumed>) = 3 [pid 9307] close(3 [pid 5063] ioctl(3, LOOP_CLR_FD [pid 9307] <... close resumed>) = 0 [pid 9307] symlink("/dev/binderfs", "./binderfs" [pid 9302] mount("/dev/loop3", "./file0", "ntfs3", 0, "" [pid 9307] <... symlink resumed>) = 0 [pid 9307] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9307] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 339.090614][ T9302] loop3: detected capacity change from 0 to 4096 [pid 9307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6713892000 [pid 9307] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0}./strace-static-x86_64: Process 9308 attached [pid 9308] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9307] <... clone3 resumed> => {parent_tid=[9308]}, 88) = 9308 [pid 9307] rt_sigprocmask(SIG_SETMASK, [], [pid 9308] <... rseq resumed>) = 0 [pid 9307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9308] set_robust_list(0x7f67138b29a0, 24 [pid 9307] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9308] <... set_robust_list resumed>) = 0 [pid 9307] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9302] <... mount resumed>) = 0 [pid 9308] memfd_create("syzkaller", 0 [pid 9302] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9302] chdir("./file0") = 0 [pid 9302] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9302] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9308] <... memfd_create resumed>) = 3 [pid 9302] <... futex resumed>) = 1 [pid 9301] <... futex resumed>) = 0 [pid 9308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9305] <... write resumed>) = 2097152 [pid 9302] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9301] exit_group(0) = ? [pid 9308] <... mmap resumed>) = 0x7f670b400000 [pid 9302] <... futex resumed>) = ? [pid 9306] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9305] munmap(0x7f670b400000, 138412032 [pid 5063] <... ioctl resumed>) = 0 [pid 9302] +++ exited with 0 +++ [pid 9301] +++ exited with 0 +++ [pid 9305] <... munmap resumed>) = 0 [pid 5063] close(3 [pid 9305] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9301, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 9305] <... openat resumed>) = 4 [pid 5065] umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555556907690) = 9309 [pid 5065] getdents64(3, ./strace-static-x86_64: Process 9309 attached 0x555556908730 /* 4 entries */, 32768) = 112 [pid 9309] set_robust_list(0x5555569076a0, 24 [pid 5065] umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9309] <... set_robust_list resumed>) = 0 [pid 9305] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9309] chdir("./426") = 0 [pid 9309] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9305] <... ioctl resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./421/binderfs", [pid 9309] <... prctl resumed>) = 0 [pid 9305] close(3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9309] setpgid(0, 0 [pid 9305] <... close resumed>) = 0 [pid 5065] unlink("./421/binderfs" [pid 9309] <... setpgid resumed>) = 0 [pid 9305] close(4 [pid 5065] <... unlink resumed>) = 0 [pid 9309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 9309] <... openat resumed>) = 3 [pid 9309] write(3, "1000", 4) = 4 [pid 9309] close(3) = 0 [pid 9309] symlink("/dev/binderfs", "./binderfs" [pid 9305] <... close resumed>) = 0 [pid 5065] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9305] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9308] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9309] <... symlink resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./421/file0", [pid 9305] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9309] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 9305] mount("/dev/loop0", "./file0", "ntfs3", 0, "" [pid 5065] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9309] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 9309] rt_sigaction(SIGRT_1, {sa_handler=0x7f671391bea0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f671390d050}, NULL, 8) = 0 [pid 9309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 9306] <... write resumed>) = 2097152 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 9306] munmap(0x7f670b400000, 138412032 [pid 5065] getdents64(4, 0x555556910770 /* 2 entries */, 32768) = 48 [ 339.240519][ T9305] loop0: detected capacity change from 0 to 4096 [pid 9309] <... mmap resumed>) = 0x7f6713892000 [pid 9306] <... munmap resumed>) = 0 [pid 5065] getdents64(4, [pid 9309] mprotect(0x7f6713893000, 131072, PROT_READ|PROT_WRITE [pid 9306] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... getdents64 resumed>0x555556910770 /* 0 entries */, 32768) = 0 [pid 9309] <... mprotect resumed>) = 0 [pid 9306] <... openat resumed>) = 4 [pid 5065] close(4) = 0 [pid 9309] rt_sigprocmask(SIG_BLOCK, ~[], [pid 9306] ioctl(4, LOOP_SET_FD, 3 [pid 5065] rmdir("./421/file0" [pid 9309] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 9309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f67138b2990, parent_tid=0x7f67138b2990, exit_signal=0, stack=0x7f6713892000, stack_size=0x20300, tls=0x7f67138b26c0} [pid 5065] <... getdents64 resumed>0x555556908730 /* 0 entries */, 32768) = 0 [pid 5065] close(3./strace-static-x86_64: Process 9310 attached [pid 9309] <... clone3 resumed> => {parent_tid=[9310]}, 88) = 9310 [pid 9308] <... write resumed>) = 2097152 [pid 9306] <... ioctl resumed>) = 0 [ 339.310856][ T9306] loop4: detected capacity change from 0 to 4096 [ 339.326440][ C1] ================================================================== [ 339.334555][ C1] BUG: KASAN: out-of-bounds in end_buffer_read_sync+0xc1/0xd0 [ 339.342168][ C1] Write of size 4 at addr ffffc9000eb1f6c0 by task ksoftirqd/1/22 [ 339.350007][ C1] [pid 5065] <... close resumed>) = 0 [ 339.352353][ C1] CPU: 1 PID: 22 Comm: ksoftirqd/1 Not tainted 6.8.0-rc6-syzkaller-00194-g17ba56605bfd #0 [ 339.362272][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 339.364885][ T9308] loop2: detected capacity change from 0 to 4096 [ 339.372332][ C1] Call Trace: [ 339.372343][ C1] [ 339.372351][ C1] dump_stack_lvl+0x1e7/0x2e0 [ 339.389684][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 339.394922][ C1] ? __pfx__printk+0x10/0x10 [ 339.399705][ C1] ? _printk+0xd5/0x120 [ 339.404009][ C1] print_report+0x167/0x540 [ 339.408578][ C1] ? __virt_addr_valid+0xbd/0x520 [ 339.413688][ C1] ? end_buffer_read_sync+0xc1/0xd0 [ 339.418936][ C1] kasan_report+0x142/0x180 [ 339.423498][ C1] ? end_buffer_read_sync+0xc1/0xd0 [ 339.428827][ C1] kasan_check_range+0x282/0x290 [ 339.433885][ C1] ? __pfx_end_buffer_read_sync+0x10/0x10 [ 339.439736][ C1] end_buffer_read_sync+0xc1/0xd0 [ 339.444813][ C1] end_bio_bh_io_sync+0xbf/0x120 [ 339.449796][ C1] blk_update_request+0x55d/0x1050 [ 339.455015][ C1] blk_mq_end_request+0x3e/0x70 [ 339.459904][ C1] blk_done_softirq+0x100/0x150 [ 339.464793][ C1] __do_softirq+0x2bb/0x942 [ 339.469451][ C1] ? run_ksoftirqd+0xc5/0x130 [ 339.474171][ C1] ? __pfx___do_softirq+0x10/0x10 [ 339.479252][ C1] run_ksoftirqd+0xc5/0x130 [ 339.483809][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 339.488963][ C1] ? __pfx_ksoftirqd_should_run+0x10/0x10 [ 339.494733][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 339.499879][ C1] smpboot_thread_fn+0x543/0xa30 [ 339.504886][ C1] ? smpboot_thread_fn+0x4e/0xa30 [ 339.510217][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 339.515863][ C1] kthread+0x2ef/0x390 [ 339.519963][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 339.525475][ C1] ? __pfx_kthread+0x10/0x10 [ 339.530103][ C1] ret_from_fork+0x4b/0x80 [ 339.534688][ C1] ? __pfx_kthread+0x10/0x10 [ 339.539328][ C1] ret_from_fork_asm+0x1b/0x30 [ 339.544171][ C1] [ 339.547212][ C1] [ 339.549556][ C1] The buggy address belongs to the virtual mapping at [pid 9310] rseq(0x7f67138b2fe0, 0x20, 0, 0x53053053 [pid 9309] rt_sigprocmask(SIG_SETMASK, [], [pid 9308] munmap(0x7f670b400000, 138412032 [pid 9306] close(3 [pid 5065] rmdir("./421" [pid 9310] <... rseq resumed>) = 0 [pid 9309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9308] <... munmap resumed>) = 0 [pid 9306] <... close resumed>) = 0 [pid 9310] set_robust_list(0x7f67138b29a0, 24 [pid 9309] futex(0x7f671399d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9306] close(4 [pid 9310] <... set_robust_list resumed>) = 0 [pid 9309] <... futex resumed>) = 0 [pid 9310] rt_sigprocmask(SIG_SETMASK, [], [pid 9309] futex(0x7f671399d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9306] <... close resumed>) = 0 [pid 9310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9310] memfd_create("syzkaller", 0 [pid 9306] mkdir("./file0", 0777) = 0 [pid 9306] mount("/dev/loop4", "./file0", "ntfs3", 0, "" [pid 9308] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9310] <... memfd_create resumed>) = 3 [pid 9310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f670b400000 [pid 9308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9310] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x08\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\x01\x00\x00\x00\x51\x49\x92\x54\x8e\xa5\x9a\x39\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 9308] close(3) = 0 [pid 9308] close(4) = 0 [pid 9308] mkdir("./file0", 0777) = 0 [pid 9308] mount("/dev/loop2", "./file0", "ntfs3", 0, "" [pid 9305] <... mount resumed>) = 0 [pid 9305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9305] chdir("./file0") = 0 [pid 9305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 9305] futex(0x7f671399d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9303] <... futex resumed>) = 0 [pid 9310] <... write resumed>) = 2097152 [pid 9305] futex(0x7f671399d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9303] exit_group(0 [pid 9305] <... futex resumed>) = ? [pid 9303] <... exit_group resumed>) = ? [pid 9305] +++ exited with 0 +++ [pid 9303] +++ exited with 0 +++ [pid 5062] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9303, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5062] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5062] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5062] getdents64(3, 0x555556908730 /* 4 entries */, 32768) = 112 [pid 5062] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5062] newfstatat(AT_FDCWD, "./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5062] unlink("./418/binderfs") = 0 [pid 5062] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 339.549556][ C1] [ffffc9000eb18000, ffffc9000eb21000) created by: [ 339.549556][ C1] copy_process+0x5d5/0x3fc0 [ 339.567213][ C1] [ 339.569568][ C1] The buggy address belongs to the physical page: [ 339.576003][ C1] page:ffffea0000b189c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c627 [ 339.586175][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 339.593329][ C1] page_type: 0xffffffff() [ 339.597686][ C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [pid 9310] munmap(0x7f670b400000, 138412032) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./422", 0777) = 0 [pid 9310] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9310] ioctl(4, LOOP_SET_FD, 3 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9310] <... ioctl resumed>) = 0 [pid 9310] close(3) = 0 [ 339.606309][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 339.614921][ C1] page dumped because: kasan: bad access detected [ 339.615612][ T9310] loop1: detected capacity change from 0 to 4096 [ 339.621429][ C1] page_owner tracks the page as allocated [ 339.621437][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 9293, tgid 9293 (syz-executor119), ts 338409920665, free_ts 335752328683 [ 339.621475][ C1] post_alloc_hook+0x1ea/0x210 [pid 9310] close(4) = 0 [pid 9310] mkdir("./file0", 0777) = 0 [ 339.621528][ C1] get_page_from_freelist+0x33ea/0x3580 [ 339.621557][ C1] __alloc_pages+0x255/0x680 [ 339.670672][ C1] alloc_pages_mpol+0x3de/0x650 [ 339.675577][ C1] __vmalloc_node_range+0x9a3/0x14a0 [ 339.680904][ C1] dup_task_struct+0x3e9/0x7d0 [ 339.685709][ C1] copy_process+0x5d5/0x3fc0 [ 339.690427][ C1] kernel_clone+0x222/0x840 [ 339.694973][ C1] __se_sys_clone3+0x2cb/0x350 [ 339.699774][ C1] do_syscall_64+0xf9/0x240 [ 339.704315][ C1] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 339.710348][ C1] page last free pid 5078 tgid 5078 stack trace: [ 339.716705][ C1] free_unref_page_prepare+0x95d/0xa80 [ 339.722205][ C1] free_unref_page_list+0x5a3/0x850 [ 339.727445][ C1] release_pages+0x2117/0x2400 [ 339.732336][ C1] __folio_batch_release+0x84/0x100 [ 339.737622][ C1] truncate_inode_pages_range+0x457/0xf70 [ 339.743365][ C1] blkdev_flush_mapping+0x156/0x2b0 [ 339.748575][ C1] bdev_release+0x5cb/0x910 [ 339.753091][ C1] blkdev_release+0x3b/0x50 [ 339.757622][ C1] __fput+0x429/0x8a0 [ 339.761660][ C1] __x64_sys_close+0x7e/0x110 [ 339.766360][ C1] do_syscall_64+0xf9/0x240 [ 339.770962][ C1] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 339.776976][ C1] [ 339.779296][ C1] Memory state around the buggy address: [ 339.784969][ C1] ffffc9000eb1f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.793028][ C1] ffffc9000eb1f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.801185][ C1] >ffffc9000eb1f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.809237][ C1] ^ [ 339.815648][ C1] ffffc9000eb1f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.823725][ C1] ffffc9000eb1f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 339.831789][ C1] ================================================================== [ 339.839930][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 339.847164][ C1] CPU: 1 PID: 22 Comm: ksoftirqd/1 Not tainted 6.8.0-rc6-syzkaller-00194-g17ba56605bfd #0 [ 339.857154][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 339.867214][ C1] Call Trace: [ 339.870502][ C1] [ 339.873435][ C1] dump_stack_lvl+0x1e7/0x2e0 [ 339.878115][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 339.883316][ C1] ? __pfx__printk+0x10/0x10 [ 339.888093][ C1] ? vscnprintf+0x5d/0x90 [ 339.892495][ C1] panic+0x349/0x860 [ 339.896429][ C1] ? check_panic_on_warn+0x21/0xb0 [ 339.901564][ C1] ? __pfx_panic+0x10/0x10 [ 339.905997][ C1] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 339.911925][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 339.917842][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 339.924181][ C1] ? print_report+0x4ff/0x540 [ 339.928864][ C1] check_panic_on_warn+0x86/0xb0 [ 339.933802][ C1] ? end_buffer_read_sync+0xc1/0xd0 [ 339.939011][ C1] end_report+0x6e/0x140 [ 339.943264][ C1] kasan_report+0x153/0x180 [ 339.947777][ C1] ? end_buffer_read_sync+0xc1/0xd0 [ 339.953024][ C1] kasan_check_range+0x282/0x290 [ 339.957966][ C1] ? __pfx_end_buffer_read_sync+0x10/0x10 [ 339.963701][ C1] end_buffer_read_sync+0xc1/0xd0 [ 339.968751][ C1] end_bio_bh_io_sync+0xbf/0x120 [ 339.973687][ C1] blk_update_request+0x55d/0x1050 [ 339.978803][ C1] blk_mq_end_request+0x3e/0x70 [ 339.983651][ C1] blk_done_softirq+0x100/0x150 [ 339.988855][ C1] __do_softirq+0x2bb/0x942 [ 339.993389][ C1] ? run_ksoftirqd+0xc5/0x130 [ 339.998082][ C1] ? __pfx___do_softirq+0x10/0x10 [ 340.003137][ C1] run_ksoftirqd+0xc5/0x130 [ 340.007657][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 340.012794][ C1] ? __pfx_ksoftirqd_should_run+0x10/0x10 [ 340.018521][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 340.023640][ C1] smpboot_thread_fn+0x543/0xa30 [ 340.028594][ C1] ? smpboot_thread_fn+0x4e/0xa30 [ 340.033632][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 340.039140][ C1] kthread+0x2ef/0x390 [ 340.043232][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 340.048701][ C1] ? __pfx_kthread+0x10/0x10 [ 340.053309][ C1] ret_from_fork+0x4b/0x80 [ 340.057757][ C1] ? __pfx_kthread+0x10/0x10 [ 340.062357][ C1] ret_from_fork_asm+0x1b/0x30 [ 340.067154][ C1] [ 340.070289][ C1] Kernel Offset: disabled [ 340.074619][ C1] Rebooting in 86400 seconds..